Jon Miller

Operation Cleaver – A precursor to control system attacks

2 | © 2015 Cylance, Inc.

Agenda

Introduction What is Cylance What is the Problem Operation Cleaver Vulnerabilities Augmenting

3 | © 2015 Cylance, Inc.

Introduction

Jon Miller | Vice President of Strategy

Internet Security Systems (5 years)

X-Force Penetration Testing

Special Advisor to CTO

Accuvant Labs (7 years)

Penetration Testing

Reverse Engineering

Weaponized 0day Sales

Cylance

(2 Years)

Internal Security

Product Testing/Efficacy

SPEAR Research Team

Customer Advocacy

4 | © 2015 Cylance, Inc.

Introduction

Stuart McClure | CEO / President & Founder

Leader of Cylance

as CEO & Visionary

Hacking Exposed

Lead Author

Creator

Most Successful Security

Book of All Time

Foundstone

WW-CTO McAfee

5 | © 2015 Cylance, Inc.

Introduction

Ryan Permeh | Co-Founder & Chief Scientist

THE brain behind the

mathematical architecture

and new approach

to security.

Eeye Retina

Securells

Code Red

McAfee Chief Scientist

6 | © 2015 Cylance, Inc.

What is the Problem? The Rise of Targeted Attacks

Source: CyberFactors, a subsidiary of CyberRisk Partners and CloudInsure.com

http://www.heritage.org/research/reports/2014/10/cyber-attacks-on-us-companies-in-2014

0

50

100

150

200

250

300

350

Q2'07

Q3'07

Q4'07

Q1'08

Q2'08

Q3'08

Q4'08

Q1'09

Q2'09

Q3'09

Q4'09

Q1'10

Q2'10

Q3'10

Q4'10

Q1'11

Q2'11

Q3'11

Q4'11

Q1'12

Q2'12

Q3'12

Q4'12

Q1'13

Q2'13

Q3'13

Q4'13

Q1'14

Q2'14

Q3'14

Q4'14

Targeted Attacks

Broad Attacks

7 | © 2015 Cylance, Inc.

Intelligence Intellectual

Property Theft

Espionage Financial Gain Identity Theft

What is the Problem? Adversaries

Traditional Adversaries

Nation State Organized Crime

8 | © 2015 Cylance, Inc.

What is the Problem? Adversaries

Iran North Korea Syria

Next Generation Adversaries

Rogue Nation States Individual & Terrorist Actors

ISIS Anonymous Etc

9 | © 2015 Cylance, Inc.

Timeline

10 | © 2015 Cylance, Inc.

11 | © 2015 Cylance, Inc.

12 | © 2015 Cylance, Inc.

Operation Cleaver Prevention is Everything

18-24 Month Long

Iranian Offensive

Solely Targeted at Global Critical

Infrastructure Companies

Zh0up!n

Exploit Team

Phish Based Malware Delivery

MS08-067 Pivoting

Public Tools

(psexec, mimikatz, cain + abel, etc)

SQL Injection

ASP Backdoors

Cred Harvesting

Evolved into Using

Their Own Zeus Variant

(tiny_zbot)

13 | © 2015 Cylance, Inc.

14 | © 2015 Cylance, Inc.

Operation Cleaver 16 Countries Targeted

Canada Energy & Utilities

Oil & Gas

Hospitals

China Aerospace

England Education

France Oil & Gas

Germany Telecommunications

India Education

Israel Aerospace

Education

Kuwait Oil & Gas

Telecommunications

Mexico Oil & Gas

Pakistan Airports

Hospitals

Technology

Airlines

Saudi Arabia Oil & Gas

Airports

South Korea Airports

Airlines

Education

Technology

Heavy Manufacturing

Turkey Oil & Gas

United Arab Emirates Government

Airlines

United States Airlines

Education

Chemicals

Transportation

Energy & Utilities

Military / Government

Defense Industrial base

15 | © 2015 Cylance, Inc.

Operation Cleaver Critical Industries Targeted

Level of Critical Impact

Level of A

ccess

High

Medium

Low

16 | © 2015 Cylance, Inc.

Questions?