Click to edit Master title style

Click to edit Master title style

• Click to edit Master text styles– Second level• Third level– Fourth level» Fifth level

June 10th, 2009 Event details (title, place)

Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts

Alexander Gostev

Director, Global Research and Analysis TeamKaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010




Cyberthreat Landscape in 2009




2009 – Main Trend

The number of new malware samples, detected year over year

Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010

Source: Kaspersky Lab

Relative stability replaces massive increases in the amount of new malware




2009 – Malware Numbers in Review

• 1992 – 2007 > detected about 2 mln unique malware programs

• But in 2008 alone – 15 mln

• In 2009 - about 33,9 mln unique malicious files in the Kaspersky Lab collection

• 2009: 15 mln new files again (same as 2008 – flat growth rate)





Reasons for the Stable Growth

• The pace of malware development slowed significantly

• Increased competition in the malware market • a big decline in gaming Trojans

• The successful work of:• law enforcement • regulatory structures • and the antivirus industry





Outcomes in 2009




Sophisticated Malware

An increase in sophisticated malicious programs

Sinowal

TDSS

Clampi





Global Outbreaks

The following malicious programs affected more than 1 million computers in 2009: • Kido (worm)• Sality (virus)• Brontok (worm)• Mabezat (worm)• Parite.b (virus)• Virut.ce (virus-bot)• Sohanad (worm)• TDSS.z (rootkit)





Kido - Conficker

• Kido epidemic – all of 2009• November 2009 – over 7 mln infected systems • Conficker Working Group - the first example of broad international cooperation

Source: www.shadowserver.org


Gumblar – a Self-Spreading Website Botnet

• Significant outbreak - hit tens of thousands of web resources • Came in waves

Gumblar tiers





Evolution:

1.Visitors to legal websites re-directed to infected illegal malicious servers.

2.Users re-directed from legal websites to infected, but legal websites.


Gumblar – a fully automated system




Internet based fraud - SMS

• Websites offering services:

• Locate people via GSM• Read private messages in social networks• Collect data, and more

• SMS can cost up to $10





Internet Based Fraud – Fake AV


• Fake AV boom – spread via:• Internet ads• Malware such as Kido

• Fake AV revenues in 2009 - 150 mln. USD*

*Source: Internet Crime Complaint Center




Alternative Platforms – Mac OS

• The first Trojan - OSX.RSPlug.A (Trojan-Downloader.OSX. Jahlav)• The first rogue AV solution - Imunizator


Alternative Platforms - Mobile

• First malicious programs for iPhone

(Ike worms)

• First piece of spyware for Android (Mobile spy)

• First crypto-signed malware for Symbian

2008 2009

30 new families 39 new families

143 new variants 257 new variants





Alternative Platforms – ATMs

• The first Backdoor for ATM – Backdoor.Win32.Skimer• Stole money • Stole credit card data





Forecasts for 2010




Change in Attack Vector

• Attacks via email;

• Internet/network attacks;

• Attacks via websites (including social networks)

2010 - a significant increase of attacks via file-sharing networks - P2P and torrents





Growing complexity

• Malware will become much more sophisticated

• IT security companies develop even more complex protection tools

• Immune malware





Attacks on Google Wave

Usual pattern

Sending spam

Phishing attacks

Exploiting vulnerabilitiesand

Spreading malware





Alternative Platforms - Mobile

• Rise in mobile threats for iPhone and Android

• Android - no effective checks in place to ensure third-party software applications are secure





AV industry trends

In-the-Cloud Security


• Technological advance

• Protects users

BUT

• Potential IP abuse

• Will be attacked

International Collaboration

• AV + educators, law enforcement,

ISP & so on• AV vendors educate about security• AV vendors help solve cybercrime

Results:

• IT security awareness• Conficker Working Group


Summary: Forecasts for 2010

• Kido remaining an active global epidemic

• Significant increase of attacks through P2P networks

• Emergence of more "grey" schemes in the botnet services market

• Attacks via Google Wave


• Kido remaining an active global epidemic

• Significant increase of attacks through P2P networks

• Emergence of more "grey" schemes in the botnet services market

• Attacks via Google Wave






Director, Global Research and Analysis Team

Alexander Gostev


Thank you! Questions?

Date post:	14-May-2015
Category:	Documents
Upload:	peterbuck
View:	641 times
Download:	0 times

Click to edit Master title style

Documents