Click to edit Master title style
• Click to edit Master text styles– Second level• Third level– Fourth level» Fifth level
June 10th, 2009 Event details (title, place)
Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts
Alexander Gostev
Director, Global Research and Analysis TeamKaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010
Click to edit Master title style
• Click to edit Master text styles– Second level• Third level– Fourth level» Fifth level
June 10th, 2009 Event details (title, place)
Cyberthreat Landscape in 2009
Click to edit Master title style
• Click to edit Master text styles– Second level• Third level– Fourth level» Fifth level
June 10th, 2009 Event details (title, place)
2009 – Main Trend
The number of new malware samples, detected year over year
Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010
Source: Kaspersky Lab
Relative stability replaces massive increases in the amount of new malware
Click to edit Master title style
• Click to edit Master text styles– Second level• Third level– Fourth level» Fifth level
June 10th, 2009 Event details (title, place)
2009 – Malware Numbers in Review
• 1992 – 2007 > detected about 2 mln unique malware programs
• But in 2008 alone – 15 mln
• In 2009 - about 33,9 mln unique malicious files in the Kaspersky Lab collection
• 2009: 15 mln new files again (same as 2008 – flat growth rate)
Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010
Click to edit Master title style
• Click to edit Master text styles– Second level• Third level– Fourth level» Fifth level
June 10th, 2009 Event details (title, place)
Reasons for the Stable Growth
• The pace of malware development slowed significantly
• Increased competition in the malware market • a big decline in gaming Trojans
• The successful work of:• law enforcement • regulatory structures • and the antivirus industry
Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010
Click to edit Master title style
• Click to edit Master text styles– Second level• Third level– Fourth level» Fifth level
June 10th, 2009 Event details (title, place)
Outcomes in 2009
Click to edit Master title style
• Click to edit Master text styles– Second level• Third level– Fourth level» Fifth level
June 10th, 2009 Event details (title, place)
Sophisticated Malware
An increase in sophisticated malicious programs
Sinowal
TDSS
Clampi
Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010
Click to edit Master title style
• Click to edit Master text styles– Second level• Third level– Fourth level» Fifth level
June 10th, 2009 Event details (title, place)
Global Outbreaks
The following malicious programs affected more than 1 million computers in 2009: • Kido (worm)• Sality (virus)• Brontok (worm)• Mabezat (worm)• Parite.b (virus)• Virut.ce (virus-bot)• Sohanad (worm)• TDSS.z (rootkit)
Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010
Click to edit Master title style
• Click to edit Master text styles– Second level• Third level– Fourth level» Fifth level
June 10th, 2009 Event details (title, place)
Kido - Conficker
• Kido epidemic – all of 2009• November 2009 – over 7 mln infected systems • Conficker Working Group - the first example of broad international cooperation
Source: www.shadowserver.org
Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010
Gumblar – a Self-Spreading Website Botnet
• Significant outbreak - hit tens of thousands of web resources • Came in waves
Gumblar tiers
Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010
Click to edit Master title style
• Click to edit Master text styles– Second level• Third level– Fourth level» Fifth level
June 10th, 2009 Event details (title, place)
Evolution:
1.Visitors to legal websites re-directed to infected illegal malicious servers.
2.Users re-directed from legal websites to infected, but legal websites.
Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010
Gumblar – a fully automated system
Click to edit Master title style
• Click to edit Master text styles– Second level• Third level– Fourth level» Fifth level
June 10th, 2009 Event details (title, place)
Internet based fraud - SMS
• Websites offering services:
• Locate people via GSM• Read private messages in social networks• Collect data, and more
• SMS can cost up to $10
Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010
Click to edit Master title style
• Click to edit Master text styles– Second level• Third level– Fourth level» Fifth level
June 10th, 2009 Event details (title, place)
Internet Based Fraud – Fake AV
Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010
• Fake AV boom – spread via:• Internet ads• Malware such as Kido
• Fake AV revenues in 2009 - 150 mln. USD*
*Source: Internet Crime Complaint Center
Click to edit Master title style
• Click to edit Master text styles– Second level• Third level– Fourth level» Fifth level
June 10th, 2009 Event details (title, place)
Alternative Platforms – Mac OS
• The first Trojan - OSX.RSPlug.A (Trojan-Downloader.OSX. Jahlav)• The first rogue AV solution - Imunizator
Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010
Alternative Platforms - Mobile
• First malicious programs for iPhone
(Ike worms)
• First piece of spyware for Android (Mobile spy)
• First crypto-signed malware for Symbian
2008 2009
30 new families 39 new families
143 new variants 257 new variants
Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010
Click to edit Master title style
• Click to edit Master text styles– Second level• Third level– Fourth level» Fifth level
June 10th, 2009 Event details (title, place)
Alternative Platforms – ATMs
• The first Backdoor for ATM – Backdoor.Win32.Skimer• Stole money • Stole credit card data
Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010
Click to edit Master title style
• Click to edit Master text styles– Second level• Third level– Fourth level» Fifth level
June 10th, 2009 Event details (title, place)
Forecasts for 2010
Click to edit Master title style
• Click to edit Master text styles– Second level• Third level– Fourth level» Fifth level
June 10th, 2009 Event details (title, place)
Change in Attack Vector
• Attacks via email;
• Internet/network attacks;
• Attacks via websites (including social networks)
2010 - a significant increase of attacks via file-sharing networks - P2P and torrents
Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010
Click to edit Master title style
• Click to edit Master text styles– Second level• Third level– Fourth level» Fifth level
June 10th, 2009 Event details (title, place)
Growing complexity
• Malware will become much more sophisticated
• IT security companies develop even more complex protection tools
• Immune malware
Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010
Click to edit Master title style
• Click to edit Master text styles– Second level• Third level– Fourth level» Fifth level
June 10th, 2009 Event details (title, place)
Attacks on Google Wave
Usual pattern
Sending spam
Phishing attacks
Exploiting vulnerabilitiesand
Spreading malware
Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010
Click to edit Master title style
• Click to edit Master text styles– Second level• Third level– Fourth level» Fifth level
June 10th, 2009 Event details (title, place)
Alternative Platforms - Mobile
• Rise in mobile threats for iPhone and Android
• Android - no effective checks in place to ensure third-party software applications are secure
Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010
Click to edit Master title style
• Click to edit Master text styles– Second level• Third level– Fourth level» Fifth level
June 10th, 2009 Event details (title, place)
AV industry trends
In-the-Cloud Security
Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010
• Technological advance
• Protects users
BUT
• Potential IP abuse
• Will be attacked
International Collaboration
• AV + educators, law enforcement,
ISP & so on• AV vendors educate about security• AV vendors help solve cybercrime
Results:
• IT security awareness• Conficker Working Group
Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010
Summary: Forecasts for 2010
• Kido remaining an active global epidemic
• Significant increase of attacks through P2P networks
• Emergence of more "grey" schemes in the botnet services market
• Attacks via Google Wave
• Rise in mobile threats for iPhone and Android
• Kido remaining an active global epidemic
• Significant increase of attacks through P2P networks
• Emergence of more "grey" schemes in the botnet services market
• Attacks via Google Wave
• Rise in mobile threats for iPhone and Android
Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010
Click to edit Master title style
• Click to edit Master text styles– Second level• Third level– Fourth level» Fifth level
June 10th, 2009 Event details (title, place)
Director, Global Research and Analysis Team
Alexander Gostev
Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010
Thank you! Questions?