PAGE 1 |
Ram Herkanaidu
Education Manager
Kaspersky Lab
Cyber-[.......] Hype or Trend?The drivers behind malware development
Information Security Distance Learning Weekend Conference7th - 8th September 2013
1 72 3 4 5 6
Numbers
PAGE 3 |
Kaspersky LabEvolution of malware waves we have to deal with
PAGE 3 |
1994One new virus every hour
PAGE 4 |
Kaspersky LabEvolution of malware waves we have to deal with
PAGE 4 |
2006One new virus every minute
PAGE 5 |
Kaspersky LabEvolution of malware waves we have to deal with
PAGE 5 |
2011One new virus every second
Or 70.000 samples/day
PAGE 6 |
What about2013?
PAGE 7 |
What about2012?
Kaspersky Labis currently processing
200,000unique malware samples
EVERY DAY
PAGE 8 |
Vulnerabilities and exploits
50%
28%
3%
2%
2%
15%
Oracle JavaAdobe Acrobat ReaderWindows Componets and Internet ExplorerAndroidAdobe Flash PlayerOther
Source: Kaspersky Lab January 2013
Applications containing vulnerabilities targeted by web exploits in 2012
PAGE 9 |
Phishing – June 2013
PAGE 9 | Source: Kaspersky Lab June 2013
31%
16%
14%
13%
10%
8%
6%Social networking sites
Search engines
Financial & e-pay organisations and banks
Email and Instant Messaging
IT vendors
Telephone and Interntet service providers
Online stores and e-auctions
Online Games: 0.8%
Government organisations: 0.5%
Mass media: 0.3%
Other: 0.6%
PAGE 10 |
Mobile malwareSome statistics
PAGE 10 |
The growing use of the Internet to protest
Number of mobile malware families to-date: 679
Number of mobile malware modifications to-date: 107,068
Mobile malware found in July 2013: 4,181 new modifications
99.96 per cent of all mobile malware found in 2012 is targeting Android
The number of samples gathered in 2012 alone is more than six times higher than in the previous 7 years altogether
Source: Kaspersky Lab July 2013
PAGE 11 |
Mobile malwareDistribution of malware targeting Android OS detected on user devices by behaviour: Q3 2012
PAGE 11 |Source: Kaspersky Lab December 2012
56%
22%
5%
5%
4%3%
1% 1%1%1% 2%
Trojan-SMSTrojanRiskToolAdWareExploitHackToolTrojan-PSWTrojan-SpyMonitorBackdoorOther
PAGE 12 |
Malware victims
Source: Kaspersky Security Network: Web Anti-virus: Sept 2013
Top 20 countries with the greatest proportion of users attacked while surfing the web: H1 2013
Tajikistan
Azerbaijan
Armenia
Kazakhstan
Russia
Vietnam
Moldova
Belarus
Ukraine
Kyrgyzstan
Sri Lanka
Uzbekistan
Georgia
India
Greece
Austria
Tunisia
Germany
Italy
Algeria
0 10 20 30 40 50 60 70
PAGE 13 |
United StatesRussiaNetherlandsGermanyUkraineUnited KingdomFranceVietnamChinaRomaniaCanadaIrelandSwedenPortugal British Virgin IslandsTurkeyCzech RepublicLatviaLuxembourgIsrael
Top countries with harmful hostings
The top 20 countries within whose territories are located the malicious hosting services most actively used by cybercriminals:
H1 2013
Source: Kaspersky Security Network: Web Anti-virus: Sept 2013
1 72 3 4 5 6
Threats & Tactics
PAGE 15 |
Humans are vulnerable too
PAGE 16 |
Spear phishing
Or COO, CTO, CFO, etc.
PAGE 17 |
Types of attack
Cyber-weapons:‘Destroyers’Espionage programsCyber-sabotage tools
Targeted attacks
‘Traditional’ cybercrime
PAGE 18 |
Company perceptions & disclosure
0
10
20
30
Global IT Security Risks
Kaspersky Lab survey, June 2011
PAGE 19 |
Targeted attacks
Some of the victims:• Google• RSA• Lockheed Martin• HBGary• Sony• Comodo• DigiNotar• Saudi Aramco• LinkedIn• Adobe• Syrian Ministry of Foreign Affairs• New York Times
PAGE 20 |
Cyber espionageStealing commercial or military secrets
“There’s no such thing as ‘secure’ any more. The most sophisticated adversaries are going to go unnoticed on our networks. We have to build our systems on the assumption that adversaries will get in. We have to, again, assume that all the components of our system are not safe, and make sure we’re adjusting accordingly.”
Debora Plunkett, NSA DirectorQuoted in “NSA Switches to Assuming Security Has Always Been Compromised”
PAGE 21 |
Cyber attacks
“… cyber weapons are: a) effective; b) much cheaper than traditional weapons; c) difficult to detect; d) difficult to attribute to a particular attacker …; e) difficult to protect against …; f) can be replicated at no extra cost. What’s more, the seemingly harmless nature of these weapons means their owners have few qualms about unleashing them, with little thought for the consequences.
Eugene KasperskyJune 2012http://eugene.kaspersky.com/2012/06/14/the-flame-that-changed-the-world/
PAGE 22 |
Cyber activism
The growing use of the Internet to protest
1 72 3 4 5 6
Cyber weapons?
PAGE 24 |
201120122012
2010
Espionage. Sabotage. Cyberwar.
PAGE 25 |
Cyber weapons
PAGE 26 |
PAGE 27 |
1 72 3 4 5 6
Solutions
PAGE 29 |
Signatures
Heuristics
HIPS
Application control
Device control
Encryption
Whitelisting
Technical Solutions
PAGE 30 |
Risk assessment
Establish policies and procedures
Create outbreak
response plan
Deploy appropriate solutions
Define and update patch
policy
Develop staff education
Document the strategy
Non-Technical Solutions
PAGE 31 |
Future of cyber….
Profit is still main motivator. We’ll see• More targeted attacks
• More state backed malware• More cyber activism
Cyber defence • Intergovernmental / legal cooperation• Connected devices needing to be secured• Critical Infrastructure security