Date post: | 22-May-2020 |
Category: |
Technology |
Upload: | initinpandey |
View: | 6 times |
Download: | 1 times |
RUSSIAN IT SYNERGY CONFERENCE 2017
NITIN PANDEY
Здравствуйте
Chelyabinsk
Who Am I? I am Nitin Pandey
Я Нитин Пандей
• A Cyber Security Professional
• Chairman of National Information Security Council
• Chair Member of National Cyber Safety & Security Standards
• Founder of Hackers Day
• Lead Technical Member of Digital 4n6 Journal
• Former Head of DEF CON & OWASP Lucknow
• Listed in Hall of Fames such as Google, Microsoft, Dell, Intel etc.
CYBERTERRORISM MOST DANGEROUS EMERGING THREAT
КИБЕРТЕРРОРИЗМ САМАЯ ОПАСНАЯ ВОЗНИКАЮЩАЯ УГРОЗА
Disclaimer!
The Information in this presentation is
Researched by Speaker which is based
on facts and is true & complete to best
of Speaker’s knowledge.
Let’s Watch Something First !
Давайте сначала посмотрим что-то!
What is Terrorism?
что терроризм?
Bomb Blasts, Hijacking Airplanes, Killing Innocent People, and many others are phrases &
expressions associated with Terrorism. Nowadays, Terrorism has been attached to the
Cyberspace. The potential threat is, indeed, very alarming! Never before has anybody thought
that terrorism would have a Digital form.
Hijacking Airplanes 9/11 US attack, crashing of hijacked airplanes into World Trade Center & killing around 3000 people.
Bomb Blasts 12 March 1993, Mumbai, India Bomb Blasts, 15 bombings throughout city.
Killing Innocent People 1-3 Sep 2004, Beslan, Russia School Siege involve illegal imprisonment of over 1100 people as hostages, ended with death of 385+ people including 31 terrorists. 26 Nov 2008, Mumbai terrorist attack by Lashkar-E-Taiba, a Pakistan based terrorist organization.
CYBERTERRORISM
There is often a large amount of confusion as to what cyber
terrorism is. More specifically, what cyber attacks can we actually
define as acts of terrorism? The internet has allowed for a vast
exchange of information. Thus has created a cyber space in which
both criminals and terrorists can implement attacks/communications.
When we consider what cyber terrorism actually is, we must first
understand the intentions and motivations behind cyber
attacks.
мы должны сначала понять намерения и мотивы
кибератак.
CYBERTERRORISM
Cyber Terrorism is an international phenomenon which must be
combated by the international community. Some nations are working
against cyber-crimes but it is on a limited scale. For example, Israel
became first Cyber Secured Nation.
How?
Because Israel Government is serious about Cyber Security. Its
supporting both Private & Public sectors.
Israel offers Cyber Security training to their students as well as
corporate sector.
SAUDI ARABIA SUFFERED ONE OF WORLD’S BIGGEST CYBER ATTACK IN 2012
• The Shamoon virus operates like a time bomb. It was used in the huge
cyberattack in August 2012 on Saudi Aramco, the world's biggest oil company.
•Within a matter of hours, 35,000 computers were partially wiped or totally
destroyed in that attack. It forced one of the most valuable companies on
earth back into 1970s technology, using typewriters and faxes.
• Not just once but Shamoon came back again in November 2016 as Shamoon 2.
Impact was similar. Then 3rd wave of attack happened in January 2017 of
Shamoon 2 Virus.
Nowadays, terrorists usually use Telegram and Internet
Relay Chat (IRC) to communicate with other terrorists &
groups.
What will happen if someday these Terrorist Organizations get the
access of Nuclear weapons and other sensitive data of any nation ?
AL-QAEDA ISIS
Because it’s all about just
PRESSING A BUTTON !!
Потому что это все о просто
НАЖМИТЕ КНОПКУ !!
On one side
Russia has broken the backbone of ISIS in Syria
And What’s happening on another side?
Chinese Ideal
MASOOD AZHAR Founder and leader of the UN-designated terrorist group Jaish-e-Mohammed based in Pakistan
ARE WE REALLY SAFE ?
Мы действительно в безопасности?
BIGGEST GLOBAL CHALLENGE ?
самая большая глобальная задача ?
What is Ransomware?
что такое вымогателей?
It is a type of malicious software that threatens to publish the victim's
data or block access to it unless a ransom is paid. A more advanced
malware uses a technique called cryptoviral extortion, in which it
encrypts the victim's files, making them inaccessible, and demands a
ransom payment to decrypt them.
Expose Data Threatens to publish the Sensitive Data online.
Block Access to Data Prevents the user from accessing the Data Stored.
Demand Ransom Compels the user to pay ransom to retrieve the Data.
Mode of Infection How does your system get infected?
Ransomware kits on the deep web have
allowed cybercriminals even with no
technical background to purchase
inexpensive Ransomware programs and
launch attacks with very little effort.
Attackers may use one of several
different approaches to extort digital
currency from their victims.
Self Propagation 30%
Drive by downloads 55%
Spam Mail 10%
Drive by downloads Downloading content from unknown sources.
01 Self Propagation Spreading from one computer to the next.
02 Spam Mail Content access or download from spam mail.
03
Why do they target Businesses?
Почему они нацелены на предприятия?
Money Its all about
$ Higher Complexity Higher Vulnerability Computer systems in companies are often complex and prone to vulnerabilities
₹ No report and Fear Damage Businesses would rather not report an infection for fear or legal consequences and brand damage
Because that’s where the money is Careless on Security and Face the Facts!
High Chance Chances of getting paid is high
• Because a successful infection can
cause major business disruptions,
which will increase their chances of
getting paid.
• Because small businesses are often
unprepared to deal with cyber attacks.
₽
Cases of Ransomware Around the World
Случаи вымогателей Во всем мире
R
Ukrainian
Central Bank
WannaCry Ransomware
WHAT IS WANNACRY RANSOMWARE? ЧТО WANNACRY?
• A tool first uncovered by NSA (National Security Agency) and then released by
hackers on the internet became one of the most prolific cyber attacks ever
happened around the globe.
• WannaCry Ransomware Cryptoworm, which targeted systems by encrypting data
and demand ransom in the Bitcoin.
• More than 2.5 lac computers in 150+ countries have been affected, with victims
including hospitals, banks, telecommunications companies and warehouses
• A “Kill Switch" was found and could be used to shut down the software.
• Russia was the most affected Nation. More than 1000 computers at the Russian
Interior Ministry got affected by WannaCry. A telecom giant Megafon had also
been targeted in Russia.
KASPERSKY LAB Report
Not-Petya Ransomware
NOT-PETYA RANSOMWARE
• Many organizations in Europe and the US have been crippled by “Petya”
attack.
• It’s the second major global ransomware attack in the past six months.
• “Petya” checks for a read-only file and if it finds it, it won’t run the encryption.
• Majority of infections have occurred in Ukraine and Russia, but some big
names in the West have also suffered.
• The attack appears to have been seeded through a software update
mechanism built into an accounting program that companies working with the
Ukrainian government need to use.
Locky Ransomware
WHAT IS LOCKY RANSOMWARE?
• The Computer Emergency Response Team (CERT) has issued a warning
regarding the spread of Locky ransomware in India.
• Locky ransomware takes over a victim’s system and encrypts its files,
demanding a ransom to release the data.
• It is similar to the Petya and WannaCry Ransomwares.
• The encrypted files of a system infected with the ransomware displays file
extensions with “[.]lukitus” or “[.]diablo6”.
• The messages contain “zip” attachments with Visual Basic Scripts (VBS)
embedded in a secondary zip file.
• After encrypting the files, it demands a payment of 0.5 Bitcoins.
Bad Rabbit Ransomware
WHAT IS BAD RABBIT RANSOMWARE?
• Bad Rabbit encrypts the contents of a computer and asks for a payment - in this case
0.05 Bitcoins, or about $280.
• Bad Rabbit Ransomware Uses Leaked 'EternalRomance' NSA Exploit to Spread.
• According to Kaspersky Lab Report, most of the victims targeted by Bad Rabbit
attacks are located in Russia and fewer attacks in Ukraine, Turkey and Germany.
• Bad Rabbit Ransomware is also very similar to the Petya and WannaCry
Ransomwares.
• Bad Rabbit was reportedly distributed via drive-by download attacks via
compromised Russian media sites, using fake Adobe Flash players installer to lure
victims' into install malware unwittingly.
• After encrypting the files, it demands a payment of 0.5 Bitcoins to unlock the systems.
QUESTIONS RAISE!
1
If National Security Agency (NSA) is incapable to
secure its tools then why do they make such
dangerous tools which could make the whole world
in trouble. Their tools are getting leaked one by
one, still why they are incapable to secure them?
2
Having world’s official biggest Cyber Army,
why do China indirectly supporting terrorists &
terrorist nation such as Pakistan?
Let me show you a live demonstration of Bad
Rabbit Ransomware in Virtual Machine!
CONCLUSION!
ВЫВОД!
DEFENSE!
ЗАЩИТА!
мы любим Россию
Индия любит президента PUTIN
спасибо
RUSSIAN IT SYNERGY 2017
NITIN PANDEY