RUSSIAN IT SYNERGY CONFERENCE 2017

NITIN PANDEY

Здравствуйте

Chelyabinsk

Who Am I? I am Nitin Pandey

Я Нитин Пандей

• A Cyber Security Professional

• Chairman of National Information Security Council

• Chair Member of National Cyber Safety & Security Standards

• Founder of Hackers Day

• Lead Technical Member of Digital 4n6 Journal

• Former Head of DEF CON & OWASP Lucknow

• Listed in Hall of Fames such as Google, Microsoft, Dell, Intel etc.

CYBERTERRORISM MOST DANGEROUS EMERGING THREAT

КИБЕРТЕРРОРИЗМ САМАЯ ОПАСНАЯ ВОЗНИКАЮЩАЯ УГРОЗА

Disclaimer!

The Information in this presentation is

Researched by Speaker which is based

on facts and is true & complete to best

of Speaker’s knowledge.

Let’s Watch Something First !

Давайте сначала посмотрим что-то!

What is Terrorism?

что терроризм?

Bomb Blasts, Hijacking Airplanes, Killing Innocent People, and many others are phrases &

expressions associated with Terrorism. Nowadays, Terrorism has been attached to the

Cyberspace. The potential threat is, indeed, very alarming! Never before has anybody thought

that terrorism would have a Digital form.

Hijacking Airplanes 9/11 US attack, crashing of hijacked airplanes into World Trade Center & killing around 3000 people.

Bomb Blasts 12 March 1993, Mumbai, India Bomb Blasts, 15 bombings throughout city.

Killing Innocent People 1-3 Sep 2004, Beslan, Russia School Siege involve illegal imprisonment of over 1100 people as hostages, ended with death of 385+ people including 31 terrorists. 26 Nov 2008, Mumbai terrorist attack by Lashkar-E-Taiba, a Pakistan based terrorist organization.

CYBERTERRORISM

There is often a large amount of confusion as to what cyber

terrorism is. More specifically, what cyber attacks can we actually

define as acts of terrorism? The internet has allowed for a vast

exchange of information. Thus has created a cyber space in which

both criminals and terrorists can implement attacks/communications.

When we consider what cyber terrorism actually is, we must first

understand the intentions and motivations behind cyber

attacks.

мы должны сначала понять намерения и мотивы

кибератак.

CYBERTERRORISM

Cyber Terrorism is an international phenomenon which must be

combated by the international community. Some nations are working

against cyber-crimes but it is on a limited scale. For example, Israel

became first Cyber Secured Nation.

How?

Because Israel Government is serious about Cyber Security. Its

supporting both Private & Public sectors.

Israel offers Cyber Security training to their students as well as

corporate sector.

SAUDI ARABIA SUFFERED ONE OF WORLD’S BIGGEST CYBER ATTACK IN 2012

• The Shamoon virus operates like a time bomb. It was used in the huge

cyberattack in August 2012 on Saudi Aramco, the world's biggest oil company.

•Within a matter of hours, 35,000 computers were partially wiped or totally

destroyed in that attack. It forced one of the most valuable companies on

earth back into 1970s technology, using typewriters and faxes.

• Not just once but Shamoon came back again in November 2016 as Shamoon 2.

Impact was similar. Then 3rd wave of attack happened in January 2017 of

Shamoon 2 Virus.

Nowadays, terrorists usually use Telegram and Internet

Relay Chat (IRC) to communicate with other terrorists &

groups.

What will happen if someday these Terrorist Organizations get the

access of Nuclear weapons and other sensitive data of any nation ?

AL-QAEDA ISIS

Because it’s all about just

PRESSING A BUTTON !!

Потому что это все о просто

НАЖМИТЕ КНОПКУ !!

On one side

Russia has broken the backbone of ISIS in Syria

And What’s happening on another side?

Chinese Ideal

MASOOD AZHAR Founder and leader of the UN-designated terrorist group Jaish-e-Mohammed based in Pakistan

ARE WE REALLY SAFE ?

Мы действительно в безопасности?

BIGGEST GLOBAL CHALLENGE ?

самая большая глобальная задача ?

What is Ransomware?

что такое вымогателей?

It is a type of malicious software that threatens to publish the victim's

data or block access to it unless a ransom is paid. A more advanced

malware uses a technique called cryptoviral extortion, in which it

encrypts the victim's files, making them inaccessible, and demands a

ransom payment to decrypt them.

Expose Data Threatens to publish the Sensitive Data online.

Block Access to Data Prevents the user from accessing the Data Stored.

Demand Ransom Compels the user to pay ransom to retrieve the Data.

Mode of Infection How does your system get infected?

Ransomware kits on the deep web have

allowed cybercriminals even with no

technical background to purchase

inexpensive Ransomware programs and

launch attacks with very little effort.

Attackers may use one of several

different approaches to extort digital

currency from their victims.

Self Propagation 30%

Drive by downloads 55%

Spam Mail 10%

Drive by downloads Downloading content from unknown sources.

01 Self Propagation Spreading from one computer to the next.

02 Spam Mail Content access or download from spam mail.

03

Why do they target Businesses?

Почему они нацелены на предприятия?

Money Its all about

$ Higher Complexity Higher Vulnerability Computer systems in companies are often complex and prone to vulnerabilities

₹ No report and Fear Damage Businesses would rather not report an infection for fear or legal consequences and brand damage

Because that’s where the money is Careless on Security and Face the Facts!

High Chance Chances of getting paid is high

• Because a successful infection can

cause major business disruptions,

which will increase their chances of

getting paid.

• Because small businesses are often

unprepared to deal with cyber attacks.

₽

Cases of Ransomware Around the World

Случаи вымогателей Во всем мире

R

Ukrainian

Central Bank

WannaCry Ransomware

WHAT IS WANNACRY RANSOMWARE? ЧТО WANNACRY?

• A tool first uncovered by NSA (National Security Agency) and then released by

hackers on the internet became one of the most prolific cyber attacks ever

happened around the globe.

• WannaCry Ransomware Cryptoworm, which targeted systems by encrypting data

and demand ransom in the Bitcoin.

• More than 2.5 lac computers in 150+ countries have been affected, with victims

including hospitals, banks, telecommunications companies and warehouses

• A “Kill Switch" was found and could be used to shut down the software.

• Russia was the most affected Nation. More than 1000 computers at the Russian

Interior Ministry got affected by WannaCry. A telecom giant Megafon had also

been targeted in Russia.

KASPERSKY LAB Report

Not-Petya Ransomware

NOT-PETYA RANSOMWARE

• Many organizations in Europe and the US have been crippled by “Petya”

attack.

• It’s the second major global ransomware attack in the past six months.

• “Petya” checks for a read-only file and if it finds it, it won’t run the encryption.

• Majority of infections have occurred in Ukraine and Russia, but some big

names in the West have also suffered.

• The attack appears to have been seeded through a software update

mechanism built into an accounting program that companies working with the

Ukrainian government need to use.

Locky Ransomware

WHAT IS LOCKY RANSOMWARE?

• The Computer Emergency Response Team (CERT) has issued a warning

regarding the spread of Locky ransomware in India.

• Locky ransomware takes over a victim’s system and encrypts its files,

demanding a ransom to release the data.

• It is similar to the Petya and WannaCry Ransomwares.

• The encrypted files of a system infected with the ransomware displays file

extensions with “[.]lukitus” or “[.]diablo6”.

• The messages contain “zip” attachments with Visual Basic Scripts (VBS)

embedded in a secondary zip file.

• After encrypting the files, it demands a payment of 0.5 Bitcoins.

Bad Rabbit Ransomware

WHAT IS BAD RABBIT RANSOMWARE?

• Bad Rabbit encrypts the contents of a computer and asks for a payment - in this case

0.05 Bitcoins, or about $280.

• Bad Rabbit Ransomware Uses Leaked 'EternalRomance' NSA Exploit to Spread.

• According to Kaspersky Lab Report, most of the victims targeted by Bad Rabbit

attacks are located in Russia and fewer attacks in Ukraine, Turkey and Germany.

• Bad Rabbit Ransomware is also very similar to the Petya and WannaCry

Ransomwares.

• Bad Rabbit was reportedly distributed via drive-by download attacks via

compromised Russian media sites, using fake Adobe Flash players installer to lure

victims' into install malware unwittingly.

• After encrypting the files, it demands a payment of 0.5 Bitcoins to unlock the systems.

QUESTIONS RAISE!

1

If National Security Agency (NSA) is incapable to

secure its tools then why do they make such

dangerous tools which could make the whole world

in trouble. Their tools are getting leaked one by

one, still why they are incapable to secure them?

2

Having world’s official biggest Cyber Army,

why do China indirectly supporting terrorists &

terrorist nation such as Pakistan?

Let me show you a live demonstration of Bad

Rabbit Ransomware in Virtual Machine!

CONCLUSION!

ВЫВОД!

DEFENSE!

ЗАЩИТА!

мы любим Россию

Индия любит президента PUTIN

спасибо

RUSSIAN IT SYNERGY 2017

NITIN PANDEY