Cyberthreat Landscape 2010-2011Cyberthreat Landscape 2010-2011
Outcomes, Trends and ForecastsOutcomes, Trends and Forecasts
Cyberthreat LandscapeCyberthreat LandscapeVisualize 2010 Trends, Review What is Behind Us, and Look ForwardVisualize 2010 Trends, Review What is Behind Us, and Look Forward
2010 by the Numbers
Outcomes for 2010
Forecasts 2011
2010 by the NumbersOverall Attacks Increase
| 11 February 2011PAGE 3 | Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
134,814,015
30,075,005
1,906,039,380
+1400%
Source: Kaspersky Lab
2010 by the NumbersWeb Attacks Increase
| 11 February 2011PAGE 4 | Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
+ 800%
Source: Kaspersky Lab
2010 by the NumbersStrength in the Cloud and Heuristics
| 11 February 2011PAGE 5 | Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
75%
95%
Source: Kaspersky Lab
2010 by the Numbers2010 Kaspersky Security Network
| 11 February 2011PAGE 6 | Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
Kaspersky Security Network (KSN)
Cloud Based Services
Malware, Spam Detection
Voluntary Data Collection
KSN 2010 Malware Statistics
Overall Detections
Web Attacks, Sources
2010 by the Numbers
| 11 February 2011PAGE 7 | Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
Where Is the Malware?
Source: Kaspersky Lab
Cyberthreat LandscapeCyberthreat Landscape2010 Outcomes2010 Outcomes
Exploitation 2010 – A Year of Vulnerability
Targeted Attacks
The New Stuxnet Era
Digital Certificates and (dis)Trust
Mobile Malware
The Calm Before the Storm
2009 Predictions for 2010 - Outcomes
Attack Techniques, Sources and Monetization
• Spread Techniques
• Automated Exploitation Systems, Ready-Made Exploit Packs
• Monetization
2010 OutcomesWeb Attacks Increase – What and How?
| 11 February 2011PAGE 9 | Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
PAGE 10 |
2010 OutcomesExploitation 2010 - A Year of Microsoft Vulnerabilities
| 11 February 2011Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
Malcrafted HCP Url
IE6 Aurora Disclosure IE Peers 0day
4 0day Stuxnet Itw
IE Use-after-free 0day
Source: Microsoft Security Bulletins
PAGE 11 |
2010 OutcomesExploitation 2010 - A Year of Adobe Reader Vulnerabilities
| 11 February 2011Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
Targeted emails – libTIFF attacks
PEK delivers libTIFF with ROP
Cooltype.dll SING TTFtargeted emails
Source: Microsoft Security Bulletins
PAGE 12 |
2010 OutcomesExploitation 2010 - A Year of Oracle-Sun Java Vulnerabilities
| 11 February 2011Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
Java RMIConnectionImplITW
Java Trusted Method Chain ITW
Source: Microsoft Security Bulletins
PAGE 13 |
2010 OutcomesExploitation 2010 - A Year of Vulnerabilities
| 11 February 2011Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
#1. Internet Explorer
#2. Adobe Reader
#3. Oracle Sun Java
Source: Kaspersky Lab
2010 OutcomesAttacking Commerce and Industry
Operation Aurora
• Commercial Targets
– 30+ Multinational Corporations (non-governmental entities)
» Google, Yahoo, Symantec, Adobe, Northrop Grumman, Dow Chemical, etc
– Determined Coordination – Holiday Timing
– Access and Obtain Source Code on Misconfigured/Insecure Perforce Servers - Authentication Systems, Sensitive Communications
Stuxnet
• Development and Deployment Sophistication• Unmatched Precision Targeting PLC’s
– First public industrial cyber-sabotage incident
| 11 February 2011PAGE 14 |Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
Calm Before the Storm 2010Cloud Computing Quietly Attracts Cyberattacks
The Low Rumble of Cloud Computing
• Legitimate adoption
• Crooked adoption
| 11 February 2011PAGE 15 |Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
Calm Before the Storm 2010Cloud Computing Quietly Attracts Cyberattacks
2010 Anti-Cloud Activity
• Attacking legitimate cloud services
• Attacking cloud related client components
| 11 February 2011PAGE 16 |Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
2010 OutcomesDigital (mis)Trust
Shaky Foundation of Trust
• Successful Cybercriminal Access and Use
• Potential Certificate “Authority” Subversion
• Key Theft
– Stuxnet
– Zeus, SpyEye
• Certificate Cutting
| 11 February 2011PAGE 17 |Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
2010 OutcomesMobile Malware – Android and iPhone
Android Popularity Skyrockets
• New Exploits - Kernel Problems and Coverity’s 88 Highly Critical Vulnerabilities• Exploit and Shellcode Development – Defcon 18 Demo• SMS Trojans and Spyware
Android Sideloading and iPhone jail-breaking
iPwned and Market
• Both Closed and Open Models at Risk
| 11 February 2011PAGE 18 |Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
2010 Outcomes Sensitive Data Accessible and Exposed
Network Concerns, Plain Text and Incidents
• BGP Tables and Plain Text Transmissions• Firesheep Firefox Session Hijack Plug-in
Data Leaks and Breaches
• Wikileaks Data Leaks• Numerous Breaches
– Physical Losses
– Hacked Servers/Malware
– Social Engineering
| 11 February 2011PAGE 19 |Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
2010 Outcomes2010 Prediction Results from 2009
An increase in the number of attacks via P2P networks
Correct!
Competition for traffic
Correct!
Malware epidemics and increasing complexity of malicious programs
Correct!
Decreasing global numbers of Rogue AV
Correct!(?)
Attacks on and via Google Wave
Incorrect!
Attacks on iPhone and Android devices
Partially Correct!
| 11 February 2011PAGE 20 |Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
Cyberthreat LandscapeCyberthreat Landscape2011 Forecasts2011 Forecasts
Steal Everything
Four phenomena to watch in 2011
Methods
• Client side exploits• Mobile platforms, especially Android• Social networks
New Organizers
• New Markets and Buyers• Unlikely immediate impact on average user
Spyware 2.0 and New Aims
• Steal Everything• Acquisition of someone or something’s complete profile and behavior• Similarity to social networks and advertisers collection
| 11 February 2011PAGE 22 |Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
2011 ForecastsWhat to Watch 2011
2011 Forecasts
New generation of better organized, more malevolent malware writers
Malware attacks target information and data for immediate financial gain
Personally identifying information becomes the target of the new breed of cybercriminals and another source of income for those already in the game
Spyware 2.0 emerges, a new class of malware that steals users’ personal data (identity theft) plus any other type of data it can find
Spyware 2.0 becomes a popular tool for both new and old players alike
An increasing number of attacks on corporate users by traditional cybercriminals and the gradual decline in direct attacks on everyday users
Mobile devices and cloud services become increasingly targeted platforms
Exploiting vulnerabilities remains the principal method of carrying out attacks and a significant increase in the scope and speed with which they are used
| 11 February 2011PAGE 23 |Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
Precise Methods, New Organizers, New Aims
Thank YouThank You
Kurt Baumgartner, Senior Security Researcher, Kaspersky LabKaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts”
Moscow, February 10-13, 2011
Kurt Baumgartner, Senior Security Researcher, Kaspersky LabKaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts”
Moscow, February 10-13, 2011
Cyberthreat Landscape 2010-2011Cyberthreat Landscape 2010-2011Outcomes, Trends and ForecastsOutcomes, Trends and Forecasts