Graham Cluley - CSO Perspectives Roadshow 2016

PowerPoint Presentation

#

CSO Perspectives, Australia, March 2016

(60 Minutes)

The rise of malware

From back bedrooms to boardrooms, Graham Cluley describes how viruses and trojan horses turned from a schoolboy prank into a threat which could steal secrets from governments, disrupt nuclear facilities in Iran, and even help secret agents assassinate their opponents.

Graham Cluley draws on his 25 year history in the anti-virus industry to explain who the malware authors are, how the nature of the attacks are changing, and the steps that organisations need to take to prevent themselves from becoming the next victim.

Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 8:15 PM1

#

CSO Perspectives, Australia, March 2016

(60 Minutes)

The rise of malwareFrom back bedrooms to boardrooms, Graham Cluley describes how viruses and trojan horses turned from a schoolboy prank into a threat which could steal secrets from governments, disrupt nuclear facilities in Iran, and even help secret agents assassinate their opponents.Graham Cluley draws on his 25 year history in the anti-virus industry to explain who the malware authors are, how the nature of the attacks are changing, and the steps that organisations need to take to prevent themselves from becoming the next victim.

Elk Cloner x Casino x What old malware looks like xWhat it looks like today x The scale of the problemTypes of malwareHow you get infectedExample of a targeted attackWho writes it?

Attack on GeorgiaMossad attackCould you be next?Protection stepsKeep yourself clued-up


You can trust me.

#

You can trust me. Of course you trust me. Look at me. The good people at CSO have put me on a stage. And you trust CSO dont you?

You trust them, they trust me, so you trust me. Right? You can also trust me because sometimes I wear glasses. Therefore Im probably an expert. And I have an English accent. Utterly trustworthy.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM3

You can trust me.

#

Seriously, you can trust me. I like dogs.Heres my dog, Archie.

Ive pixellated out his dog tag so you cant find out my phone number, but Ive just told you my eBay password Damn.


You can trust me.

#

I also love cats. This is Marble.

Unfortunately he isnt around anymore. Unfortunate business involving a vehicle and Isaac Newtons third law of motion.

It wasnt my fault. Trust me.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 8:23 PM5

You cant trust the CIA.

#

Do you know why you cant trust the CIA?Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM6

#

In the 1960s, the CIA ran a top secret project to spy on Soviet embassies with cats. The project codenamedAcoustic Kitty involved a battery and small microphone being implanted into a cat, and an antenna put into its tail.

More recently, a security researcher revealed that he had enlisted the help of his wifes grandmothers Siamese cat (named Coco) in an attempt to sniff out poorly-protected WiFi in his neighbourhood.

Some cats cant be trusted.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM7

#

security researcher revealed that he had enlisted the help of his wifes grandmothers Siamese cat (named Coco) in an attempt to sniff out poorly-protected WiFi in his neighbourhood. Gene Bransfield, a security researcher with Tenacity, claimed in his talk entitled How to Weaponize your Pets, that some 15% of internet traffic is cat-related.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 8:26 PM8

#

Security researcher revealed that he had enlisted the help of his wifes grandmothers Siamese cat (named Coco) in an attempt to sniff out poorly-protected WiFi in his neighbourhood. Gene Bransfield, a security researcher with Tenacity, claimed in his talk entitled How to Weaponize your Pets, that some 15% of internet traffic is cat-related.

So you cant necessarily trust all cats, or cat owners. Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 8:26 PM9

You cant trust the internet.

#

So, you can trust me. But can you trust the internet? I dont think so.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 7:01 PM10

#

23 April 2013

Panic on Wall Street, Dow Jones plummetted Why? Well, all it took were 12 words. (72 characters)Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM11

#

Just

Associated Presss Twitter account. Hacked by Syrian Electronic Army claiming terrorist activity at White House and Obama injured.

The Dow Jones industrial average plunged more than 140 points in seconds after the report.

Why? Because Associated Press was trusted. Nearly 2 million followers.


#

People still trust SMTP email today, even though internet emails arent encrypted (leaving them open to interception) and details like the from: address can be forged.

Thats how phishing and email scams work.

Trust me, thats not a good thing.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM13

#

And you have to be careful what websites you trust online with your personal data.


#

Casino virusGlobal Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM15

Malware

#


This is Rich Skrenta.

Do you trust him?

#

Rich Skrenta, Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM17

18

Apple IIe computer - a precursor to the Mac18

19

Elk Cloner19

20

Elk Cloner20

21

Not to say that all old DOS viruses were visual. Jerusalem, aka 1813 virus. Infects EXE and COM files

21

22

People changed their clocks, only to find that there was also a Sunday the 14th virus

22

#

Virus exchange BBSes and websitesGlobal Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 11:06 PM23

#

Chen Ing Hau

Author of Chernobyl, aka CIH. 1998Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 11:09 PM24

#

David L Smith

Melissa virus, 1999Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 11:08 PM25

#

Onel de Guzman, author of the Love Bug

May 4 2000Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 11:05 PM26

#

Independence DayGlobal Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM27

#

Independence DayGlobal Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM28

Suicide virus by Phalcon/SKISM. Crucifixtion virus If youre happy and you know it, clap your hands

29

30

Phantom. Written by Russian virus writer Dark Prince. Using the Advanced Polymorphic Engine (APE).

30

31

Walker virus. which happens to be a sprite ripped out of the game "Bad Street Brawlers," to walk across the screen at regular intervals, interrupting any work being done on the PC.

31

32

Biplane virus

32

Phalcon SKISM (Smart Kids into Sick Methods). TALK NOW ABOUT THE CHANGE

33

Banksy

34

Banksy

35

Banksy

36

Banksy

37

This is what malware looks like today. Theres nothing to see. Windows 10.

38

#

TalkTalk CEO Dido Harding on BBC News, trying to explain how it suffered data breaches three times in less than a year.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM39

Who is writing the malware?

#


#

Three main types of enemy

The kidsThe criminalsThe governments


42

Kids andactivists

The kids

42

#

Ryan Cleary (aka Viral from LulzSec) / Chen Ing Hau (CIH / Chernobyl) / Sven Jaschan (author of Sasser worm and Netsky virus)

Michael Buen (author of the Love Bug) / David L Smith (Melissa) | Simon Vallor (Welshauthor of Gokar, Redesi and Admirer mass-mailing viruses)


44

Anonymous

44

#

Hackers are not geniuses

Technologically impaired hackers dont know how to use the thermostat


#

This guy is more worried about having his face seen, than leaving any fingerprints

He also doesnt seem to be smart enough to realise its easier to type sitting down.


#




48

Organisedcriminals

The kids

48

49Money-making malware

Remote access

#

Steal information, spy on you, exploit your computers resourcesGlobal Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 8:31 PM50

Ransomware,scareware

#

Ransomware and scareware threatsGlobal Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 8:31 PM51

Ransomware

52

Ransomware

53

Ransomware

54

55

Compromised computers around the world55

#




57Denial-of-service attacks

Extorted more than $4 million from British companies after threatening to attack their websites, making them inaccessible to the outside world. Online casinos and betting websites were targeted by the group, who used compromised zombie computers to launch the denial-of-service attacks.

Ivan Maksakov, Alexander Petrov, and Denis Stepanov were each sentenced to 8 years in prison in 200657

58



58

59

Government

Govt hacking

59

60

To spy on communications

60

61

To fight crime

61

62

To fight terror

62

63

Intellectualproperty

Stealing intellectual property and secrets from companies for commercial gain.

63

64

James Bond-style espionage. SPYING is now a big deal

64

#

Georgian government's CERT (Computer Emergency Response Team) claims it has linked an internet attack to Russia's security services, and even turned the tables on a hacker it believes was involved by secretly taking over his computer and taking video footage of him.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM65

#

Georgian news websites hacked to exploit vulns, malware that hijacked infected computers and searched for sensitive docs. Also took screenshots, spread via networks and eavesdrop on conversations via infected PCs' webcams. At least 390 PCs infected. 70% of compromised PCs were based in Georgia, with other victims found in the USA, Canada, Ukraine, France, China, Germany and Russia. Computers hit in Georgia were predominantly based in government agencies, banks and critical infrastructure the report claims.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM66

#

Georgia's CERT deliberately infected one of its own PCs with the malware, and planted a ZIP file named "Georgian-Nato Agreement" on its drive, hoping it would prove irresistible for the hacker.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM67

#

Sure enough the hacker stole the archive file and ran malware that Georgia CERT had planted inside, meaning that now investigators had control over the hacker's own computer.This made it relative child's play to capture images of the suspect at work in front of his PC.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM68

Curiously, a domain used by the attackers was registered to an address in Moscow belonging to the Russian Ministry of Internal Affairs, department of logistics - which just happens to be based close to the Russian Secret Service (FSB).

Watering hole attack

#

Other anti-Tibet malware attacks have targeted Java vulnerabilities. Heres a watering hole attackGlobal Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 10:52 PM70

Mahmoudal-Mabhouh

#

Targeted attacks can be physicalMahmoud al-Mabhouh, a senior Hamas official, was murdered by a professional assassination team of 11 people.

able to track al-Mabhouh's movements and plans because they had planted a spyware Trojan horse on his computer. Let them monitor his email communications and other online activities.


Mahmoudal-Mabhouh

#

Targeted attacks can be physicalMahmoud al-Mabhouh, a senior Hamas official, was murdered by a professional assassination team of 11 people.

able to track al-Mabhouh's movements and plans because they had planted a spyware Trojan horse on his computer. Let them monitor his email communications and other online activities.


#

The 2013 Target hack. Up to 110 million customer affected.

Hackers had access to every cash register in every one of Targets 1800 US stores.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM73

#

The 2013 Target hack. Up to 110 million customer affected.

Hackers had access to every cash register in every one of Targets 1800 US stores.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM74

#

Hackers broke in via aircon/refrigeration company who had been given network credentials.

Monitoring temperatiures etc overnight, need remote access to do maintenance, patches etc.

Malware was installed on cash registersGlobal Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM75

#

CEO Gregg Steinhafel lost his job.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM76

Targeted attack

#

2010. Chinese hackers tried to derail $40 billion hostile takeover of worlds largest Potash producer (Potash Corp of Saskatchewan) by Australian mining giant BHP.

Spoofed emails, carrying spyware, were sent to the companys law firms.

Over several months, SEVEN different law firms were hit, as well as Canadas Finance Ministry and Treasury Board

The deal fell through anyway, but the stolen data could have been worth TENS OF MILLIONS and give the party who possessed it an UNFAIR ADVANTAGE.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 10:53 PM77

Targeted attack

#

2013. Toronto Law Firm representing people seeking refugee status.

The firm, concerned about NSA revelations, checked its network

Found it had been compromised. But this wasnt a political state-sponsored hack

This was about business. Its information was for sale on Silk RoadGlobal Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 10:55 PM78

Targeted attack

#

2013. Toronto Law Firm representing people seeking refugee status.

The firm, concerned about NSA revelations, checked its network

Found it had been compromised. But this wasnt a political state-sponsored hack

This was about business. Its information was for sale on Silk RoadGlobal Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 10:56 PM79

State-sponsored attacks

#


State-sponsored attacks

#


How are firms targeted?

82

83

84

85

86

87

88

89

90

91

Not just big companies at risk

#

Youre not too small to be targeted. You could be a stepping stone to the attackers true target.Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM92

#

Youre not too small to be targeted. You could be a stepping stone to the attackers true target.


#

Youre not too small to be targeted. You could be a stepping stone to the attackers true target.


Could your company be next?

#

HyattHiltonMandarin OrientalBooking.com xHotel Hippo xTalkTalkAshley MadisonThomson - http://www.bbc.co.uk/news/uk-england-cornwall-34027172 x

Vtech xWetherspoons x


#


Defense in depth

#


Stronger user authentication

#


Encrypt, encrypt, encrypt(And use a VPN)

#


Policies andregulations

#


Policies andregulationsA scarf can protect you,

But it can choke you too

#


102

Theyre putting their trust in cloud companies102

Your companys crown jewels

#

Identify your most important property. What if it was leaked or stolen would cause your company the most harm?Global Accounts Summit 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.3/1/16 5:33 PM103

104

Hack yourself, before someone hacks you


Nothing is 100% trustworthy

Its about managing risk, not eliminating it105


Email: [email protected]: https://www.grahamcluley.comTwitter: @gcluley

Thank you

Date post:	14-Apr-2017
Category:	Technology
Upload:	csopresentations
View:	504 times
Download:	0 times

Graham Cluley - CSO Perspectives Roadshow 2016

Technology