THE THREAT LANDSCAPEFROM CYBERCRIME TO CYBER-WAR
David EmmGlobal Research and Analysis Team
2
CONTENTS
What kind of malware?
Who’s writing it and why?What do we do about it?3
2
1
THE SCALE OF THE THREAT
1NEW VIRUS EVERY HOUR
19941NEW VIRUS EVERY MINUTE
20061NEW VIRUS EVERY SECOND
2011315,000NEW SAMPLES EVERY DAY
2013
THE GROWING MALWARE THREAT
5
HOW MALWARE SPREADS
People
Technology
… and how people use it
6
VULNERABILITIES AND EXPLOITS
90.52%
2.6%
2.49%2.01% 1.32%0.53%0.5%Oracle JavaWindows componentsAndroidAdobe Acrobat ReaderIEAdobe Flash PlayerMS Office
7
VULNERABILITIES AND EXPLOITS
8
‘DRIVE-BY DOWNLOADS’
9
SOCIAL NETWORKS
10
11
REMOVABLE MEDIA
12
DIGITAL CERTIFICATES
13
SOPHISTICATED THREATS
Code obfuscation
Rootkits
Hide changes made by malware
• Installed files• Running processes• Registry changes
Advanced technologies£k1_ s”+gr!pl;7&
14
NEW TACTICS
All kinds of information
Not just bank data
Steal everything!
Sophisticated
Carefully selected targets
Well-defined aims
Targeted attacks
0.1%
9.9%
90%
THE NATURE OF THE THREAT
Traditional cybercrime
Targeted threats to organisations
Cyber-weapons
POLITICAL, SOCIAL OR ECONOMIC PROTEST
THEFT OF SENSITIVE DATA
“There’s no such thing as ‘secure’ any more. The most sophisticated adversaries are going to go unnoticed on our networks. We have to build our systems on the assumption that adversaries will get in. We have to, again, assume that all the components of our system are not safe, and make sure we’re adjusting accordingly.” Debora Plunkett, NSA DirectorQuoted in “NSA Switches to Assuming Security Has Always Been Compromised”
CYBER-WEAPONS
“… cyber weapons are: a) effective; b) much cheaper than traditional weapons; c) difficult to detect; d) difficult to attribute to a particular attacker …; e) difficult to protect against …; f) can be replicated at no extra cost. What’s more, the seemingly harmless nature of these weapons means their owners have few qualms about unleashing them, with little thought for the consequences.Eugene KasperskyJune 2012http://eugene.kaspersky.com/2012/06/14/the-flame-that-changed-the-world/
CYBER-WEAPONS: NUMBER OF VICTIMS
OVER 100K
OVER 300K
2,500
10K
700
5-6K
2050-60
10-2050-60
Stuxnet Gauss Flame Duqu miniFlameKnown number of incidents Additional number of incidents (approximate)
300K
100K
10K
1K
5020
Source: Kaspersky Lab
20
TARGETED ATTACKS
RSA
Lockheed Martin
Sony
Comodo
DigiNotar
Some of the victims:Saudi Aramco
Adobe
Syrian Ministry of Foreign Affairs
The New York Times
Tibetan activitists
22
MOBILE MALWARE
0
50000
100000
150000
200000
250000
10,000,509 unique installation packs
23 The evolving threat landscape
WHY TARGET MOBILE DEVICES?Mobile devices contain lots of interesting data:
SMS messages
Business e-mail
Business contacts
Personal photos
GPS co-ordinates
Banking credentials
Installed apps
Calendar
24
PLATFORMS
98.05%
1.55% 0.40%
AndroidJ2MEOthers
25
WHAT SORT OF MALWARE?
33.5%
20.6%
19.4%
7.1%6%
5.8% 4% 3.6%
Trojan-SMSBackdoorTrojanAdwareRiskToolTrojan-Down-loader
26
THE GEOGRAPHY OF MOBILE MALWARE
27
MOBILE DEVICES AND TARGETED ATTACKS
28
WHAT DO WE DO ABOUT IT?
29
WHAT DO WE DO ABOUT IT?
30
WHAT DO WE DO ABOUT IT?
QUESTIONSDavid EmmGlobal Research and Analysis Team