CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation
-
Upload
csopresentations -
Category
Technology
-
view
322 -
download
0
Transcript of CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation
![Page 1: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/1.jpg)
![Page 2: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/2.jpg)
Are we doing enough?Juraj Malcho
Chief Research Officer ESET
![Page 3: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/3.jpg)
Agenda• Malware scene of today• Anything special about Australia?• Are security solutions dead and ineffective?• How to manage to survive (and sleep at night)?• How dark is the future of ICT security?
![Page 4: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/4.jpg)
Malware prevalence AUS 2013 consumer vs businessThreat infection share total shareWin32/Toolbar.Conduit.B 7.95% 0.75%Win32/Toolbar.SearchSuite 4.81% 0.45%Win32/Toolbar.Conduit.P 4.48% 0.42%Win32/Toolbar.Widgi 3.58% 0.34%Win32/AdInstaller 3.05% 0.29%Win32/SoftonicDownloader.E 2.95% 0.28%Win32/Toolbar.Babylon.E 2.71% 0.25%Win32/DownloadAdmin.G 2.49% 0.23%Win32/Toolbar.Visicom.A 2.48% 0.23%Win32/Toolbar.MyWebSearch 2.38% 0.22%Win32/Toolbar.Conduit.Q 2.38% 0.22%Win32/Somoto.A 2.33% 0.22%Win32/Toolbar.Babylon.A 2.32% 0.22%Win32/Toolbar.Conduit.O 2.22% 0.21%Win32/Adware.Yontoo.B 2.13% 0.20%Win32/Toolbar.Linkury.A 2.09% 0.20%Win32/Toolbar.Visicom.C 2.03% 0.19%Win32/bProtector.A 2.00% 0.19%Win32/Toolbar.Visicom.B 1.89% 0.18%HTML/Iframe.B.Gen 1.89% 0.18%
Threat infection share total shareWin32/Toolbar.Widgi 4.89% 0.49%Win32/Toolbar.Conduit.B 4.48% 0.45%Win32/Toolbar.SearchSuite 3.80% 0.38%HTML/Iframe.B.Gen 3.56% 0.36%HTML/ScrInject.B.Gen 3.13% 0.32%Win32/Toolbar.Conduit.P 2.59% 0.26%Win32/DownloadAdmin.G 2.54% 0.26%Win32/AdInstaller 2.49% 0.25%Win32/SoftonicDownloader.E 2.11% 0.21%Win32/InstallIQ 2.11% 0.21%Win32/Toolbar.MyWebSearch 2.10% 0.21%Win32/NetTool.Portscan.C 2.06% 0.21%Win32/Tool.EvID4226 2.03% 0.21%Win32/Keygen.AO 2.02% 0.20%Win32/Keygen.CY 2.02% 0.20%Win32/bProtector.A 1.84% 0.19%Win32/Toolbar.Babylon.E 1.82% 0.18%Win32/Toolbar.Linkury.A 1.80% 0.18%Win32/Spy.Zbot.AAU 1.66% 0.17%Win32/InstallIQ.A 1.64% 0.17%
![Page 5: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/5.jpg)
Malware prevalence AUS 2014 consumer vs businessThreat infection share total shareWin32/Toolbar.Conduit.Y 8.32% 0.50%Win32/Toolbar.Conduit.B 6.83% 0.41%
Win32/Toolbar.Conduit 4.57% 0.28%Win32/Toolbar.Conduit.P 4.16% 0.25%
Win32/Conduit.SearchProtect.N 3.69% 0.22%
Win32/PriceGong.A 3.66% 0.22%
Win32/Systweak 3.37% 0.20%
MSIL/MyPCBackup.A 3.07% 0.19%Suspicious 3.07% 0.19%
Win32/Toolbar.Conduit.X 2.85% 0.17%Win32/Toolbar.Conduit.Q 2.77% 0.17%
Win32/Conduit.SearchProtect.H 2.76% 0.17%
Win32/Toolbar.Conduit.H 2.62% 0.16%
Win32/Toolbar.Conduit.O 2.49% 0.15%
Win32/Toolbar.Conduit.AH 2.33% 0.14%
Win32/Toolbar.MyWebSearch.AC 2.04% 0.12%
Win32/Toolbar.Visicom.B 2.01% 0.12%Win64/Toolbar.Conduit.B 1.99% 0.12%
Win32/ClientConnect.A 1.87% 0.11%JS/Toolbar.Crossrider.B 1.86% 0.11%
Win32/TrojanDownloader.Wauchos.AF 1.82% 0.11%
Threat infection share total shareWin32/Toolbar.Conduit.Y 5.83% 0.39%Win32/Toolbar.Conduit.B 5.22% 0.35%
Win32/Conduit.SearchProtect.N 3.82% 0.26%Win32/TrojanDownloader.Wauchos.AF 3.65% 0.25%
Win32/TrojanDownloader.Waski.A 3.52% 0.24%
Win32/PriceGong.A 2.52% 0.17%
Win32/Rovnix.X 2.50% 0.17%
Win32/Toolbar.Conduit.P 2.50% 0.17%MSIL/MyPCBackup.A 2.24% 0.15%
Win32/Toolbar.Conduit.X 2.23% 0.15%Win32/Toolbar.Conduit.Q 2.20% 0.15%
Win32/Toolbar.Conduit.H 2.11% 0.14%
Win32/Toolbar.Conduit 2.09% 0.14%
Suspicious 2.02% 0.14%
Win32/Conduit.SearchProtect.P 1.95% 0.13%
Win32/Systweak 1.79% 0.12%
Win32/Toolbar.Conduit.AH 1.79% 0.12%Win32/AdInstaller 1.77% 0.12%
Win32/Toolbar.Montiera.A 1.74% 0.12%Win32/Toolbar.Conduit.V 1.66% 0.11%
Win32/TrojanDownloader.Waski.F 1.61% 0.11%
![Page 6: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/6.jpg)
Malware prevalence AUS 2015 consumer vs businessThreat infection share total shareSuspicious 8.39% 0.40%Win32/TrojanDownloader.Waski.F 4.19% 0.20%Win32/Toolbar.Conduit.Y 2.76% 0.13%Win32/Systweak 2.03% 0.10%Win32/TrojanDownloader.Waski.A 1.89% 0.09%Win32/Conduit.SearchProtect.N 1.67% 0.08%Win32/ClientConnect.A 1.55% 0.07%Win32/AdkDLLWrapper.A 1.50% 0.07%Win32/Systweak.L 1.50% 0.07%Win32/TrojanDownloader.Waski.Z 1.37% 0.07%Win32/Toolbar.MyWebSearch.AC 1.36% 0.06%JS/Toolbar.Crossrider.B 1.23% 0.06%Win32/Systweak.N 1.21% 0.06%Win32/Toolbar.Conduit.B 1.21% 0.06%Win32/Toolbar.Conduit.O 1.16% 0.06%Win32/Toolbar.Conduit.X 1.15% 0.05%Win32/Toolbar.Conduit.Q 1.13% 0.05%Win32/Toolbar.MyWebSearch.AA 1.12% 0.05%MSIL/MyPCBackup.A 1.08% 0.05%Win32/Conduit.SearchProtect.H 1.04% 0.05%
Threat infection share total shareWin32/TrojanDownloader.Waski.F 7.56% 0.45%Suspicious 4.98% 0.30%Win32/TrojanDownloader.Waski.A 3.31% 0.20%Win32/Toolbar.Conduit.Y 2.76% 0.16%Win32/TrojanDownloader.Waski.Z 2.30% 0.14%Win32/Conduit.SearchProtect.N 1.81% 0.11%Win32/Toolbar.MyWebSearch.AO 1.46% 0.09%Win32/Filecoder.DI 1.37% 0.08%Win32/TrojanDownloader.Wauchos.AK 1.23% 0.07%Win32/Systweak 1.20% 0.07%Win32/Conduit.SearchProtect.P 0.99% 0.06%MSIL/MyPCBackup.F 0.97% 0.06%Win32/Toolbar.Conduit.B 0.97% 0.06%Win32/Systweak.L 0.97% 0.06%Win32/Toolbar.Conduit.O 0.96% 0.06%Win32/Systweak.N 0.96% 0.06%Win32/Toolbar.Conduit.Q 0.89% 0.05%Win32/TrojanDownloader.Agent.BEL 0.86% 0.05%Win32/Danger.DoubleExtension 0.84% 0.05%Win32/Toolbar.Visicom.B 0.83% 0.05%
![Page 7: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/7.jpg)
![Page 8: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/8.jpg)
Malware prevalence 2015 AUS vs USA businessThreat infection share total shareWin32/TrojanDownloader.Waski.F 7.56% 0.45%Suspicious 4.98% 0.30%Win32/TrojanDownloader.Waski.A 3.31% 0.20%Win32/Toolbar.Conduit.Y 2.76% 0.16%Win32/TrojanDownloader.Waski.Z 2.30% 0.14%Win32/Conduit.SearchProtect.N 1.81% 0.11%Win32/Toolbar.MyWebSearch.AO 1.46% 0.09%Win32/Filecoder.DI 1.37% 0.08%Win32/TrojanDownloader.Wauchos.AK 1.23% 0.07%Win32/Systweak 1.20% 0.07%Win32/Conduit.SearchProtect.P 0.99% 0.06%MSIL/MyPCBackup.F 0.97% 0.06%Win32/Toolbar.Conduit.B 0.97% 0.06%Win32/Systweak.L 0.97% 0.06%Win32/Toolbar.Conduit.O 0.96% 0.06%Win32/Systweak.N 0.96% 0.06%Win32/Toolbar.Conduit.Q 0.89% 0.05%Win32/TrojanDownloader.Agent.BEL 0.86% 0.05%Win32/Danger.DoubleExtension 0.84% 0.05%Win32/Toolbar.Visicom.B 0.83% 0.05%
Threat infection share total shareWin32/Toolbar.Conduit.Y 3.59% 0.14%Win32/Toolbar.MyWebSearch.AO 2.73% 0.10%Win32/TrojanDownloader.Waski.F 2.47% 0.09%HTML/ScrInject.B.Gen 2.39% 0.09%Win32/Systweak 2.21% 0.08%Win32/Toolbar.Conduit.X 1.92% 0.07%Suspicious 1.85% 0.07%Win32/Conduit.SearchProtect.N 1.83% 0.07%MSIL/MyPCBackup.F 1.76% 0.07%Win32/AdInstaller 1.54% 0.06%JS/Toolbar.Crossrider.B 1.52% 0.06%Win32/Toolbar.MyWebSearch.AC 1.51% 0.06%Win32/DealPly.S 1.51% 0.06%Win32/Systweak.L 1.49% 0.06%Win32/ClientConnect.A 1.46% 0.06%MSIL/MyPCBackup.A 1.42% 0.05%Win32/Toolbar.Visicom.B 1.38% 0.05%Win32/Systweak.N 1.38% 0.05%Win32/InstallIQ.A 1.29% 0.05%HTML/FakeAlert.AK 1.28% 0.05%
![Page 9: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/9.jpg)
Malware prevalence 2015 AUS vs USA consumerThreat infection share total shareSuspicious 8.39% 0.40%Win32/TrojanDownloader.Waski.F 4.19% 0.20%Win32/Toolbar.Conduit.Y 2.76% 0.13%Win32/Systweak 2.03% 0.10%Win32/TrojanDownloader.Waski.A 1.89% 0.09%Win32/Conduit.SearchProtect.N 1.67% 0.08%Win32/ClientConnect.A 1.55% 0.07%Win32/AdkDLLWrapper.A 1.50% 0.07%Win32/Systweak.L 1.50% 0.07%Win32/TrojanDownloader.Waski.Z 1.37% 0.07%Win32/Toolbar.MyWebSearch.AC 1.36% 0.06%JS/Toolbar.Crossrider.B 1.23% 0.06%Win32/Systweak.N 1.21% 0.06%Win32/Toolbar.Conduit.B 1.21% 0.06%Win32/Toolbar.Conduit.O 1.16% 0.06%Win32/Toolbar.Conduit.X 1.15% 0.05%Win32/Toolbar.Conduit.Q 1.13% 0.05%Win32/Toolbar.MyWebSearch.AA 1.12% 0.05%MSIL/MyPCBackup.A 1.08% 0.05%Win32/Conduit.SearchProtect.H 1.04% 0.05%
Threat infection share total shareSuspicious 4.00% 0.15%Win32/Toolbar.Conduit.Y 3.11% 0.12%Win32/Systweak 2.54% 0.10%HTML/ScrInject.B.Gen 2.18% 0.08%JS/Toolbar.Crossrider.B 2.14% 0.08%Win32/ClientConnect.A 2.13% 0.08%Win32/Conduit.SearchProtect.N 1.96% 0.08%MSIL/MyPCBackup.A 1.86% 0.07%Win32/Systweak.L 1.77% 0.07%Win32/Toolbar.MyWebSearch.AC 1.64% 0.06%MSIL/MyPCBackup.F 1.61% 0.06%Win32/Toolbar.MyWebSearch.AA 1.61% 0.06%JS/Toolbar.Crossrider.G 1.57% 0.06%Win32/TrojanDownloader.Waski.F 1.53% 0.06%REG/Agent.AK 1.50% 0.06%HTML/FakeAlert.AK 1.46% 0.06%Win32/Systweak.N 1.43% 0.06%Win32/Toolbar.Conduit.X 1.39% 0.05%Win32/Toolbar.Conduit.AH 1.36% 0.05%Win32/Toolbar.MyWebSearch.AO 1.35% 0.05%
![Page 10: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/10.jpg)
Malware prevalence 2015 AUS vs IDN businessThreat infection share total shareWin32/TrojanDownloader.Waski.F 7.56% 0.45%Suspicious 4.98% 0.30%Win32/TrojanDownloader.Waski.A 3.31% 0.20%Win32/Toolbar.Conduit.Y 2.76% 0.16%Win32/TrojanDownloader.Waski.Z 2.30% 0.14%Win32/Conduit.SearchProtect.N 1.81% 0.11%Win32/Toolbar.MyWebSearch.AO 1.46% 0.09%Win32/Filecoder.DI 1.37% 0.08%Win32/TrojanDownloader.Wauchos.AK 1.23% 0.07%Win32/Systweak 1.20% 0.07%Win32/Conduit.SearchProtect.P 0.99% 0.06%MSIL/MyPCBackup.F 0.97% 0.06%Win32/Toolbar.Conduit.B 0.97% 0.06%Win32/Systweak.L 0.97% 0.06%Win32/Toolbar.Conduit.O 0.96% 0.06%Win32/Systweak.N 0.96% 0.06%Win32/Toolbar.Conduit.Q 0.89% 0.05%Win32/TrojanDownloader.Agent.BEL 0.86% 0.05%Win32/Danger.DoubleExtension 0.84% 0.05%Win32/Toolbar.Visicom.B 0.83% 0.05%
Threat infection share total shareLNK/Agent.AV 7.93% 1.02%Win32/Ramnit.A 4.38% 0.57%LNK/Autostart.A 3.39% 0.44%Win32/Virut.NBP 3.10% 0.40%Win32/Ramnit.F 3.02% 0.39%Defo 2.94% 0.38%Win32/Ramnit.H 2.88% 0.37%JS/Kryptik.I 2.85% 0.37%Win32/Toolbar.MyWebSearch.AO 2.50% 0.32%INF/Autorun.gen 2.43% 0.31%JS/Toolbar.Crossrider.B 2.30% 0.30%Win32/Toolbar.SearchSuite.C 2.15% 0.28%Win32/Conficker.X 2.01% 0.26%Win32/Conficker.AA 2.00% 0.26%Win32/Sality.NBA 1.98% 0.26%Win32/Sality.NBJ 1.85% 0.24%LNK/Exploit.CVE-2010-2568 1.80% 0.23%Win32/SProtector.D 1.78% 0.23%LNK/Agent.AK 1.77% 0.23%Win32/Slugin.A 1.77% 0.23%
![Page 11: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/11.jpg)
Malware prevalence 2015 AUS vs IDN consumerThreat infection share total shareSuspicious 8.39% 0.40%Win32/TrojanDownloader.Waski.F 4.19% 0.20%Win32/Toolbar.Conduit.Y 2.76% 0.13%Win32/Systweak 2.03% 0.10%Win32/TrojanDownloader.Waski.A 1.89% 0.09%Win32/Conduit.SearchProtect.N 1.67% 0.08%Win32/ClientConnect.A 1.55% 0.07%Win32/AdkDLLWrapper.A 1.50% 0.07%Win32/Systweak.L 1.50% 0.07%Win32/TrojanDownloader.Waski.Z 1.37% 0.07%Win32/Toolbar.MyWebSearch.AC 1.36% 0.06%JS/Toolbar.Crossrider.B 1.23% 0.06%Win32/Systweak.N 1.21% 0.06%Win32/Toolbar.Conduit.B 1.21% 0.06%Win32/Toolbar.Conduit.O 1.16% 0.06%Win32/Toolbar.Conduit.X 1.15% 0.05%Win32/Toolbar.Conduit.Q 1.13% 0.05%Win32/Toolbar.MyWebSearch.AA 1.12% 0.05%MSIL/MyPCBackup.A 1.08% 0.05%Win32/Conduit.SearchProtect.H 1.04% 0.05%
Threat infection share total shareLNK/Agent.AV 7.45% 1.12%Win32/Ramnit.A 5.11% 0.76%JS/Toolbar.Crossrider.B 4.45% 0.67%Win32/Virut.NBP 4.33% 0.65%LNK/Autostart.A 4.29% 0.64%Win32/Ramnit.F 3.98% 0.60%INF/Autorun.gen 2.88% 0.43%Win32/Ramnit.H 2.88% 0.43%JS/Toolbar.Crossrider.G 2.63% 0.39%Defo 2.38% 0.36%Win32/Sality.NBA 2.37% 0.36%Win32/AlteredSoftware.C 2.36% 0.35%LNK/Agent.AK 2.22% 0.33%Win32/ELEX.BM 1.90% 0.28%Win32/Toolbar.Visicom.B 1.81% 0.27%Win32/Slugin.A 1.75% 0.26%Win32/AlteredSoftware.A 1.74% 0.26%BAT/BadJoke.AP 1.72% 0.26%Win32/Sality 1.71% 0.26%Win32/Toolbar.CrossRider.CD 1.70% 0.26%
![Page 12: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/12.jpg)
Incident ratio 2013-2015
![Page 13: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/13.jpg)
Filecoders prevalence 2015 consumer vs businessCountry infection share total shareAustralia 2.70% 0.16%Spain 2.36% 0.16%Italy 2.44% 0.12%South Africa 1.47% 0.11%United States 2.73% 0.10%Canada 1.81% 0.09%Belgium 1.50% 0.07%Malaysia 0.74% 0.07%United Kingdom 0.98% 0.06%Russia 0.96% 0.06%Bulgaria 0.93% 0.06%Portugal 0.88% 0.06%United Arab Emirates 0.45% 0.05%Netherlands 1.18% 0.04%
Country infection share total shareSouth Africa 1.39% 0.10%Spain 1.45% 0.09%United States 1.80% 0.07%Australia 1.50% 0.07%Israel 0.82% 0.06%Canada 1.12% 0.05%United Kingdom 0.87% 0.05%Turkey 0.63% 0.05%Thailand 0.41% 0.05%New Zealand 1.07% 0.04%Netherlands 0.97% 0.04%Italy 0.91% 0.04%Singapore 0.50% 0.04%Belgium 0.83% 0.03%
![Page 14: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/14.jpg)
Targeted campaigns
1/10/2015
1/11/2
015
1/12/2015
1/13/2
015
1/14/2
015
1/15/2
015
1/16/2015
1/17/2015
1/18/2
015
1/19/2015
1/20/2
015
1/21/2
015
1/22/2
015
1/23/2
015
1/24/2015
1/25/2
015
1/26/2
015
1/27/2015
1/28/2
015
1/29/2
015
1/30/2
015
1/31/2
015
2/1/2
015
2/2/2
015
2/3/2
015
2/4/2
015
2/5/2
015
2/6/2
015MX
PEIL
TRHU
IT
![Page 15: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/15.jpg)
![Page 16: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/16.jpg)
![Page 17: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/17.jpg)
![Page 18: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/18.jpg)
![Page 19: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/19.jpg)
![Page 20: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/20.jpg)
![Page 21: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/21.jpg)
![Page 22: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/22.jpg)
![Page 23: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/23.jpg)
![Page 24: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/24.jpg)
![Page 25: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/25.jpg)
![Page 26: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/26.jpg)
![Page 27: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/27.jpg)
Massive spreading not en vogue anymore• The most burning issues rarely make it to top20
today: ransomware, banking Trojans, targeted malware
• Top ranks are completely taken by Potentially Unwanted Software
• Staying under the radar and tailoring malware for specific targets is the main focus today
![Page 28: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/28.jpg)
IoT aka Internet of Threats• The history repeats again: Time to market is the
most important thing, not security• Problematic from simple ones to complex ones –
smart sensors, bulbs, intelligent home devices, smart TVs, internet routers, cars, mobile phones
• Could I get a “non-smart” option, please???
![Page 29: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/29.jpg)
Fixing IoT• Simple ones need strict End of Life policy
– They won’t update, they’re extremely cheap• Complex ones must be easy to update
– Really? Home routers, cars, mobile phones?• Are legislation and industry standards going to save
us?• Endpoint protection is almost impossible
– We hear those saying firewalls are dead
![Page 30: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/30.jpg)
Android/Simplocker
![Page 31: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/31.jpg)
Android/Simplocker• Currently around 50 variants• Localization• Ransom amount 15->500$• Better „self-defense“• Encrypting archives• „Better” cryptography
vs.
![Page 32: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/32.jpg)
Linux/Moose
![Page 33: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/33.jpg)
APT or TPA?• If detected out of the box then the attacker failed• Advanced Persistent Threat is completely wrong
– those threats are usually not advanced, not everything is Stuxnet– the malware itself is just a tool to perform an attack– it’s the attacker who’s persistent
• Targeted Persistent Attack is much more spot on– Attackers combine different methods when doing
reconnaissance – phishing phone call, targeting email borne malware to different people in an organization
![Page 34: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/34.jpg)
Is AV dead?• Yes, for about 20 years if you’re talking about the original
technology• However, it followed malware evolution:
– Network communication inspection – botnets, exploitation, exfiltration– Emulation/sandboxing of analyzed code– Behavioral monitoring and memory scanning– Exploitation blocking– Cloud-based reputation systems– Stealth detections which can’t be tested by malware writers– Gradual move from automatic to more verbose/interactive solutions
![Page 35: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/35.jpg)
Bold words from the other side• Q: What types of security devices/services/techniques legitimately
make your life harder as a blackhat? Any that you think are a complete waste of money?
• A: Hmmmm, DDoS protection is a serious knock back, although as many groups have proven before it’s easy to bypass – e.g. cloudflare resolver before they changed the protection method (almost bypassable lol). Things that are a waste of money… Hmm, anti-virus is completely useless — yes it may protect you from skids using non-FUD files but that’s it. Every botnet that gets sold comes FUD as default. People do it for free, it’s that easy.
![Page 36: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/36.jpg)
Current Android Malware
![Page 37: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/37.jpg)
"HAHAHA THE AVS FELL FOR THE LAST STRING F*****G ICARUS AND ASQUARED I JUST WISH NOD32 WOULD LEAVE ME ALONE FOR A FEW DAT ITS PISSING ME OFF THIS IS HOW I LIVE""THIS-IS-HOW-I-LIVE-AND-PAY-MY-BILLS-GIVE-ME-A-BREAK"
The irritated author of Dorkbot
![Page 38: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/38.jpg)
The Irritated Author of Win32/Dorkbot
"HAHAHA THE AVS FELL FOR THE LAST STRING FUCKING ICARUS AND ASQUARED I JUST WISH NOD32 WOULD LEAVE ME ALONE FOR A FEW DAT ITS PISSING ME OFF THIS IS HOW I LIVE""THIS-IS-HOW-I-LIVE-AND-PAY-MY-BILLS-GIVE-ME-A-BREAK"HOW CAN I PAY BILLS RENT FOOD WEALTH AND EVERYTHING NECESSARY IF NOD IS ALWAYS F******G UP MY CODES
![Page 39: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/39.jpg)
What else is out there?• Endpoint Detection and Response systems provide
insight into behavior of your IT systems, however, there’s a reporting challenge
• Malware Prevention Systems (automated sandboxing and analysis)
• Intelligence Services and Managed Security• Deception techniques• SIEM
![Page 40: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/40.jpg)
How to choose the right solution?• Consulting analysts such as Gartner or public testers
may help but doesn’t provide definitive answer and might have bias you’re not aware of
• Internal testing is best but very difficult; you will likely be biased, too, but aware of it
• Depending also on your needs: not only detection is important, but footprint, reliability, manageability, support quality etc
![Page 41: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/41.jpg)
What’s the right SMB defense?• Unless a very specific vertical it’s unlikely that a true high
profile targeted attack would be conducted• Typically not enough expertise in SMBs• Automagic solutions work best, but of course can be
bypassed• If unable to manage more complex/interactive solutions, look
for MSSP• Cloud-based solutions may help where applicable as large
providers can implement better security measures
![Page 42: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/42.jpg)
How about enterprise?• Defense needs have to adequately cover your
potential adversaries• Combine different layers and don’t advertise
them; SIEM management• Educate your teams• Trust but verify – employ network logging and
look for anomaly
![Page 43: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/43.jpg)
Future issues• When IoT truly lifts off• When cloud adoption will be massive (access
management, governance, political issues)• Conflicting legislation: strict privacy and
encryption laws vs lawful(?) surveillance => leading to governments attacking security SW
• Global e-conflicts, cyber armies and attribution
![Page 44: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/44.jpg)
Solving the situation• Active & Adequate Cyber Defense• Training, Education and Awareness• Responsible design and usage• Research & Investigation, cooperation with LE• Hitting criminals’ money flow• Preventing criminals from becoming criminals
![Page 45: CSO Breakfast in Partnership with ESET - Juraj Malcho Presentation](https://reader036.fdocuments.net/reader036/viewer/2022062902/58efb47e1a28abb2318b45c3/html5/thumbnails/45.jpg)