Cyber- [.......] Hype or Trend? The drivers behind malware development

|

Ram Herkanaidu

Education Manager

Kaspersky Lab

Cyber-[.......] Hype or Trend?The drivers behind malware development

Information Security Distance Learning Weekend Conference7th - 8th September 2013

1 72 3 4 5 6

Numbers

|

Kaspersky LabEvolution of malware waves we have to deal with

PAGE 3 |

1994One new virus every hour

|


PAGE 4 |

2006One new virus every minute

|


PAGE 5 |

2011One new virus every second

Or 70.000 samples/day

|

What about2013?

|

What about2012?

Kaspersky Labis currently processing

200,000unique malware samples

EVERY DAY

|

Vulnerabilities and exploits

50%

28%

3%

2%

2%

15%

Oracle JavaAdobe Acrobat ReaderWindows Componets and Internet ExplorerAndroidAdobe Flash PlayerOther

Source: Kaspersky Lab January 2013

Applications containing vulnerabilities targeted by web exploits in 2012

|

Phishing – June 2013

PAGE 9 | Source: Kaspersky Lab June 2013

31%

16%

14%

13%

10%

8%

6%Social networking sites

Search engines

Financial & e-pay organisations and banks

Email and Instant Messaging

IT vendors

Telephone and Interntet service providers

Online stores and e-auctions

Online Games: 0.8%

Government organisations: 0.5%

Mass media: 0.3%

Other: 0.6%

|

Mobile malwareSome statistics

PAGE 10 |

The growing use of the Internet to protest

Number of mobile malware families to-date: 679

Number of mobile malware modifications to-date: 107,068

Mobile malware found in July 2013: 4,181 new modifications

99.96 per cent of all mobile malware found in 2012 is targeting Android

The number of samples gathered in 2012 alone is more than six times higher than in the previous 7 years altogether

Source: Kaspersky Lab July 2013

|

Mobile malwareDistribution of malware targeting Android OS detected on user devices by behaviour: Q3 2012

PAGE 11 |Source: Kaspersky Lab December 2012

56%

22%

5%

5%

4%3%

1% 1%1%1% 2%

Trojan-SMSTrojanRiskToolAdWareExploitHackToolTrojan-PSWTrojan-SpyMonitorBackdoorOther

|

Malware victims

Source: Kaspersky Security Network: Web Anti-virus: Sept 2013

Top 20 countries with the greatest proportion of users attacked while surfing the web: H1 2013

Tajikistan

Azerbaijan

Armenia

Kazakhstan

Russia

Vietnam

Moldova

Belarus

Ukraine

Kyrgyzstan

Sri Lanka

Uzbekistan

Georgia

India

Greece

Austria

Tunisia

Germany

Italy

Algeria

0 10 20 30 40 50 60 70

|

United StatesRussiaNetherlandsGermanyUkraineUnited KingdomFranceVietnamChinaRomaniaCanadaIrelandSwedenPortugal British Virgin IslandsTurkeyCzech RepublicLatviaLuxembourgIsrael

Top countries with harmful hostings

The top 20 countries within whose territories are located the malicious hosting services most actively used by cybercriminals:

H1 2013

Source: Kaspersky Security Network: Web Anti-virus: Sept 2013

1 72 3 4 5 6

Threats & Tactics

|

Humans are vulnerable too

|

Spear phishing

Or COO, CTO, CFO, etc.

|

Types of attack

Cyber-weapons:‘Destroyers’Espionage programsCyber-sabotage tools

Targeted attacks

‘Traditional’ cybercrime

|

Company perceptions & disclosure

0

10

20

30

Global IT Security Risks

Kaspersky Lab survey, June 2011

|

Targeted attacks

Some of the victims:• Google• RSA• Lockheed Martin• HBGary• Sony• Comodo• DigiNotar• Saudi Aramco• LinkedIn• Adobe• Syrian Ministry of Foreign Affairs• New York Times

|

Cyber espionageStealing commercial or military secrets

“There’s no such thing as ‘secure’ any more. The most sophisticated adversaries are going to go unnoticed on our networks. We have to build our systems on the assumption that adversaries will get in. We have to, again, assume that all the components of our system are not safe, and make sure we’re adjusting accordingly.”

Debora Plunkett, NSA DirectorQuoted in “NSA Switches to Assuming Security Has Always Been Compromised”

|

Cyber attacks

“… cyber weapons are: a) effective; b) much cheaper than traditional weapons; c) difficult to detect; d) difficult to attribute to a particular attacker …; e) difficult to protect against …; f) can be replicated at no extra cost. What’s more, the seemingly harmless nature of these weapons means their owners have few qualms about unleashing them, with little thought for the consequences.

Eugene KasperskyJune 2012http://eugene.kaspersky.com/2012/06/14/the-flame-that-changed-the-world/

|

Cyber activism

The growing use of the Internet to protest

1 72 3 4 5 6

Cyber weapons?

|

201120122012

2010

Espionage. Sabotage. Cyberwar.

|

Cyber weapons

1 72 3 4 5 6

Solutions

|

Signatures

Heuristics

HIPS

Application control

Device control

Encryption

Whitelisting

Technical Solutions

|

Risk assessment

Establish policies and procedures

Create outbreak

response plan

Deploy appropriate solutions

Define and update patch

policy

Develop staff education

Document the strategy

Non-Technical Solutions

|

Future of cyber….

Profit is still main motivator. We’ll see• More targeted attacks

• More state backed malware• More cyber activism

Cyber defence • Intergovernmental / legal cooperation• Connected devices needing to be secured• Critical Infrastructure security

|

Thank you

Ram Herkanaidu

Education Manager

Kaspersky Lab

[email protected]

Cyber- [.......] Hype or Trend? The drivers behind malware development

Documents

Transcript of Cyber- [.......] Hype or Trend? The drivers behind malware development