Cyberthreat Landscape 2010-2011
description
Transcript of Cyberthreat Landscape 2010-2011
![Page 1: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/1.jpg)
Cyberthreat Landscape 2010-2011Cyberthreat Landscape 2010-2011
Outcomes, Trends and ForecastsOutcomes, Trends and Forecasts
![Page 2: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/2.jpg)
Cyberthreat LandscapeCyberthreat LandscapeVisualize 2010 Trends, Review What is Behind Us, and Look ForwardVisualize 2010 Trends, Review What is Behind Us, and Look Forward
2010 by the Numbers
Outcomes for 2010
Forecasts 2011
![Page 3: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/3.jpg)
2010 by the NumbersOverall Attacks Increase
| 11 February 2011PAGE 3 | Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
134,814,015
30,075,005
1,906,039,380
+1400%
Source: Kaspersky Lab
![Page 4: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/4.jpg)
2010 by the NumbersWeb Attacks Increase
| 11 February 2011PAGE 4 | Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
+ 800%
Source: Kaspersky Lab
![Page 5: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/5.jpg)
2010 by the NumbersStrength in the Cloud and Heuristics
| 11 February 2011PAGE 5 | Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
75%
95%
Source: Kaspersky Lab
![Page 6: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/6.jpg)
2010 by the Numbers2010 Kaspersky Security Network
| 11 February 2011PAGE 6 | Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
Kaspersky Security Network (KSN)
Cloud Based Services
Malware, Spam Detection
Voluntary Data Collection
KSN 2010 Malware Statistics
Overall Detections
Web Attacks, Sources
![Page 7: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/7.jpg)
2010 by the Numbers
| 11 February 2011PAGE 7 | Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
Where Is the Malware?
Source: Kaspersky Lab
![Page 8: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/8.jpg)
Cyberthreat LandscapeCyberthreat Landscape2010 Outcomes2010 Outcomes
Exploitation 2010 – A Year of Vulnerability
Targeted Attacks
The New Stuxnet Era
Digital Certificates and (dis)Trust
Mobile Malware
The Calm Before the Storm
2009 Predictions for 2010 - Outcomes
![Page 9: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/9.jpg)
Attack Techniques, Sources and Monetization
• Spread Techniques
• Automated Exploitation Systems, Ready-Made Exploit Packs
• Monetization
2010 OutcomesWeb Attacks Increase – What and How?
| 11 February 2011PAGE 9 | Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
![Page 10: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/10.jpg)
PAGE 10 |
2010 OutcomesExploitation 2010 - A Year of Microsoft Vulnerabilities
| 11 February 2011Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
Malcrafted HCP Url
IE6 Aurora Disclosure IE Peers 0day
4 0day Stuxnet Itw
IE Use-after-free 0day
Source: Microsoft Security Bulletins
![Page 11: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/11.jpg)
PAGE 11 |
2010 OutcomesExploitation 2010 - A Year of Adobe Reader Vulnerabilities
| 11 February 2011Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
Targeted emails – libTIFF attacks
PEK delivers libTIFF with ROP
Cooltype.dll SING TTFtargeted emails
Source: Microsoft Security Bulletins
![Page 12: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/12.jpg)
PAGE 12 |
2010 OutcomesExploitation 2010 - A Year of Oracle-Sun Java Vulnerabilities
| 11 February 2011Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
Java RMIConnectionImplITW
Java Trusted Method Chain ITW
Source: Microsoft Security Bulletins
![Page 13: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/13.jpg)
PAGE 13 |
2010 OutcomesExploitation 2010 - A Year of Vulnerabilities
| 11 February 2011Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
#1. Internet Explorer
#2. Adobe Reader
#3. Oracle Sun Java
Source: Kaspersky Lab
![Page 14: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/14.jpg)
2010 OutcomesAttacking Commerce and Industry
Operation Aurora
• Commercial Targets
– 30+ Multinational Corporations (non-governmental entities)
» Google, Yahoo, Symantec, Adobe, Northrop Grumman, Dow Chemical, etc
– Determined Coordination – Holiday Timing
– Access and Obtain Source Code on Misconfigured/Insecure Perforce Servers - Authentication Systems, Sensitive Communications
Stuxnet
• Development and Deployment Sophistication• Unmatched Precision Targeting PLC’s
– First public industrial cyber-sabotage incident
| 11 February 2011PAGE 14 |Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
![Page 15: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/15.jpg)
Calm Before the Storm 2010Cloud Computing Quietly Attracts Cyberattacks
The Low Rumble of Cloud Computing
• Legitimate adoption
• Crooked adoption
| 11 February 2011PAGE 15 |Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
![Page 16: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/16.jpg)
Calm Before the Storm 2010Cloud Computing Quietly Attracts Cyberattacks
2010 Anti-Cloud Activity
• Attacking legitimate cloud services
• Attacking cloud related client components
| 11 February 2011PAGE 16 |Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
![Page 17: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/17.jpg)
2010 OutcomesDigital (mis)Trust
Shaky Foundation of Trust
• Successful Cybercriminal Access and Use
• Potential Certificate “Authority” Subversion
• Key Theft
– Stuxnet
– Zeus, SpyEye
• Certificate Cutting
| 11 February 2011PAGE 17 |Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
![Page 18: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/18.jpg)
2010 OutcomesMobile Malware – Android and iPhone
Android Popularity Skyrockets
• New Exploits - Kernel Problems and Coverity’s 88 Highly Critical Vulnerabilities• Exploit and Shellcode Development – Defcon 18 Demo• SMS Trojans and Spyware
Android Sideloading and iPhone jail-breaking
iPwned and Market
• Both Closed and Open Models at Risk
| 11 February 2011PAGE 18 |Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
![Page 19: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/19.jpg)
2010 Outcomes Sensitive Data Accessible and Exposed
Network Concerns, Plain Text and Incidents
• BGP Tables and Plain Text Transmissions• Firesheep Firefox Session Hijack Plug-in
Data Leaks and Breaches
• Wikileaks Data Leaks• Numerous Breaches
– Physical Losses
– Hacked Servers/Malware
– Social Engineering
| 11 February 2011PAGE 19 |Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
![Page 20: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/20.jpg)
2010 Outcomes2010 Prediction Results from 2009
An increase in the number of attacks via P2P networks
Correct!
Competition for traffic
Correct!
Malware epidemics and increasing complexity of malicious programs
Correct!
Decreasing global numbers of Rogue AV
Correct!(?)
Attacks on and via Google Wave
Incorrect!
Attacks on iPhone and Android devices
Partially Correct!
| 11 February 2011PAGE 20 |Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
![Page 21: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/21.jpg)
Cyberthreat LandscapeCyberthreat Landscape2011 Forecasts2011 Forecasts
Steal Everything
![Page 22: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/22.jpg)
Four phenomena to watch in 2011
Methods
• Client side exploits• Mobile platforms, especially Android• Social networks
New Organizers
• New Markets and Buyers• Unlikely immediate impact on average user
Spyware 2.0 and New Aims
• Steal Everything• Acquisition of someone or something’s complete profile and behavior• Similarity to social networks and advertisers collection
| 11 February 2011PAGE 22 |Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
2011 ForecastsWhat to Watch 2011
![Page 23: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/23.jpg)
2011 Forecasts
New generation of better organized, more malevolent malware writers
Malware attacks target information and data for immediate financial gain
Personally identifying information becomes the target of the new breed of cybercriminals and another source of income for those already in the game
Spyware 2.0 emerges, a new class of malware that steals users’ personal data (identity theft) plus any other type of data it can find
Spyware 2.0 becomes a popular tool for both new and old players alike
An increasing number of attacks on corporate users by traditional cybercriminals and the gradual decline in direct attacks on everyday users
Mobile devices and cloud services become increasingly targeted platforms
Exploiting vulnerabilities remains the principal method of carrying out attacks and a significant increase in the scope and speed with which they are used
| 11 February 2011PAGE 23 |Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts"
Precise Methods, New Organizers, New Aims
![Page 24: Cyberthreat Landscape 2010-2011](https://reader034.fdocuments.net/reader034/viewer/2022051419/568159a3550346895dc6fb80/html5/thumbnails/24.jpg)
Thank YouThank You
Kurt Baumgartner, Senior Security Researcher, Kaspersky LabKaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts”
Moscow, February 10-13, 2011
Kurt Baumgartner, Senior Security Researcher, Kaspersky LabKaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts”
Moscow, February 10-13, 2011
Cyberthreat Landscape 2010-2011Cyberthreat Landscape 2010-2011Outcomes, Trends and ForecastsOutcomes, Trends and Forecasts