Most notable apt_ attacks_of_2015_and_2016 predictions

download

of 34

  • date post

    22-Jan-2018
  • Category

    Technology
  • view

    792
  • download

    5

Embed Size (px)

transcript

  1. 1. 2015 Year-in-Review and Predictions for 2016 NICK BILOGORSKIY @belogor
  2. 2. Your speakers today Nick Bilogorskiy @belogor Director of Security Research Shel Sharma Product Marketing Director
  3. 3. Agenda o Trends o Most Wanted of 2015 o Predictions for 2016 o Wrap-up and Q&A CyphortLabsT-shirt
  4. 4. Threat Monitoring & Research team ________ 24X7 monitoring for malware events ________ Assist customers with their Forensics and Incident Response We enhance malware detection accuracy ________ False positives/negatives ________ Deep-dive research We work with the security ecosystem ________ Contribute to and learn from malware KB ________ Best of 3rd Party threat data
  5. 5. $445 Billion Cybercrime cost Allianz Global Corporate & Specialty
  6. 6. Decline in malware samples
  7. 7. Paradigm shift
  8. 8. Impact of breaches on loyalty Two-thirds of consumers surveyed are unlikely to shop or do business again with a company that had experienced a breach where financial information was stolen. *Gemalto
  9. 9. Most Wanted of 2015 Jan 27 Feb 10 May 13 June 4 Jul 5 Jul 21 July 30 October Nov Dec Chrysler hack OPM breach Hotel breaches VENOM Dridex Anthem breach Ransomware Ashley Madison Hacking Team Carbanak MalDrone
  10. 10. Maldrone o First malware for drones o Can drop drones mid-flight o January 27, 2015 o Rahul Sasi
  11. 11. o First seen: February 2015 o Target: Russia, followed by the United States, Germany, China and Ukraine o Distribution: targeted phishing emails o Value Stolen: $1 Billion dollars o Infected Users: only a thousand private customers o Actors: China or Russia Carbanak malware
  12. 12. o Attack started in April 2014 o Disclosed February 10, 2015 o 80 million people affected Anthem breach
  13. 13. o Discovered in May 2015 o Virtualized Environment Neglected Operations Manipulation o Flaw in virtual floppy drive code Controller (FDC) in QEMU, an open source hypervisor. VENOM zero-day vulnerability
  14. 14. o Disclosed June 4, 2015 o 19.7 million people affected o 5.6 million fingerprints stolen o Hacked in March 2014 o Suspected Origin: China OPM breach
  15. 15. January 2015: US central command twitter hack April 2015: FAA virus May 2015: IRS 330,000 accounts November 2015: FBI Law Enforcement Enterprise Portal Government breaches in 2015
  16. 16. o Presented at Blackhat 2015 in July 2015 o 1.4m cars recalled o Full remote hack of Jeep Chrysler cars Chrysler hack
  17. 17. Chrysler hack
  18. 18. o Made commercial Trojan software for governments o Hacked on July 5, 2015 o Suspected origin: Phineas Fisher o 400 gigabytes of data released, including internal e-mails, invoices, and source code. o Several zero-day exploits were in the leaked archive HackingTeam
  19. 19. Ashley Madison hack o July 2015 o The Impact Team o 32m accounts stolen o 10GB on BitTorrent o Caused suicides o $567m class-action lawsuit o $500k CAD bounty
  20. 20. o First seen: Nov 2014, new versions through 2015 o Target: North American and European Banks o Distribution: Spam mails with Word Documents o Some version use p2p over http for carrying out botnet communication o Uses web injects to carry out man-in- browser attack o Uses VNC Dridex malware
  21. 21. Hotel breaches Hilton Hotels August 2015 Hacked twice Nov-Dec 2014 and April 21 to July 27, 2015 Customer names, card numbers, security codes and expiration dates Starwood Hotels November 2015 54 hotels affected, including Sheraton, Westin, and the W Just before acquisition by Mariott Trump Hotels Disclosed in October 2015 Breached for over a year. May 2014 to June 2015 7 hotels affected, in New York, Miami, Chicago, Hawaii
  22. 22. o More IOT (Internet Of Things) security incidents Prediction #4
  23. 23. Prediction #1 Malvertising growth 0 500 1000 1500 2000 2500 3000 3500 4000 2014 2015 Cyphort Labs: Malvertising incidents on the rise
  24. 24. o More attacks on Open Source o Servers and critical infrastructure based on Unix distributions o Webservers as entry point to corporate network o Major flaws in legacy open source software show vulnerability of Linux systems Prediction #2 Linux and Open Source attacks 0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% 70.00% 80.00% 90.00%100.00% On desktop systems Public servers Mainframes Embedded systems 5.00% 36.00% 96.00% 30.00% Linux use
  25. 25. o Android becomes a serious vector Prediction #3 - Android
  26. 26. Prediction #4 IOT threats http://greendisc.dacya.ucm.es/wp-content/uploads/2014/10/Internet_of_Things.jpg IOT security attacks
  27. 27. o More IOT (Internet Of Things) security incidents Prediction #4
  28. 28. Prediction #5 - More attacks on API
  29. 29. Prediction #6 - Political malware attacks
  30. 30. o APT increase, APT TTP adopted by Financial Crimes Prediction #7 More APT-style financial crimes 0 20 40 60 80 100 120 2010 2011 2012 2013 2014 9 17 25 56 109 APT Notes APT Notes Source: APTNotes, repository of public Cyber Security APT Reports
  31. 31. Conclusions 1. 2015 was an exceptional year for security breaches with attacks on OPM, Anthem, Ashley Madison and many others. 2. Next year we predict more IOT threats, Malvertising, Linux malware, Android malware, APT and politically motivated attacks. 3. The best defense is an approach that continuously monitors network activities and file movements, detects threat activities across threat kill chain, and correlates observations across the enterprise network
  32. 32. Thank You! Twitter: @belogor Previous MMW slides at http://cyphort.com/labs/ malwares-wanted/