Most notable apt_ attacks_of_2015_and_2016 predictions
-
Upload
cyphort -
Category
Technology
-
view
794 -
download
6
Transcript of Most notable apt_ attacks_of_2015_and_2016 predictions
Your speakers today
Nick Bilogorskiy@belogor
Director of Security Research
Shel SharmaProduct Marketing Director
Agenda
o Trends
o Most Wanted of 2015
o Predictions for 2016
o Wrap-up and Q&A
Cyp
ho
rt L
abs
T-sh
irt
Threat Monitoring & Research team
________
24X7 monitoring for malware events
________
Assist customers with their Forensics and Incident Response
We enhance malware detection accuracy
________
False positives/negatives________
Deep-dive research
We work with the security ecosystem
________
Contribute to and learn from malware KB
________
Best of 3rd Party threat data
Impact of breaches on loyalty
Two-thirds of consumers surveyed are unlikely to shop or do business again with a company that had experienced a breach where financial information was stolen.*Gemalto
Most Wanted of 2015
Jan 27 Feb 10 May 13 June 4 Jul 5 Jul 21 July 30 October Nov Dec
Chrysler hack
OPM breach
Hotel breaches
VENOM
Dridex
Anthembreach
Ransomware
Ashley Madison
HackingTeam
Carbanak
MalDrone
o First seen: February 2015
o Target: Russia, followed by the United States, Germany, China and Ukraine
o Distribution: targeted phishing emails
o Value Stolen: $1 Billion dollars
o Infected Users: only a thousand private customers
o Actors: China or Russia
Carbanak malware
o Attack started in April 2014
o Disclosed February 10, 2015
o 80 million people affected
Anthem breach
o Discovered in May 2015
o Virtualized Environment Neglected Operations Manipulation
o Flaw in virtual floppy drive code Controller (FDC) in QEMU, an open source hypervisor.
VENOM zero-day vulnerability
o Disclosed June 4, 2015
o 19.7 million people affected
o 5.6 million fingerprints stolen
o Hacked in March 2014
o Suspected Origin: China
OPM breach
• January 2015: US central command twitter hack• April 2015: FAA virus• May 2015: IRS 330,000 accounts• November 2015: FBI Law Enforcement Enterprise Portal
Government breaches in 2015
o Presented at Blackhat 2015 in July 2015
o 1.4m cars recalled
o Full remote hack of Jeep Chrysler cars
Chrysler hack
o Made commercial Trojan software for governments
o Hacked on July 5, 2015
o Suspected origin: Phineas Fisher
o 400 gigabytes of data released, including internal e-mails, invoices, and source code.
o Several zero-day exploits were in the leaked archive
HackingTeam
Ashley Madison hack
o July 2015
o The Impact Team
o 32m accounts stolen
o 10GB on BitTorrent
o Caused suicides
o $567m class-action lawsuit
o $500k CAD bounty
o First seen: Nov 2014, new versions through 2015
o Target: North American and European Banks
o Distribution: Spam mails with Word Documents
o Some version use p2p over http for carrying out botnet communication
o Uses web injects to carry out man-in-browser attack
o Uses VNC
Dridex malware
Hotel breaches
Hilton Hotels• August 2015• Hacked twice• Nov-Dec 2014 and
April 21 to July 27, 2015• Customer names, card numbers,
security codes and expiration dates
Starwood Hotels• November 2015• 54 hotels affected, including
Sheraton, Westin, and the W• Just before acquisition by Mariott
Trump Hotels• Disclosed in October 2015• Breached for over a year.• May 2014 to June 2015• 7 hotels affected, in New York,
Miami, Chicago, Hawaii
Prediction #1 – Malvertising growth
0 500 1000 1500 2000 2500 3000 3500 4000
2014
2015
Cyphort Labs: Malvertising incidents on the rise
o More attacks on Open Source
o Servers and critical infrastructure based on Unix distributions
o Webservers as entry point to corporate network
o Major flaws in legacy open source software show vulnerability of Linux systems
Prediction #2 – Linux and Open Source attacks
0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% 70.00% 80.00% 90.00%100.00%
On desktop systems
Public servers
Mainframes
Embedded systems
5.00%
36.00%
96.00%
30.00%
Linux use
Prediction #4 – IOT threats
http://greendisc.dacya.ucm.es/wp-content/uploads/2014/10/Internet_of_Things.jpg
IOTsecurity attacks
o APT increase, APT TTP adopted by Financial Crimes
Prediction #7 – More APT-style financial crimes
0
20
40
60
80
100
120
2010 2011 2012 2013 2014
917
25
56
109
APT Notes
APT Notes
Source: APTNotes, repository of public Cyber Security APT Reports
Conclusions1. 2015 was an exceptional year for security breaches with attacks on OPM,
Anthem, Ashley Madison and many others.
2. Next year we predict more IOT threats, Malvertising, Linux malware,
Android malware, APT and politically motivated attacks.
3. The best defense is an approach that continuously monitors network
activities and file movements, detects threat activities across threat kill
chain, and correlates observations across the enterprise network