2015 Year-in-Review and Predictions for 2016

NICK BILOGORSKIY@belogor

Your speakers today

Nick Bilogorskiy@belogor

Director of Security Research

Shel SharmaProduct Marketing Director

Agenda

o Trends

o Most Wanted of 2015

o Predictions for 2016

o Wrap-up and Q&A

Cyp

ho

rt L

abs

T-sh

irt

Threat Monitoring & Research team

________

24X7 monitoring for malware events

________

Assist customers with their Forensics and Incident Response

We enhance malware detection accuracy

________

False positives/negatives________

Deep-dive research

We work with the security ecosystem

________

Contribute to and learn from malware KB

________

Best of 3rd Party threat data

$445 Billion – Cybercrime cost

Allianz Global Corporate & Specialty

Decline in malware samples

Paradigm shift

Impact of breaches on loyalty

Two-thirds of consumers surveyed are unlikely to shop or do business again with a company that had experienced a breach where financial information was stolen.*Gemalto

Most Wanted of 2015

Jan 27 Feb 10 May 13 June 4 Jul 5 Jul 21 July 30 October Nov Dec

Chrysler hack

OPM breach

Hotel breaches

VENOM

Dridex

Anthembreach

Ransomware

Ashley Madison

HackingTeam

Carbanak

MalDrone

Maldrone

o First malware for drones

o Can drop drones mid-flight

o January 27, 2015

o Rahul Sasi

o First seen: February 2015

o Target: Russia, followed by the United States, Germany, China and Ukraine

o Distribution: targeted phishing emails

o Value Stolen: $1 Billion dollars

o Infected Users: only a thousand private customers

o Actors: China or Russia

Carbanak malware

o Attack started in April 2014

o Disclosed February 10, 2015

o 80 million people affected

Anthem breach

o Discovered in May 2015

o Virtualized Environment Neglected Operations Manipulation

o Flaw in virtual floppy drive code Controller (FDC) in QEMU, an open source hypervisor.

VENOM zero-day vulnerability

o Disclosed June 4, 2015

o 19.7 million people affected

o 5.6 million fingerprints stolen

o Hacked in March 2014

o Suspected Origin: China

OPM breach

• January 2015: US central command twitter hack• April 2015: FAA virus• May 2015: IRS 330,000 accounts• November 2015: FBI Law Enforcement Enterprise Portal

Government breaches in 2015

o Presented at Blackhat 2015 in July 2015

o 1.4m cars recalled

o Full remote hack of Jeep Chrysler cars

Chrysler hack

Chrysler hack

o Made commercial Trojan software for governments

o Hacked on July 5, 2015

o Suspected origin: Phineas Fisher

o 400 gigabytes of data released, including internal e-mails, invoices, and source code.

o Several zero-day exploits were in the leaked archive

HackingTeam

Ashley Madison hack

o July 2015

o The Impact Team

o 32m accounts stolen

o 10GB on BitTorrent

o Caused suicides

o $567m class-action lawsuit

o $500k CAD bounty

o First seen: Nov 2014, new versions through 2015

o Target: North American and European Banks

o Distribution: Spam mails with Word Documents

o Some version use p2p over http for carrying out botnet communication

o Uses web injects to carry out man-in-browser attack

o Uses VNC

Dridex malware

Hotel breaches

Hilton Hotels• August 2015• Hacked twice• Nov-Dec 2014 and

April 21 to July 27, 2015• Customer names, card numbers,

security codes and expiration dates

Starwood Hotels• November 2015• 54 hotels affected, including

Sheraton, Westin, and the W• Just before acquisition by Mariott

Trump Hotels• Disclosed in October 2015• Breached for over a year.• May 2014 to June 2015• 7 hotels affected, in New York,

Miami, Chicago, Hawaii

o More IOT (Internet Of Things) security incidents

Prediction #4

Prediction #1 – Malvertising growth

0 500 1000 1500 2000 2500 3000 3500 4000

2014

2015

Cyphort Labs: Malvertising incidents on the rise

o More attacks on Open Source

o Servers and critical infrastructure based on Unix distributions

o Webservers as entry point to corporate network

o Major flaws in legacy open source software show vulnerability of Linux systems

Prediction #2 – Linux and Open Source attacks

0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% 70.00% 80.00% 90.00%100.00%

On desktop systems

Public servers

Mainframes

Embedded systems

5.00%

36.00%

96.00%

30.00%

Linux use

o Android becomes a serious vector

Prediction #3 - Android

Prediction #4 – IOT threats

http://greendisc.dacya.ucm.es/wp-content/uploads/2014/10/Internet_of_Things.jpg

IOTsecurity attacks

o More IOT (Internet Of Things) security incidents

Prediction #4

Prediction #5 - More attacks on API

Prediction #6 - Political malware attacks

o APT increase, APT TTP adopted by Financial Crimes

Prediction #7 – More APT-style financial crimes

0

20

40

60

80

100

120

2010 2011 2012 2013 2014

917

25

56

109

APT Notes

APT Notes

Source: APTNotes, repository of public Cyber Security APT Reports

Conclusions1. 2015 was an exceptional year for security breaches with attacks on OPM,

Anthem, Ashley Madison and many others.

2. Next year we predict more IOT threats, Malvertising, Linux malware,

Android malware, APT and politically motivated attacks.

3. The best defense is an approach that continuously monitors network

activities and file movements, detects threat activities across threat kill

chain, and correlates observations across the enterprise network

Thank You!Twitter: @belogor

Previous MMW slides at

http://cyphort.com/labs/malwares-wanted/