An Analysis of Perspect ives in Cyber Secur i ty

Vadim Pogul ievsky

July 2017

Protecting Institutional Data

in a Digitally Connected World

About me

• Vadim Pogulievsky

• Security Expert

• Building Cyber Security

products for last 15 years

• Led Cyber Security Research

teams for Finjan, McAfee,

Verint and few others

• This is my first time in Nigeria

• Few boring definitions

• A bit of History

• What is APT?

• Attacker’s motivation• Hacktivizm

• Cyber Crime

• Cyber Warfare

• Real Life attack examples

• What to expect next?

Agenda

Cyber News

An attempt to damage, disrupt, or gain unauthorized

access to a computer, computer system, or electronic

communications network.

Cyber-Attack

Hackera person who circumvents security and breaks into a

Computer/Network usually with malicious intent

Who is behind it?

• MALWARE - The word comes from the term

"MALicious softWARE.“

• Malware is any software that infects and/or

damages a computer system without the owner's

knowledge or permission.

Hacker’s arsenal

MalwareViruses

Trojans

Rootkits Worms

Spyware

Adware

History Malware1971 Creeper Virus

1982 Elk Cloner

1986 Brain Virus

1991 Michelangelo Virus

1999 Melissa Virus

2000 ILOVEYOU

2003 SQL Slammer

2005 Commwarrior-A

2005 Koobface

2008 Conficker

2010 Stuxnet

2013 CryptoLocker

2014 Regin

2016 Mirai

2017 WannaCry

2017 NotPetya

Advanced Persistent Threats (APT)

“Advanced"

signifies sophisticated techniques

“Persistent

suggests that a victim

is continuously monitored

“Threat”

indicates human involvement

in orchestrating an attack

Attack Motivation

Hacktivizm Cyber CrimeCyber

Warfare

Motivation - Hacktivism

• Why? “Because I can..”, Ideological reasons

• Attackers? Individuals, “script kiddies” or small hackers

groups.

• Targets? Ideological opponents or anyone else..

• Technique? DoS, Web sites attacks (admin panel takeover,

defacements, etc)

• Tools? Mostly basic, common, free

• How Much? 10-15 years ago it was a mainstream, now – less,

but still can be painful

• Example

Hacktivism Anonymous

We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us

• #OpTrump

• #OpKillingBay

• #OpWhales

• #OpIsrael

• #OpAfrica

Hacktivism The Shadow Brokers• Equation Group Cyber

Weapons Auction – Invitation

• Message #5 - TrickOrTreat

• Message #6 - BLACK FRIDAY /

CYBER MONDAY SALE

• Don't Forget Your Base

• Lost in Translation

Motivation - Cyber Crime• Why? Money

• Attackers? It’s an entire industry. Cyber criminals.

• Targets? Companies, Individuals

• Attack Types? CC Stealers, Bank account compromise, Ransom

• Technique? Social engineering, Botnets, Point-of-Sale, DDoS

• Tools? Professional level: Exploit Kits, Financial/PoS/Crypters

malwares, DDoS tools/malware

• How Much? A lot! All the time! This is the main danger in the Internet

for last 8-10 years.

• Example

Cybercrime Angler Exploit Kit

“Angler activity that they observed

and is likely generating more than $30 million annually”

– Cisco

Cybercrime – Ransomware

“Group Behind CryptoWall 3.0 Made $325 Million”

Motivation - Cyber Warfare• Why? Political reasons, Technology, War

• Attackers? Governments (by Military Cyber units)

• Targets? Industry, Critical Infrastructure, Governments

• Attack types? APTs

• Technique? Combined targeted attack that includes any

available attack vector

• Tools? Specially developed, 0-day exploits, unique malware

• How Much? It’s just a beginning..

• Example?

STUXNET June 2010

UKRAINE'S power grid attack Dec’15

What is up to come next?

Even more ransomware

More SCADA attacks

IOT involved attacks

What is next? More Ransomware

• Global ransomware damages are predicted to exceed $5 billion in 2017

• Number of ransom malwares will continue to grow

• Targeted Ransomware campaigns

• Increased sophistication

• ICS – Industrial Control Systems

• According to IBM: “Attacks targeting Industrial

Control Systems increased over 110% in 2016”

• Outdated protocols, lack of security awareness

What is next? More ICS attacks

What is next? IOT Malware on rise

• IOT – Internet Of Things

• 6.4 billion connected things at 2017

Forecasting over 20 billion IoT devices by 2020

• IOT botnets - number of devices that can enslave

Questions?

Glossary• Threat - A potential for violation of security.

• Vulnerability - A flaw that allows someone to operate a computer

system with authorization levels in excess of that which the system

owner specifically granted.

• Exploit - a piece of software, a chunk of data, or a sequence of

commands that takes advantage of a bug, glitch or vulnerability

• APT - is a set of stealthy and continuous computer

hacking processes, often orchestrated by human(s) targeting a

specific entity. APT usually targets organizations and or nations for

business or political motives.

• Malware - Malicious software that compromises computers or networks with the intention of disrupting their intended functions or operations. Examples of malware include trojans, worms, viruses, backdoors, etc.

• 0-day attack/exploit - A cyberattack that uses previously unknown coding

(malware, etc.) or exploits a previously unknown security vulnerability.

• Botnet - A network of computers that have been penetrated, compromised, and programmed to operate on the commands of an unauthorized remote user, usually without the knowledge of their owners or operators.

• Data breach - The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.

Glossary