DOCSLIB.ORG

Navigating the Threat Landscape | Ten Tips | Kaspersky

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

NAVIGATING THE THREAT LANDSCAPE A practical guide David Emm, Principal Security Researcher Global Research & Analysis Team, Kaspersky Lab www.kaspersky.com/business #SecureBiz Contents Chapter 1 The evolution of malware 3 Chapter 2 How malware spreads 9 Chapter 3 Malware: on the move as much as you are 12 Chapter 4 A new era of targeted attacks 14 Chapter 5 The human factor in security 15 Chapter 6 Anti-malware technologies 16 Chapter 7 Top tips for creating security awareness in your organization 19 About the author David Emm, Principal Security Researcher Global Research & Analysis Team (GReAT) David Emm is Principal Security Researcher at Kaspersky Lab, a provider of security and threat management solutions. He has been with Kaspersky Lab since 2004 and is currently part of the company’s Global Research & Analysis Team. He has worked in the anti-malware industry since 1990 in a variety of roles, including Senior Technology Consultant at Dr Solomon’s Software, and Systems Engineer and Product Manager at McAfee. In his current role, David regularly delivers presentations on malware and other IT threats at exhibitions and events, highlighting what organizations and consumers can do to stay safe online. He also provides comment to broadcast and media on the ever-changing cybersecurity and threat landscape. David has a strong interest in malware, ID theft and the security industry in general. He is a knowledgeable advisor on all aspects of online security. 2 Chapter 1: The evolution of malware It’s over 25 years since the first PC viruses appeared. Since then the nature of the threat has changed significantly and today the threats are more complex than ever before. In recent years, the Kaspersky Lab Global IT Risks Security concerns around these developments continue Survey has highlighted changes in working practices, to figure highly in the survey and, unsurprisingly, the all of which have had a significant impact on corporate 2015 results highlight that ‘preventing and dealing security. These include growing mobility and the with security breaches is a primary concern for 50% trend towards BYOD; the storage of business data of companies1 and guarding against cyberthreats is in the cloud; the increased use of virtualized systems; the top security priority for 27% of companies’.2 and the widespread use of social media at work. Dealing with security breaches is a primary concern for 50% of companies.1 TOP CONCERNS OF THE IT FUNCTION1 Dealing with security breaches, understanding new technologies and managing changes to IT systems are the primary concerns. Security breaches are a concern to companies of all sizes. By size Preventing/dealing with IT security breaches 50% Understanding the full range of new technologies E (1500+) 54% that are available and how to use them 44% Managing change in IT systems and infrastructure 42% MB (250-1499) 50% Making decisions about future IT investments 37% SB (50-249) 48% Dealing with cost constraints/limited budgets 31% VSB (1-49) 46% Training users how to use IT systems 26% Planning for and recovering from failure 22% or destruction of IT infrastructure Dealing with mobile working patterns and bring-your-own-device (BYOD) 18% Complying with industry regulations and standards 16% Managing wide range of different IT suppliers/product and service vendors 15% 1: Kaspersky Lab Global IT Risks Security Survey 2015 2: Kaspersky Lab Global IT Risks Security Survey 2015 3 COMPANY IT SECURITY PRIORITIES FOR THE NEXT 12 MONTHS2 Guarding against cyberthreats is now the top priority (previously third), supplanting preventing data leaks. Guarding against external cyberthreats such as malware 27% Fraud prevention 27% Preventing data leaks 25% Continuity of service of business-crtical systems 25% Security of cloud infrastructure (public and private) 22% Security of mobile/portable computing devices 21% Physical security of critical business systems 21% Eliminating vulnerabilities in existing systems 19% Security of virtualized infrastructure 19% Information security training provided to employees 19% Enhancing disaster recovery measures/planning 17% Compliance with industry/regulatory requirements 15% Improving response to information security incidents 14% Leveraging cloud-based or managed security services 13% Protecting against DDoS (distributed denial of service) attacks 12% Increasing in scale, increasing in severity The interconnected world means that attacks can be webpages, or download by a Trojan installed on an launched on victim’s devices very quickly, and as widely infected computer. or selectively as the malware authors and criminal underground sponsors require. The scale of the problem has also continued to increase. The number of new malware samples discovered daily Malicious code can be embedded in an email, injected by Kaspersky Lab runs into hundreds of thousands. into fake software packs, placed on ‘grey-zone’ 2: Kaspersky Lab Global IT Risks Security Survey 2015 4 A problem of perception In the past 12 months 90% of companies experienced But there’s a misconception that malware belongs some form of external attack and 46% of companies on its own, in a discrete category. In fact, malware reported an increase in the number of attacks3, although forms an essential component of many cyberattacks there is a perception that there were fewer instances and remains the most numerous and dangerous of data theft and obvious malware events in 2015. threat to IT security. Targeted attacks, cyberespionage, phishing attacks and more, all incorporate malware. So it’s not that malware attacks are declining, but that they may not be perceived as malware attacks. 90% of companies had experienced some form of external incident.3 EXTERNAL THREATS EXPERIENCED3 90% of companies had experienced some form of external incident. Fewer instances of theft and ‘obvious’ malware events in 2015 compared to previous waves. 65% 63% 61% 61% 59% 58% 57% 55% 54% 53% 40% 36% 36% 35% 33% 26% 28% 24% 24% 23% 22% 21% 20% 20% 19% 19% 18% 18% 15% 13% Spam Viruses, worms, Phishing attacks Network intrusion/ Denial-of-service Theft of mobile spyware and hacking (DoS), Distributed devices by external othe malicious denial-of-service party programs attacks (DDoS) Especially Especially IT, Education Financial services & Govt. 17% 16% 16% 13% 13% 13% 12% 11% 9% 9% 8% 7% 4% 4% 4% 3% 1% 1% Cyberespionage Theft of larger Targeted attacks aimed Criminal damage Point-of-sale (POS) Attacks on ATMs hardware specifically at our systems intrusion Especially organization/brand Manufacturing 5% among Especially Telecoms consumer services firms 2011 (n=1715) 2012 (n=2938) 2013 (n=2164) 2014 (n=2943) 2015 (n=3580) Significantly lower YOY 3: Kaspersky Lab Global IT Risks Security Survey 2015 5 From cyber-vandalism to cybercrime Until around 2003, viruses and other types of malware After 2003, the threat landscape changed. Much were largely isolated acts of computer vandalism – of today’s malware is purpose-built to hijack computers ‘anti-social self-expression’ using hi-tech means. and make money illegally. As a result, the threats Most viruses confined themselves to infecting other businesses now face have become significantly more disks or programs. complex. IT administrators have a lot more to contend with – there are more types of threats to protect against and the damage they cause is likely to be financial, not just ‘IT down-time’. 1 in 3 companies who’ve experienced a data breach event suffered temporary loss of ability to trade and typical direct costs incurred from a serious event are $38k for SMBs and $551k for enterprises.4 ESTIMATED DIRECT COSTS INCURRED RESULTING FROM ANY SERIOUS DATA LOSS INCIDENT4 Although not every expense is incurred by every business, we can nonetheless estimate a typical loss taking into account the likelihood of an organization incurring each expense. SMB Enterprise Potential cost Proportion of Potential cost Proportion of If experienced business incurring If experienced business incurring this expense this expense Professional Professional Services 88% Services 88% $11k $84k ‘Typical’ damage ‘Typical’ damage to SMBs from to enterprises from + a serious event + a serious event Lost business Lost business opportunities 32% $38k opportunities 29% $551k $16k $203k + + 2014 $33K 2014 $636K 2013 $36K 2013 $566K Down-time Down-time 34% 30% $66k $1.4m Each potential cost is multiplied by the likelihood to experience that cost then summed to find the expected overall ‘typical’ costs. 4: Kaspersky Lab Global IT Risks Security Survey 2015 6 New motives, new tactics The change in motive also brought about a change The main reason for the change is that attacks now in tactics. There was a decline in the number of global have criminal intent and look to steal confidential epidemics – designed to spread malware as far and as data, which can then be processed and used. Where quickly as possible. Attacks have become more focused. millions of victim machines are involved, detection is more likely and it creates a huge logistical operation. Therefore, malicious code authors now prefer to focus their attacks. Malicious code authors now prefer to focus their attacks. The rise of the Trojan Trojans are the most common type of malware today. They can be used to spy on victims. They can be used They are categorized according to their function: the to install additional malware to suit the needs of the most common include backdoors, password stealers, attackers. They can be used in DDoS (Distributed downloaders, and banking Trojans. Denial of Service) attacks on organizations: such attacks seek to extort money from organizations, using They are used to steal confidential information a ‘demonstration’ DDoS attack to give the victim a taste (username, password, PIN, etc.) for bank fraud. of what will happen if they don’t pay up. Holding you to ransom In recent years, there has also been a steady growth While anti-malware can detect ransomware, it may not in ‘ransomware’.
Recommended publications
  • A Systematic Empirical Analysis of Unwanted Software Abuse, Prevalence, Distribution, and Economics

    A Systematic Empirical Analysis of Unwanted Software Abuse, Prevalence, Distribution, and Economics

    UNIVERSIDAD POLITECNICA´ DE MADRID ESCUELA TECNICA´ SUPERIOR DE INGENIEROS INFORMATICOS´ A Systematic Empirical Analysis of Unwanted Software Abuse, Prevalence, Distribution, and Economics PH.D THESIS Platon Pantelis Kotzias Copyright c 2019 by Platon Pantelis Kotzias iv DEPARTAMENTAMENTO DE LENGUAJES Y SISTEMAS INFORMATICOS´ E INGENIERIA DE SOFTWARE ESCUELA TECNICA´ SUPERIOR DE INGENIEROS INFORMATICOS´ A Systematic Empirical Analysis of Unwanted Software Abuse, Prevalence, Distribution, and Economics SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF: Doctor of Philosophy in Software, Systems and Computing Author: Platon Pantelis Kotzias Advisor: Dr. Juan Caballero April 2019 Chair/Presidente: Marc Dasier, Professor and Department Head, EURECOM, France Secretary/Secretario: Dario Fiore, Assistant Research Professor, IMDEA Software Institute, Spain Member/Vocal: Narseo Vallina-Rodriguez, Assistant Research Professor, IMDEA Networks Institute, Spain Member/Vocal: Juan Tapiador, Associate Professor, Universidad Carlos III, Spain Member/Vocal: Igor Santos, Associate Research Professor, Universidad de Deusto, Spain Abstract of the Dissertation Potentially unwanted programs (PUP) are a category of undesirable software that, while not outright malicious, can pose significant risks to users’ security and privacy. There exist indications that PUP prominence has quickly increased over the last years, but the prevalence of PUP on both consumer and enterprise hosts remains unknown. Moreover, many important aspects of PUP such as distribution vectors, code signing abuse, and economics also remain unknown. In this thesis, we empirically and sys- tematically analyze in both breadth and depth PUP abuse, prevalence, distribution, and economics. We make the following four contributions. First, we perform a systematic study on the abuse of Windows Authenticode code signing by PUP and malware.
  • What You Should Know About Kaspersky

    What You Should Know About Kaspersky

    What you should know Proven. Transparent. about Kaspersky Lab Independent. Fighting for your digital freedom Your data and privacy are under attack by cybercriminals and spy agencies, so you need a partner who is not afraid of standing beside you to protect what matters to you most. For over 20 years, Kaspersky Lab has been catching all kinds of cyberthreats. No matter whether they come from script kiddies, cybercriminals or governments, or from the north, south, east or west. We believe the online world should be free from attack and state-sponsored espionage, and will continue fighting for a truly free and safe digital world. Proven Transparent Independent Kaspersky Lab routinely scores the highest We are totally transparent and are making As a private company, we are independent marks in independent ratings and surveys. it even easier to understand what we do: from short term business considerations and institutional influence. • Measured alongside more than 100 other • Independent review of the company’s well-known vendors in the industry source code, software updates and We share our expertise, knowledge • 72 first places in 86 tests in 2017 threat detection rules and technical findings with the world’s • Top 3 ranking* in 91% of all product tests • Independent review of internal security community, IT security vendors, • In 2017, Kaspersky Lab received processes international organizations, and law Platinum Status for Gartner’s Peer • Three transparency centers by 2020 enforcement agencies. Insight** Customer Choice Award 2017, • Increased bug bounty rewards with up in the Endpoint Protection Platforms to $100K per discovered vulnerability Our research team is spread across the market world and includes some of the most renowned security experts in the world.
  • NAVIGATING the CYBERSECURITY STORM

    NAVIGATING the CYBERSECURITY STORM

    NAVIGATING the CYBERSECURITY STORM A Guide for Directors and Officers BY PAUL A. FERRILLO EDITED BY BILL BROWN published by sponsored by sponsored by 1 © 2015 by Paul A. Ferrillo. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any other information storage or retrieval system without prior written permission. To use the information contained in this book for a greater purpose or application, contact Paul A. Ferrillo via [email protected] 2 Is your company protected from the Internet of RiskSM? With CyberEdge® cyber insurance solutions you can enjoy the Business Opportunity of Things. 20 billion objects are connected to the Internet, what everyone is calling the Internet of Things. This hyperconnectivity opens the door both to the future of things, and to greater network vulnerabilities. CyberEdge end-to-end cyber risk management solutions are designed to protect your company from this new level of risk. So that you can turn the Internet of Things into the next big business opportunity. To learn more and download the free CyberEdge Mobile App, visit www.AIG.com/CyberEdge Insurance, products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Insurance and services may not be available in all jurisdictions, and coverage is subject to actual policy language. For additional information, please visit our website at www.AIG.com. ABOUT PAUL A. FERRILLO Paul Ferrillo is counsel in Weil’s Litigation Department, where he focuses on complex securities and business litigation, and internal investigations.
  • What You Should Know About Kaspersky 3 About Kaspersky

    What You Should Know About Kaspersky 3 About Kaspersky

    What You Should Know Proven. Transparent. About Kaspersky Independent. Fighting for Your Digital Freedom Your data and privacy are under attack by cybercriminals and spy agencies, so you need a partner who is not afraid of standing beside you to protect what matters to you most. For over 20 years, Kaspersky has been catching all kinds of cyberthreats. No matter whether they come from script kiddies, cybercriminals or governments, or from the north, south, east or west. We believe the online world should be free from attack and state-sponsored espionage, and will continue fighting for a truly free and safe digital world. Proven Transparent We share our expertise, knowledge and technical findings with the world’s Kaspersky routinely scores the highest We are totally transparent and are making security community, IT security vendors, marks in independent ratings and surveys. it even easier to understand what we do: international organizations and law • Measured alongside more than 100 other • Independent review of the company’s enforcement agencies. well-known vendors in the industry source code, software updates and threat Our research team is spread across the • 73 first places in 88 tests in 2018 detection rules world and includes some of the most • Independent review of internal processes • Top 3 ranking* in 91% of all product tests renowned security experts in the world. • In 2017 and 2018, Kaspersky received • Three transparency centers by 2020 We detect and neutralize all forms of Platinum Status for Gartner’s Peer • Increased bug bounty rewards with up to advanced APTs, regardless of their origin Insight** Customer Choice Award 2017, in $100K per discovered vulnerability or purpose.
  • Symantec Corporate Template

    Symantec Corporate Template

    Security Threat Intelligence & Response Deepak Maheshwari Head – Government Affairs, India Region Combo, Sri Lanka March 26, 2015 Council of Europe – International Conference on Assessing the Threat of Cybercrime 1 Symantec Security Response – Major Investigations ESPIONAGE: TURLA (2014) ESPIONAGE: REGIN (2014) A campaign which has A complex and stealthy systematically targeted the spying tool used for mass governments and surveillance and embassies of former intelligence gathering by Eastern nation states. Bloc countries MASS SURVEILLENCE, TARGETS GOVERNMENT EMBASSIES TARGETS COMMUNICATIONS METHODS SPEAR PHISHING, SOCIAL ENGINEERING, WATER HOLE METHODS WATER HOLE SABOTAGE: STUXNET (2010) FINANCIAL FRAUD: PLOUTUS (2013) The first computer Criminals compromising software threat that was ATMs with customer used as a cyber-weapon. Trojan and mobile Targeted nuclear facility in phone. Can command Iran. Used multiple zero- day exploits. ATM to issue cash using SMS. TARGETS NUCLEAR FACILITY TARGETS BANKS ZERO-DAY EXPLOITS, PHYSICAL ACCESS METHODS SUPPLY CHAIN METHODS Council of Europe – International Conference on Assessing the Threat of Cybercrime 2 Symantec Security Response – Leaders in Protection & Intelligence GLOBAL REACH WEB REQUESTS THREAT INTELLIGENCE ROUND THE CLOCK 24 x 7 x 365 100s OF 7 SITES, 13 BILLION DAILY INVESTIGATIONS MALWARE DETECTION IPS PROTECTION EMAIL PROTECTION > 31M SIGNATURES > 2M BLOCKED DAILY > 1.7B BLOCKED DAILY SOME OF LANDMARK INVESTIGATIONS STUXNET REGIN DRAGONFLY TURLA HIDDEN LYNX RAMNIT NITRO PLOUTUS ATM 3
  • Bilan Cert-IST 2013

    Bilan Cert-IST 2013

    Cert-IST annual review for 2014 regarding flaws and attacks 1) Introduction ..................................................................................................................................... 1 2) Most significant events of 2014 ...................................................................................................... 2 2.1 More sophisticated attacks that modify the risk level .............................................................. 2 2.2 Many attacks targeting cryptography ...................................................................................... 4 2.3 Cyber-spying: governments at the cutting edge of cyber attacks ........................................... 6 2.4 Flourishing frauds .................................................................................................................... 7 3) Vulnerabilities and attacks seen in 2014 ........................................................................................ 9 3.1 Figures about Cert-IST 2014 production ................................................................................. 9 3.2 Alerts and Potential Dangers released by the Cert-IST ........................................................ 11 3.3 Zoom on some flaws and attacks .......................................................................................... 12 4) Conclusions .................................................................................................................................. 15 1) Introduction Each year, the Cert-IST makes
  • Attributing Cyber Attacks Thomas Rida & Ben Buchanana a Department of War Studies, King’S College London, UK Published Online: 23 Dec 2014

    Attributing Cyber Attacks Thomas Rida & Ben Buchanana a Department of War Studies, King’S College London, UK Published Online: 23 Dec 2014

    This article was downloaded by: [Columbia University] On: 08 June 2015, At: 08:43 Publisher: Routledge Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK Journal of Strategic Studies Publication details, including instructions for authors and subscription information: http://www.tandfonline.com/loi/fjss20 Attributing Cyber Attacks Thomas Rida & Ben Buchanana a Department of War Studies, King’s College London, UK Published online: 23 Dec 2014. Click for updates To cite this article: Thomas Rid & Ben Buchanan (2015) Attributing Cyber Attacks, Journal of Strategic Studies, 38:1-2, 4-37, DOI: 10.1080/01402390.2014.977382 To link to this article: http://dx.doi.org/10.1080/01402390.2014.977382 PLEASE SCROLL DOWN FOR ARTICLE Taylor & Francis makes every effort to ensure the accuracy of all the information (the “Content”) contained in the publications on our platform. However, Taylor & Francis, our agents, and our licensors make no representations or warranties whatsoever as to the accuracy, completeness, or suitability for any purpose of the Content. Any opinions and views expressed in this publication are the opinions and views of the authors, and are not the views of or endorsed by Taylor & Francis. The accuracy of the Content should not be relied upon and should be independently verified with primary sources of information. Taylor and Francis shall not be liable for any losses, actions, claims, proceedings, demands, costs, expenses, damages, and other liabilities whatsoever or howsoever caused arising directly or indirectly in connection with, in relation to or arising out of the use of the Content.
  • Regin Platform Nation-State Ownage of Gsm Networks

    Regin Platform Nation-State Ownage of Gsm Networks

    THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS Kaspersky Lab Report Version 1.0 24 November 2014 2 Contents Introduction, history ..................................................................................................................................................... 3 Initial compromise and lateral movement .................................................................................................................. 3 The Regin platform ....................................................................................................................................................... 4 Stage 1 – 32/64 bit ............................................................................................................................................... 4 Stage 2 – loader – 32-bit ...................................................................................................................................... 7 Stage 2 – loader – 64-bit ...................................................................................................................................... 8 Stage 3 – 32-bit – kernel mode manager “VMEM.sys” ....................................................................................... 8 Stage 3 – 64-bit ...................................................................................................................................................... 9 Stage 4 (32-bit) / 3 (64-bit) – dispatcher module, ‘disp.dll’ ...............................................................................
  • Threatpost | the First Stop for Security News

    Threatpost | the First Stop for Security News

    Threatpost | The first stop for security news Categories Category List Apple Cloud Security Compliance Critical Infrastructure Cryptography Government Category List Hacks Malware Microsoft Mobile Security Privacy Category List SAS SMB Security Social Engineering Virtualization Vulnerabilities Web Security Authors Dennis Fisher Michael Mimoso Christopher Brook Brian Donohue Anne Saita Additional Categories Slideshows The Kaspersky Lab News Service Featured Authors Dennis Fisher Michael Mimoso Christopher Brook Brian Donohue Anne Saita Guest Posts The Kaspersky Lab News Service Featured Posts All New BIOS Implant, Vulnerability Discovery Tool… Breach at Premera Blue Cross Affects… Apple Patches WebKit Vulnerabilities in Safari Podcasts Latest Podcasts All Threatpost News Wrap, March 13, 2015 Threatpost News Wrap, March 6, 2015 Patrick Gray on the State of… Threatpost News Wrap, February 27, 2015 Mike Mimoso on SAS 2015 Costin Raiu on the Equation Group… Recommended Robert Hansen on Aviator, Search Revenue and the $250,000 Security Guarantee Threatpost News Wrap, February 21, 2014 How I Got Here: Jeremiah Grossman Chris Soghoian on the NSA Surveillance and Government Hacking The Kaspersky Lab Security News Service Videos Latest Videos All Kris McConkey on Hacker OpSec Failures Trey Ford on Mapping the Internet… Christofer Hoff on Mixed Martial Arts,… Twitter Security and Privacy Settings You… The Biggest Security Stories of 2013 Jeff Forristal on the Android Master-Key… Recommended Twitter Security and Privacy Settings You Need to Know Lock
  • Cyber Threat Data Model and Use Cases Final Report

    Cyber Threat Data Model and Use Cases Final Report

    CAN UNCLASSIFIED TA-35—Cyber Threat Data Model and Use Cases Final Report Dr. Antoine Lemay International Safety Research (ISR) Prepared by: ISR 38 Colonnade Road North Ottawa, Ontario Canada K2E 7J6 Contractor's document number: ISR Report 6099-01-03 Version 2.0 PSPC Contract Number: W7714-156105-T35 Technical Authority: Melanie Bernier, Defence Scientist Contractor's date of publication: September 2017 Defence Research and Development Canada Contract Report DRDC-RDDC-2017-C290 November 2017 CAN UNCLASSIFIED CAN UNCLASSIFIED IMPORTANT INFORMATIVE STATEMENTS The information contained herein is proprietary to Her Majesty and is provided to the recipient on the understanding that it will be used for information and evaluation purposes only. Any commercial use including use for manufacture is prohibited. Disclaimer: This document is not published by the Editorial Office of Defence Research and Development Canada, an agency of the Department of National Defence of Canada, but is to be catalogued in the Canadian Defence Information System (CANDIS), the national repository for Defence S&T documents. Her Majesty the Queen in Right of Canada (Department of National Defence) makes no representations or warranties, expressed or implied, of any kind whatsoever, and assumes no liability for the accuracy, reliability, completeness, currency or usefulness of any information, product, process or material included in this document. Nothing in this document should be interpreted as an endorsement for the specific use of any tool, technique or process examined in it. Any reliance on, or use of, any information, product, process or material included in this document is at the sole risk of the person so using it or relying on it.
  • 2015 Internet Security Threat Report, Volume 20

    2015 Internet Security Threat Report, Volume 20

    APRIL 2015 VOLUME 20 INTERNET SECURITY THREAT REPORT 2 2015 Internet Security Threat Report MOBILE & IOT WEB THREATS SOCIAL MEDIA & SCAMS TARGETED ATTACKS DATA BREACHES & PRIVACY E-CRIME & MALWARE APPENDIX 4 Introduction 5 Executive Summary 9 2014 IN NUMBERS 60 TARGETED ATTACKS 61 Cyberespionage 18 MOBILE DEVICES 62 Industrial Cybersecurity & THE INTERNET OF THINGS 63 Securing Industrial Control Systems 19 Mobile Malware 65 Reconnaissance Attacks 23 SMS and the Interconnected Threat to Mobile Devices 66 Watering Hole Attacks 25 Mobile Apps and Privacy 69 Shifting Targets and Techniques 26 Internet of Things 70 Threat Intelligence 26 Wearable Devices 70 Techniques Used In Targeted Attacks 27 Internet-Connected Everything 27 Automotive Security 77 DATA BREACHES & PRIVACY 28 The Network As the Target 29 Medical Devices – Safety First, Security Second 83 Retailers Under Attack 84 Privacy and the Importance of Data Security 31 WEB THREATS 85 Data Breaches in the Healthcare Industry 32 Vulnerabilities 32 Heartbleed 87 E-CRIME & MALWARE 32 ShellShock and Poodle 88 The Underground Economy 33 High-Profile Vulnerabilities and Time to Patch 90 Malware 34 The Vulnerability Rises 93 Ransomware 35 SSL and TLS Certificates Are Still Vital to Security 93 Crypto-Ransomware 35 Vulnerabilities as a Whole 95 Digital Extortion: A Short History of Ransomware 41 Compromised Sites 97 Bots and Botnets 42 Web Attack Toolkits 98 OSX as a Target 43 Malvertising 100 Malware on Virtualized Systems 43 Malvertising at Large 101 APPENDIX 44 Denial of Service 102 Looking
  • The Evolving Cyber Threat Landscape & Data Protection

    The Evolving Cyber Threat Landscape & Data Protection

    CERT - MU Computer Emergency Response Team of Mauritius The Evolving Cyber Threat Landscape & Data P r o t e c t i o n Data Threats Phishing Ransomware Identity Theft Malware (backdoor trojans) Social Engineering Insider Threat African Statistics on Threat Mauritius ranked 5th and is among the top ten countries in the African region that has an Internet Threat profile Mauritius ranked 4th and is one among the top ten countries that has spam zombies in the African region Source: Symantec Corporation - Internet Security3 Threat Report: Volume 18 South Africa – Current Snapshot, February 28, 2013 4 Some of the Recent Incidents The US government notifies 3,000 companies that they were attacked and charges nation-backed hackers with economic espionage Compromises of retailers culminate in a recent breach of 56 million credit cards Heartbleed bug results in the loss of 4.5 million healthcare records 5 Some of the Recent Incidents Shellshock bug has compromised millions of devices and cause damage to web servers around the world Powerful malware infects hundreds of energy companies worldwide More than half of global securities exchanges are hacked Regin spy malware has been detected by Symantec which is extremely complex and dangerous 6 Some of the Recent Incidents.. Data Threats Phishing Ransomware Identity Theft Malware (backdoor trojans) Social Engineering Insider Threat Data Threats Phishing Ransomware Identity Theft Malware (backdoor trojans) Social Engineering Insider Threat Phishing Phishing Malware Backdoor