Operation Cleaver – A precursor to control system attacks Jon Miller Agenda Introduction What is Cylance What is the Problem Operation Cleaver Vulnerabilities Augmenting 2 | © 2015 Cylance, Inc. Introduction Jon Miller | Vice President of Strategy Internet Security Systems Accuvant Labs Cylance (5 years) (7 years) (2 Years) X-Force Penetration Testing Penetration Testing Internal Security Special Advisor to CTO Reverse Engineering Product Testing/Efficacy Weaponized 0day Sales SPEAR Research Team Customer Advocacy 3 | © 2015 Cylance, Inc. Introduction Stuart McClure | CEO / President & Founder Leader of Cylance Hacking Exposed Foundstone as CEO & Visionary Lead Author WW-CTO McAfee Creator Most Successful Security Book of All Time 4 | © 2015 Cylance, Inc. Introduction Ryan Permeh | Co-Founder & Chief Scientist THE brain behind the Eeye Retina Code Red mathematical architecture and new approach Securells McAfee to security. Chief Scientist 5 | © 2015 Cylance, Inc. What is the Problem? The Rise of Targeted Attacks 350 300 250 Targeted Attacks 200 150 100 50 Broad Attacks 0 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 '07 '07 '07 '08 '08 '08 '08 '09 '09 '09 '09 '10 '10 '10 '10 '11 '11 '11 '11 '12 '12 '12 '12 '13 '13 '13 '13 '14 '14 '14 '14 Source: CyberFactors, a subsidiary of CyberRisk Partners and CloudInsure.com http://www.heritage.org/research/reports/2014/10/cyber-attacks-on-us-companies-in-2014 6 | © 2015 Cylance, Inc. What is the Problem? Adversaries Traditional Adversaries Nation State Organized Crime Intelligence Intellectual Espionage Financial Gain Identity Theft Property Theft 7 | © 2015 Cylance, Inc. What is the Problem? Adversaries Next Generation Adversaries Rogue Nation States Individual & Terrorist Actors Iran North Korea Syria ISIS Anonymous Etc 8 | © 2015 Cylance, Inc. Timeline 9 | © 2015 Cylance, Inc. 10 | © 2015 Cylance, Inc. 11 | © 2015 Cylance, Inc. Operation Cleaver Prevention is Everything 18-24 Month Long Iranian Offensive Solely Targeted at Global Critical Zh0up!n Infrastructure Companies Exploit Team Phish Based Malware Delivery Public Tools MS08-067 Pivoting (psexec, mimikatz, cain + abel, etc) SQL Injection Evolved into Using ASP Backdoors Their Own Zeus Variant Cred Harvesting (tiny_zbot) 12 | © 2015 Cylance, Inc. 13 | © 2015 Cylance, Inc. Operation Cleaver 16 Countries Targeted Canada Israel South Korea Energy & Utilities Aerospace Airports Oil & Gas Education Airlines Hospitals Education Kuwait Technology China Oil & Gas Heavy Manufacturing Aerospace Telecommunications Turkey England Mexico Oil & Gas Education Oil & Gas United Arab Emirates France Pakistan Government Oil & Gas Airports Airlines Hospitals Germany Technology United States Telecommunications Airlines Airlines Education India Saudi Arabia Chemicals Education Oil & Gas Transportation Energy & Utilities Airports Military / Government Defense Industrial base 14 | © 2015 Cylance, Inc. Operation Cleaver Critical Industries Targeted High Medium Level of Access of Level Low Level of Critical Impact 15 | © 2015 Cylance, Inc. 16 | © 2015 Cylance, Inc. Questions? .