Overview of Threat Landscape Siân John Chief Strategist EMEA, Symantec
advertisement
Overview of Threat Landscape Siân John Chief Strategist EMEA, Symantec Attacker motivations CYBERCRIME ESPIONAGE Financial Trojans Nation states Ransomware Corporate SUBVERSION SABOTAGE DDoS Physical damage Social media hacking Data destruction State of the threat landscape - 2014 2 Subversion through hacktivism DDOS ATTACK WEBSITE DEFACEMENT Y SOCIAL MEDIA HACKING I U http:// H WWW J ? K L START DDoS PREFERENCE FOR HACKING SOCIAL MEDIA SOCIAL MEDIA ACCOUNTS VULNERABLE Powerful communications medium Social engineering attacks Easy to propagate false market moving news Password guessing/brute force Fast, and news can spread virally Guessing security questions State of the threat landscape - 2014 3 Distributed denial of service (DDoS) attacks DDOS ON THE RISE Attack size +216% Q1-Q2 2014 Attacks are shorter but stronger Max of 400 GBPS Record level in 2014 TYPES OF ATTACKS BOTNETS Attacker controlled botnets. Increasingly using hacked Linux servers State of the threat landscape - 2014 AMPLIFICATION/ REFLECTION Abusing DNS, NTP, SNMP services to multiply attack size WEB APPLICATIONS Attacks against specific service based features. Accounts for 69% of DDoS using HTTP* 4 Targeted Attacks on the Rise 2012 2013 +91 % NUMBER OF TARGETED ATTACK CAMPAIGNS CONTINUES TO RISE… State of the threat landscape - 2014 5 Stages of an attack INCURSION Attacker breaks into the network by delivering targeted malware to vulnerable systems and employees DISCOVERY CAPTURE Attacker then maps organization’s defenses from the inside Create a battle plan RECONNAISSANCE State of the threat landscape - 2014INCURSION EXFILTRATION Accesses data on unprotected systems Data sent to attacker for analysis Installs malware to secretly acquire data or disrupt operations Information may be used for various purposes including fraud and planning further attacks DISCOVERY CAPTURE EXFILTRATION 6 A brief history of sabotage attacks… W32.STUXNET W32.FLAMER W32.GAUSS GAUSS W32 FLAMER JUL 2010 2 0 0 7 ESTONIA DDOS AUG 2012 MAY 2012 … 2 0 1 0 W32.DUQU 2 0 1 1 2 0 1 2 2 0 1 3 W32.DISTTRACK TROJAN.JOKRA SEP 2012 MAR 2013 [dyü-kyü] APR 2007 State of the threat landscape - 2014 SEP 2011 7 Dragonfly: Attacks against the energy sector Dragonfly attack group has been active since 2011, but shifted focus to the energy sector in early 2013… ACTIVITIES TARGETS Information theft Electricity infrastructure Sabotage capable Electricity generation Industrial equipment suppliers Pipeline operators OTHER INDUSTRIES 2011 State of the threat landscape - 2014 2012 ENERGY SECTOR 2013 2014 8 Dragonfly: The tools of the trade TROJAN.KARAGNY Available in underground markets Adapted for use by Dragonfly group Download/upload/execute files Additional plugins available BACKDOOR.OLDREA Custom made malware RAT – full back door access Used in 90% of cases State of the threat landscape - 2014 9 Dragonfly: Is sabotage ready 3 x ICS software vendors specifically targeted DRIVER SOFTWARE MGMNT. SYSTEMS VPN SOFTWARE Driver software for specialist PLC devices Provides remote access to PLC devices that control industrial processes Establish beachhead in target orgs State of the threat landscape - 2014 Management systems for wind turbines, biogas & other energy infrastructure Access to critical infrastructure can be used for sabotage 10 How to get more information Blog http://www.symantec.com/connect/symantec-blogs/sr Twitter @threatintel http://twitter.com/threatintel Whitepapers http://www.symantec.com/security_response/whitepapers.jsp State of the threat landscape - 2014 11 Thank you! Siân John sian_john@symantec.com Phone: +447894600068 twitteR:@sbj24 Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
