dr kenneth geers the role of malware in chief research ... · comodo malware detections. sentosa...
TRANSCRIPT
The Role of Malware in Intelligence Operations
VB 2018 / Montreal
Dr Kenneth Geers
Chief Research Scientist
Comodo Cybersecurity
Dr. Kenneth Geers PhD, CISSP
Atlantic Council Senior Fellow
NATO Cyber Centre Ambassador
Professor: Ukraine
20 yrs USG: US Army, NSA, NCIS, NATO
Publications
• Understanding Cyber Conflict
• Cyber War in Perspective
• Tallinn Manual
• Strategic Cyber Security
• The Virtual Battlefield
@KennethGeers
Applications
Trojans
Worms
Viruses
Backdoors
Malware Timeline
Russia
USA
Poland
Switzerland
United States
Russia
South Africa
Malware Ratio Analysis
Brazil
Cape VerdeMay 14-15
UkraineJuly 29
USAAug 18-21
EgyptAug 2
Trojan Detections by Country
IndonesiaChina
BangladeshAug 13-14
BrazilAug 9-10
IraqJuly 1-2
India
Worm Detections by Country
TurkeyApr 19-25
IndiaMay 27-28
RussiaApr 16-23 Indonesia
BrazilJul 2-6
Canada
UkraineApr 19
UkraineMay 24
MalaysiaAug 23Ukraine
Aug 5
UkraineJun 24
Virus Detections by Country
Backdoor Detections by Country
United Kingdom
Russia
Italy
March 13
Tro
jan
sV
iru
ses
Wo
rms
Foreign Intelligence
Malware type:trojans
Mar 29 – Apr 1
U.S. InaugurationJan 20, 2017
USA / Russia / China
Comodo Malware Detections
Sentosa Island
June 20-21
VirusDetections
Oct 2
Kh
ash
ogg
i dis
app
ears
Oct 18
ExploitDetections
BackdoorDetections
VirusDetections
Oct 18
Oct 18
Oct 2
Kh
ash
ogg
i dis
app
ears
Oct 14
Oct 19
Oct 14
App / Trojan / WormDetections
TrojanDetections
WormDetections
Turkey Saudi Arabia
June 14-15
Virus
Trojan
Law Enforcement / Counterintelligence
April 25-27
June 4
May 24
Trojan downloader
May 28Business
March 12-13
Saint Kitts and NevisDetections
May 24
“Cyber War”
March 28
Syria
Jun 12
Jun 19Apr 9-12
May 24 – Jun 3
Aug 9-16 Sep 8-9May 3
UN seeks inquiry into “Russian” Idlib airstrikes
Possible US, Israeli military action in Syria
Int’l tension over CW War mostly over;
World turns attention to Idlib
Int’l concern over Idlib, chemicalweapons
OPCWinspectors in Syria
Chemicalweapons attack;US airstrikes
May 31
May 9Jul 6
Aug 2
Mar 17
Battle for Yemeni port
Saudi bombing;Peace talks;US visit to SA
Yemeni missile hits Saudi industrial target;Yemeni drone hits Saudi HQ in Yemen Saudis escalate
Yemen port siege
Missiles fired at Riyadh from Yemen;Saudi airstrikes vs. Yemeni Presidential palace
Yemen
Apr 10Apr 23
May 21-23
Jul 16Aug 8
Mar 17-18
Sep 2
Palestine appeal vs. Israel at UN
Anger at video of Palestinian shot by Israeli sniper
2 Israel soldiers killed;Army raids West Bank
Palestine submits ICC referral for “Israel crimes”
Israeli airstrikes in Gaza
Israeli airstrikes in Gaza
US defunds UNRWA
Palestine
May 20
Apr 9
Apr 28
Jun 16Jul 24
Aug 23
Israel/Iran tension;Currency crisis
Pompeo in Saudi Arabia, calls for new Iran sanctions
Pompeo threatens to “crush” Iran
Political protests in Iran
US-Iran tension
Iran
Democracy
VirginiaNov 2017Gubernatorial Election
July 1-4
April 18
May 18-25
USA: trojan detectionscolored by state
OhioJul 22-Aug 4
E = Election / R = Referendum / S = Snap election call / V = Vote recount
EE E R R S E R R E E V E E
Comodo Malware Detections
Arizona
SuspiciousApplications
Florida
SuspiciousApplications
Minnesota
Oct 8-12
Adware
Adware /TrojanAdware /
Trojan
Missouri
Oct 13
Adware /Trojan
New Jersey
Adware /Trojan /
Ransomware
Nevada
SuspiciousApplications
Tennessee
SuspiciousApplications
Wisconsin
SuspiciousApplications
Trojans
Worms
Backdoors
Viruses