operation cleaver a precursor to control system attacksoperation cleaver prevention is everything...
TRANSCRIPT
Jon Miller
Operation Cleaver – A precursor to control system attacks
2 | © 2015 Cylance, Inc.
Agenda
Introduction What is Cylance What is the Problem Operation Cleaver Vulnerabilities Augmenting
3 | © 2015 Cylance, Inc.
Introduction
Jon Miller | Vice President of Strategy
Internet Security Systems (5 years)
X-Force Penetration Testing
Special Advisor to CTO
Accuvant Labs (7 years)
Penetration Testing
Reverse Engineering
Weaponized 0day Sales
Cylance
(2 Years)
Internal Security
Product Testing/Efficacy
SPEAR Research Team
Customer Advocacy
4 | © 2015 Cylance, Inc.
Introduction
Stuart McClure | CEO / President & Founder
Leader of Cylance
as CEO & Visionary
Hacking Exposed
Lead Author
Creator
Most Successful Security
Book of All Time
Foundstone
WW-CTO McAfee
5 | © 2015 Cylance, Inc.
Introduction
Ryan Permeh | Co-Founder & Chief Scientist
THE brain behind the
mathematical architecture
and new approach
to security.
Eeye Retina
Securells
Code Red
McAfee Chief Scientist
6 | © 2015 Cylance, Inc.
What is the Problem? The Rise of Targeted Attacks
Source: CyberFactors, a subsidiary of CyberRisk Partners and CloudInsure.com
http://www.heritage.org/research/reports/2014/10/cyber-attacks-on-us-companies-in-2014
0
50
100
150
200
250
300
350
Q2'07
Q3'07
Q4'07
Q1'08
Q2'08
Q3'08
Q4'08
Q1'09
Q2'09
Q3'09
Q4'09
Q1'10
Q2'10
Q3'10
Q4'10
Q1'11
Q2'11
Q3'11
Q4'11
Q1'12
Q2'12
Q3'12
Q4'12
Q1'13
Q2'13
Q3'13
Q4'13
Q1'14
Q2'14
Q3'14
Q4'14
Targeted Attacks
Broad Attacks
7 | © 2015 Cylance, Inc.
Intelligence Intellectual
Property Theft
Espionage Financial Gain Identity Theft
What is the Problem? Adversaries
Traditional Adversaries
Nation State Organized Crime
8 | © 2015 Cylance, Inc.
What is the Problem? Adversaries
Iran North Korea Syria
Next Generation Adversaries
Rogue Nation States Individual & Terrorist Actors
ISIS Anonymous Etc
9 | © 2015 Cylance, Inc.
Timeline
10 | © 2015 Cylance, Inc.
11 | © 2015 Cylance, Inc.
12 | © 2015 Cylance, Inc.
Operation Cleaver Prevention is Everything
18-24 Month Long
Iranian Offensive
Solely Targeted at Global Critical
Infrastructure Companies
Zh0up!n
Exploit Team
Phish Based Malware Delivery
MS08-067 Pivoting
Public Tools
(psexec, mimikatz, cain + abel, etc)
SQL Injection
ASP Backdoors
Cred Harvesting
Evolved into Using
Their Own Zeus Variant
(tiny_zbot)
13 | © 2015 Cylance, Inc.
14 | © 2015 Cylance, Inc.
Operation Cleaver 16 Countries Targeted
Canada Energy & Utilities
Oil & Gas
Hospitals
China Aerospace
England Education
France Oil & Gas
Germany Telecommunications
India Education
Israel Aerospace
Education
Kuwait Oil & Gas
Telecommunications
Mexico Oil & Gas
Pakistan Airports
Hospitals
Technology
Airlines
Saudi Arabia Oil & Gas
Airports
South Korea Airports
Airlines
Education
Technology
Heavy Manufacturing
Turkey Oil & Gas
United Arab Emirates Government
Airlines
United States Airlines
Education
Chemicals
Transportation
Energy & Utilities
Military / Government
Defense Industrial base
15 | © 2015 Cylance, Inc.
Operation Cleaver Critical Industries Targeted
Level of Critical Impact
Level of A
ccess
High
Medium
Low
16 | © 2015 Cylance, Inc.
Questions?