THE THREAT LANDSCAPEFROM CYBERCRIME TO CYBER-WAR

David EmmGlobal Research and Analysis Team

2

CONTENTS

What kind of malware?

Who’s writing it and why?What do we do about it?3

2

1

THE SCALE OF THE THREAT

1NEW VIRUS EVERY HOUR

1994

1NEW VIRUS EVERY MINUTE

2006

1NEW VIRUS EVERY SECOND

2011

315,000NEW SAMPLES EVERY DAY

2013

THE GROWING MALWARE THREAT

5

HOW MALWARE SPREADS

People

Technology

… and how people use it

6

VULNERABILITIES AND EXPLOITS

90.52%

2.6%

2.49%2.01% 1.32%0.53%

0.5%

Oracle JavaWindows componentsAndroidAdobe Acrobat ReaderIEAdobe Flash PlayerMS Office

7

VULNERABILITIES AND EXPLOITS

8

‘DRIVE-BY DOWNLOADS’

9

SOCIAL NETWORKS

10

E-MAIL

11

REMOVABLE MEDIA

12

DIGITAL CERTIFICATES

13

SOPHISTICATED THREATS

Code obfuscation

Rootkits

Hide changes made by malware

• Installed files

• Running processes

• Registry changes

Advanced technologies

£k1_ s”+gr!pl;7&

14

NEW TACTICS

All kinds of information

Not just bank data

Steal everything!

Sophisticated

Carefully selected targets

Well-defined aims

Targeted attacks

0.1%

9.9%

90%

THE NATURE OF THE THREAT

Traditional cybercrime

Targeted threats to organisations

Cyber-weapons

POLITICAL, SOCIAL OR ECONOMIC PROTEST

THEFT OF SENSITIVE DATA

“There’s no such thing as ‘secure’ any more. The most sophisticated adversaries are going to go unnoticed on our networks. We have to build our systems on the assumption that adversaries will get in. We have to, again, assume that all the components of our system are not safe, and make sure we’re adjusting accordingly.”

Debora Plunkett, NSA DirectorQuoted in “NSA Switches to Assuming Security Has Always Been Compromised”

CYBER-WEAPONS

“… cyber weapons are: a) effective; b) much cheaper than traditional weapons; c) difficult to detect; d) difficult to attribute to a particular attacker …; e) difficult to protect against …; f) can be replicated at no extra cost. What’s more, the seemingly harmless nature of these weapons means their owners have few qualms about unleashing them, with little thought for the consequences.

Eugene KasperskyJune 2012http://eugene.kaspersky.com/2012/06/14/the-flame-that-changed-the-world/

CYBER-WEAPONS: NUMBER OF VICTIMS

OVER 100K

OVER 300K

2,500

10K

700

5-6K

20

50-60

10-20

50-60

Stuxnet Gauss Flame Duqu miniFlame

Known number of incidents

Additional number of incidents (approximate)

300K

100K

10K

1K

50

20

Source: Kaspersky Lab

20

TARGETED ATTACKS

Google

RSA

Lockheed Martin

Sony

Comodo

DigiNotar

Some of the victims:

Saudi Aramco

LinkedIn

Adobe

Syrian Ministry of Foreign Affairs

The New York Times

Tibetan activitists

22

MOBILE MALWARE

0

50000

100000

150000

200000

250000

10,000,509 unique installation packs

23 The evolving threat landscape

WHY TARGET MOBILE DEVICES?

Mobile devices contain lots of interesting data:

SMS messages

Business e-mail

Business contacts

Personal photos

GPS co-ordinates

Banking credentials

Installed apps

Calendar

24

PLATFORMS

98.05%

1.55% 0.40%

AndroidJ2MEOthers

25

WHAT SORT OF MALWARE?

33.5%

20.6%

19.4%

7.1%

6%5.8% 4% 3.6%

Trojan-SMSBackdoorTrojanAdwareRiskToolTrojan-Down-loader

26

THE GEOGRAPHY OF MOBILE MALWARE

27

MOBILE DEVICES AND TARGETED ATTACKS

28

WHAT DO WE DO ABOUT IT?

29

WHAT DO WE DO ABOUT IT?

30

WHAT DO WE DO ABOUT IT?

QUESTIONSDavid EmmGlobal Research and Analysis Team