Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
PAGE 1 |
Atacturi targetate folosind malware avansat,si implicatii asupra institutiilor financiare
Atacturi targetate folosind malware avansat,si implicatii asupra institutiilor financiareStefan Tanase, Senior Security Researcher
Kaspersky Lab
Twitter: @stefant
ROMANIAN IT&C SECURITY FORUM20 Noiembrie 2012, Bucuresti, Hotel Ramada
PAGE 2 |
1994 - …
Evolutia amenintarilor informatice
PAGE 3 |
Numeste virusul!Anul 1994
Dis is one half. Press any key to continue...Dis is one half. Press any key to continue...
Ce virus afiseaza acest mesajdupa ce cripteaza 50% din HDD?
• NetSky• OneHalf
• Ebola• 50 Cent
PAGE 4 |
EVOLUTIA MALWARE
1994
Un virus nou in fiecare ora
PAGE 5 |
EVOLUTIA MALWARE
2006
Un virus nou la fiecare minut
PAGE 6 |
EVOLUTIA MALWARE
2011
Un virus nou la fiecare secunda
sau 70.000 virusi/zi
PAGE 7 |
Ce se intampla in
2012
PAGE 8 |
What about
2012
Kaspersky Labproceseaza in acest moment
200.000sample-uri unice de malware
IN FIECARE ZI
PAGE 9 |
Cum sunt sustrase datele
Source: Kaspersky Lab
PAGE 10 |
Evolutia troienilor bancari
ZeuSZeuS
ZeuSZeuS SpyeyeSpyeye
ZeuSZeuS SpyeyeSpyeye CitadelCitadel
2006
2012
Ice IXIce IX
PAGE 11 |
Evolutia troienilor bancari
PAGE 12 |
Ecosistemul underground acum cativa ani
• Schimbul de informatii era realizat pe platforme primitive
• Informatii personale atat despre victima cat si despre atacator vizibile
PAGE 13 |
Ecosistemul underground astazi
PAGE 14 |
De ce?
Nevoia de a protejainfrastructura
critica
PAGE 15 |
PAGE 16 |
Stuxnet: sumar
•Creat in 2008‐2009•Tinta: centrala de la Natanz, Iran•Afecteaza: echipamente PLC Siemens•Victime: +150k•Autor: necunoscut (insa aproape sigur un actor statal)•Investitie: $10‐$50 mil
Prima arma cibernetica din istorie
PAGE 17 |
SDFG
PAGE 18 |
Conexiunile dintre Stuxnet, Duqu, Flame, Gauss
PAGE 19 |
Cea mairecenta
descoperire:Gauss
PAGE 20 |
Gauss, Lagrange, Kurt Godel
Virusul contine module cu nume de matematicieni celebri
PAGE 21 |
Gauss: Distributia geografica
Liban
1660Liban
16601660
Israel
483Israel
483483
Palestina
261Palestina
261261
PAGE 22 |
Bancile
Victime colaterale ale razboiului
cibernetic
PAGE 23 |
INSTITUTII FINANCIAREVIZATE DE CATRE GAUSS
Leba
non
LOADER AND COMMUNICATION
MODULE
LOADER AND COMMUNICATION
MODULE
LOADER AND COMMUNICATION MODULE
LOADER AND COMMUNICATION MODULE
LOADER AND COMMUNICATION MODULE
LOADER AND COMMUNICATION MODULE
LOADER AND COMMUNICATION
MODULE
LOADER AND COMMUNICATION
MODULE
LOADER AND COMMUNICATION
MODULE
LOADER AND COMMUNICATION
MODULE
LOADER AND COMMUNICATION
MODULE
LOADER AND COMMUNICATION
MODULE
LOADER AND COMMUNICATION MODULE
LOADER AND COMMUNICATION MODULE
PAGE 24 |
Cum ne protejam clientii?
Amenintarile evolueaza
fulgerator de rapid
PAGE 25 |
PAGE 26 |
CE FEED-URI DEDATE PROCESAM?
Fisierele periculoase procesate de sistemele
noastreExecutie in emulator
Filtrare pe baza de cuvinte cheie
Analiza spamSpam-ul captat de honeypot-uri
BotFarmCapteaza traficul bot – c&c
CE INFORMATII FURNIZAM?
Malware intelligenceAnaliza comportamentala
URL-uri detectate în cadrul activității malware-ului
Download de sample-uri
Spam intelligenceAlerte pentru spam ce vizeaza intitutia dvs.
Aceste informatii pot fiaccesate printr-un portal
IRIS SISTEMDE ALERTATIMPURIE
PAGE 27 |
Safe Online Banking & Shopping
TrustedSite
TrustedSite
TrustedConnection
TrustedConnection
TrustedEnvironment
TrustedEnvironment
TEHNOLOGIA SAFE MONEY
PAGE 28 |
ConnectionSite Environment
Phishing sites Substitution of DNS, proxy or host file
Traffic interception
Vulnerability exploitation
Code injection
Fake pop-up windows
Snapshotting & keylogging
ONLINE BANKING IN NESIGURANTA
PAGE 29 |
Anti-phishing
List of trusted sites
Desktop shortcut
Phishing sites
Site
Substitution of DNS, proxy or host file
Traffic interception
Vulnerability exploitation
Code injection
Fake pop-up windows
Snapshotting & keylogging
Connection Environment
Kaspersky Security Network
SSL certificate database in the cloud
Vulnerability scan
Enhanced HIPS protection
Self-protection
Virtual Keyboard
Secure Keyboard
ONLINE BANKING IN SIGURANTA
PAGE 30 |
De ce Safe Money?
Nevoile bancilor:• Reducerea fraudelor la nivelul conturilor de online banking,
motive:– Evitarea pierderilor
– Reglementari, cerinte legale
– Reputatia de siguranta
• Raport asupra starii de securitate a end-point-ului– Pentru a ajusta automat limitele si restrictiile platilor
• Interferente minime asupra clientului sau a software-ului acestuia
PAGE 31 |
Cum ne protejam propria
infrastructura?
Cyberwar, APT
PAGE 32 |
Whitelisting - teoria
Whitelist
PAGE 33 |
Whitelisting - practica
PAGE 34 |
Default Deny – abordarea Kaspersky Lab
• Administratorul creaza o lista de aplicatii acceptate.
• Orice alta aplicatie va fiblocata by default.
• Previne executia decod neautorizat.
• Protectie impotriva APT si malware necunoscut.
• Utilizarea eficienta a resurselor organizatiei.