what does this advanced threat landscape look like
play

What Does This Advanced Threat Landscape Look Like? Advanced Threat - PowerPoint PPT Presentation

Jun 03, 2023 •671 likes •1.13k views

DDoS & Modern Threat Motives Dan Holden Director, ASERT What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape Geo-poli:cal More defenses ? App/Content t a

  1. DDoS & Modern Threat Motives Dan Holden Director, ASERT

  2. What Does This Advanced Threat Landscape Look Like?

  3. Advanced Threat Landscape ü Geo-­‑poli:cal ¡ ü More ¡defenses ¡ ¡ ? ü App/Content ¡ t a ü Network ¡change ¡ h W ü Legacy ¡ ü Modern ¡ infrastructure ¡ Employee ¡ ü DDos ¡ ü Phishing/SPAM ¡ How? ¡ ü Botnets ¡ ü Vulnerabili:es ¡ ü Malware ¡ ü Web ¡App ¡ Who? ¡ ü Cyber ¡Crime ¡ ü APT ¡ ü Hack:vism ¡ ü Cyber ¡Espionage ¡ ü Compe::ve ¡ ü Cyber ¡Warfare ¡

  4. Cyber Crime

  5. Host Booter – Fg Power DDOSER • Includes Firefox password stealer

  6. Host booter – SniffDDOSER • Bot builder panel. Anti-detection techniques available.

  7. Host Booter – Fg Power DDOSER Password Stealing Capability • What passwords stored in the browser? • Firefox password posted to forum – My.webmoney.ru

  8. Underground Economy Insight - UFOCrypt • Crypters bypass anti-malware and other security solutions • DDoS bots, banking trojans, password stealers, ransomware (“blockers”), etc. • Crypter service - $20 per bot, cheap and effective

  9. Underground Economy Insight – Mr. Worf • A “load” is access to a compromised system to install software of the attackers choice, typically malware

  10. Underground Economy Insight – DGAF • At only $30 per 1000 bots, they could purchase 1000 Asian bot loads from worf1 (previous slide) for $18 & make $12. • Eventually the low quality bots would be noticed but many scammers (known as “rippers”) exist in the underground economy. You can’t trust a thief!

  11. Black Hat Botnet and Exploit kit 2.1 • This botnet & exploit kit bundles: – Pandora DDoS bot – SpyEye banking fraud crimeware – Volk botnet – Gondad exploit pack – Yin Yang exploit – a packer “PACK” – “Private no Name” • Bundling in a kit allows for – an easy one-stop-shopping crimeware setup – or a crimeware service setup

  12. Hacktivism

  13. Know Your Enemy? Good Luck! • 12 y/o student in Ohio learning computers in middle school • 13 y/o home-schooled girl getting bored with social networks • 15 y/o kid in Brazil that joined a defacement group • 16 y/o student in Tokyo, learning programming in high school • 18 y/o high school drop out in the Ukraine • 19 y/o college student putting class work into practice • 20 y/o Taco Bell employee bored with the daily grind • 21 y/o man in Mali working for an international carding ring • 23 y/o mother in Poland, trying to supplement income • 24 y/o black hat intent on compromising any company encountered • 25 y/o soldier in the North Korean army • 26 y/o military contractor in Iraq • 28 y/o Chinese government employee, soon to be mother • 29 y/o vegan in Oregon who firmly believes in political hacktivism • 30 y/o white hat pen tester who has not let go of her black hat origins • 31 y/o security researcher who finds vulnerabilities on live sites • 32 y/o alcoholic in New Zealand, with nothing to lose • 34 y/o employee who sees a target of opportunity • 35 y/o officer in MI6 • 36 y/o "consulate attaché" that may be FSB • 40 y/o disgruntled admin, passed over for raise 5 years in a row • 42 y/o private investigator looking for dirt on your CEO • 43 y/o malware author, paid per compromised host • 45 y/o member of a terrorist group • 55 y/o corporate intelligence consultant 13 ¡ *List ¡of ¡adversaries ¡courtesy ¡of ¡aMri:on.org ¡

  14. 2008 First High-profile Anonymous Attack January 2008: Anonymous, an Internet hacktivism group, launches the first in a series of high profile DDoS attacks when it floods the scientology.org Web site. It is a response to the Church of Scientology trying to remove video of an infamous Tom Cruise interview from the Internet.

  15. Single User+ - LOIC • Famously used tool by Anonymous • Also has “HiveMind” mode • Discloses attacker IP • Rarely used due to ability to track attacker source

  16. 2010 Hacktivism Escalates December 2010: Paypal is hit with DDoS attacks coordinated by supporters of the Wikileaks website after Paypal suspends money transfers to the site. A variety of other major financial sites and credit card companies are also hit for their role in blocking payments to the site.

  17. Single User Flooding Tools – JS-LOIC • Stand-alone JavaScript version • Lacks some of the features of regular LOIC • No need to install tool, just visit Webpage with JS code • Proliferated delivery simple via URL

  18. 2012 Governments Become Prime Target April 2012: In a protest against “draconian surveillance proposals” and the extradition of suspects from the UK to the US to stand trial, the hacker group Anonymous targets a number of US and UK government sites including the US Department of Justice, the CIA and the UK Home Office.

  19. Single User+ - Binary Cyber Cannon • Anonymous attack tool used in Brazil • Not as easy to use as LOIC or HOIC • Has “packet blaster” for more detailed attacks • Hacktivist oriented tool with “hive mind”

  20. 2012 DDoS Is Very Political 2012: Canada’s New Democrat Party sees its leadership election impacted by DDoS attack that delayed voting and reduced turnout. Mexico and the Dominican Republic have both fended off cyber attacks on their national elections by Anonymous. Cyber attacks throughout 2012 also hit national elections in Russia, Ukraine, and South Korea.

  21. #OpIsreal #OpUSA

  22. Competitive Takeout

  23. Commercial DDoS Services – March 2012 • No DDoS capabilities in this RAT • However this is a good example of password theft

  24. Commercial DDoS Services – Late 2012

  25. Competitive Takeout • The Russian security service FSB arrested Pavel Vrublevsky, the CEO of ChronoPay, the country’s largest processor of online payments, for allegedly hiring an attacker to DDoS his company’s rivals

  26. Commercial DDoS Product – Dirt Jumper v5

  27. Bot – “DarkShell” • In 2010, this bot was seen to attack industrial food processor equipment vendors

  28. Competitive DDoS • Co-founder & former YouSendIt CEO Pleads Guilty to DoS Attacks • In March 2009, Shaikh founded a new company called FlyUpload which offered the same content distribution services as YouSendIt

  29. Commercial DDoS Services – March 2013

  30. Gwapo's Professional DDOS Service

  31. Asylumstress.com Featured By Krebs

  32. Advanced Threats

  33. 2011 Consequences are Damaging April 2011: DDoS attack on Sony is purportedly used to block detection of a data breach that lead to the exfiltration of millions of customer records for PlayStation Network users. Around 101 million user accounts are compromised, although Sony claims credit card information was securely saved as a cryptographic code. APRIL 20, 2011 INTRUSION DETECTED APRIL 26, 2011 CUSTOMERS INFORMED

  34. RAT + DDoS – Gray Pigeon aka Hupigon • Chinese RAT with DDoS capabilities • Used in espionage style attacks *image ¡courtesy ¡of ¡F-­‑Secure ¡

  35. Xtreme RAT • Remote Access Trojan (RAT) that allow remote users to steal data from malware-infected machines – Spear phishing e-mails targeted US and Israeli government institutions – Also used to target Syrian activists *Image ¡courtesy ¡of ¡F-­‑Secure ¡

  36. Cyber Warfare

  37. Cyber Warfare Thinking *Wikileak ¡dumps ¡originally ¡presented ¡by ¡Dave ¡Aitel ¡at ¡SyScan ¡

  38. 2007 DDoS Becomes a Weapon of Conflict April 2007: The formerly Soviet occupied Republic of Estonia is taken offline by sustained DDoS attacks following diplomatic tension with Russia. Just over a year later, attacks on Russian and Georgia websites are co-ordinated with ground offenses against Georgia territories by Russian forces. The attack effectively isolates Georgia from the Internet at large.

  39. Russia & China Have Too Much To Lose! • Obama removes Jackson-Vanik amendment – Allows US business the benefit of trade with Russia as a full member of the World Trade Organization – US firms can now benefit from lower import tariffs, intellectual property protection and greater legal transparency – Exports could double in the next 5 years to Russia • Approximately 7.5% of U.S. debt is held by China, the largest foreign holder – China wants the U.S. economy to prosper because that means China will be able to continue exporting here – DUH – Obama & Xi Jinping to hold regular high level talks around commercial espionage tensions

  40. Focused Multi-Stage & Multi-Vector DDoS • Longest running public attack campaign in history • Izz ad-Din al-Qassam Cyber Fighters Attacks on U.S. financial sector ongoing since September 2012 • "There is no doubt within the U.S. government that Iran is behind these attacks,” – former U.S. official James A. Lewis • Unique characteristics of the attacks – Very high packet per second rates per individual source – Attacks on multiple companies in same vertical – Real-time monitoring of effectiveness – Agility in modifying attack vectors when mitigated

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Threat Landscape 2015 2015

Threat Landscape 2015 2015

Threat Landscape 2015 2015 Louis Marinos| NIS Expert 1 April 2015 European Union Agency For Network And Information Security Subject of the talk The motto of 5 th Infocom

549 views • 15 slides
FinTech: The Threat Landscape and Promising Initiatives Information Security Conference for the

FinTech: The Threat Landscape and Promising Initiatives Information Security Conference for the

FinTech: The Threat Landscape and Promising Initiatives Information Security Conference for the Financial Sector Doha, Qatar 5 November 2017 The FinTech landscape In the first nine months of 2016, global investment in FinTech reached 21

637 views • 17 slides
Azure Advanced Threat Protection

Azure Advanced Threat Protection

SecOps and Incident Response with Azure Advanced Threat Protection THE DAILY NEWS Attack shuts down xxxxxx organization for 2 days Investigation determined Wrecking ball

264 views • 10 slides
Security Everywhere Extended Jatinder Shetra Consulting Security Engineer Dynamic Threat

Security Everywhere Extended Jatinder Shetra Consulting Security Engineer Dynamic Threat

Security Everywhere Extended Jatinder Shetra Consulting Security Engineer Dynamic Threat Landscape Customers Biggest Security Challenges Changing Dynamic Complexity Business Models Threat Landscape and Fragmentation A

550 views • 13 slides
Identifying Changes in the Cybersecurity Threat Landscape using the LDA-Web Topic Modelling Data

Identifying Changes in the Cybersecurity Threat Landscape using the LDA-Web Topic Modelling Data

Identifying Changes in the Cybersecurity Threat Landscape using the LDA-Web Topic Modelling Data Search Engine Thursday 13 th July 2017 Multidisciplinary approaches to Cloud Crime HCII 2017, Vancouver Canada Noura Al Moubayed, David Wall, and

544 views • 9 slides
Analysis of Bypassing Detection by Microsoft Advanced Threat Analytics Edgar Bohte and Nick

Analysis of Bypassing Detection by Microsoft Advanced Threat Analytics Edgar Bohte and Nick

Analysis of Bypassing Detection by Microsoft Advanced Threat Analytics Edgar Bohte and Nick Offerman Research Project 2 #72 Introduction - Advanced Threat Analytics (ATA) Microsoft Active Directory (AD) On-premise Post-Infiltration

439 views • 25 slides
THE EVOLVING CYBER THREAT LANDSCAPE : Ensuring the Integrity and Value of Information Sean

THE EVOLVING CYBER THREAT LANDSCAPE : Ensuring the Integrity and Value of Information Sean

THE EVOLVING CYBER THREAT LANDSCAPE : Ensuring the Integrity and Value of Information Sean Kanuck Director of Cyber, Space and Future Conflict The International Institute for Strategic Studies NATO Parliamentary Assembly Warsaw, Poland 27

694 views • 10 slides
Cybersecurity: Governance and Best Practices in a Shifting Threat Landscape Presenter: Aravind

Cybersecurity: Governance and Best Practices in a Shifting Threat Landscape Presenter: Aravind

Cybersecurity: Governance and Best Practices in a Shifting Threat Landscape Presenter: Aravind Swaminathan Board of Administration Educational Day J ANUARY 2020 Global Cybersecurity Risk Last year also provided further evidence that cyber

231 views • 7 slides
GROW GREEN LANDSCAPE PROFESSIONAL TRAINING Austin tin's Wild ldfir fire T Threat

GROW GREEN LANDSCAPE PROFESSIONAL TRAINING Austin tin's Wild ldfir fire T Threat

GROW GREEN LANDSCAPE PROFESSIONAL TRAINING Austin tin's Wild ldfir fire T Threat Understanding the Threat Home Ignition Zone The Home Ignition Zone is a homes characteristics and immediate surroundings Assessment Approach 1. Overview of

563 views • 25 slides
Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss

Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss

Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss Post CERT Botconf 2016 | Advanced Incident Detection and Threat Hunting using Sysmon and Splunk | Tom Ueltschi | TLP-WHITE Seite 1 C:\> whoami /all

1.34k views • 115 slides
Domain System Threat Landscape Pablo Rodriguez Nic.pr Janelle McAlister - MarkMonitor

Domain System Threat Landscape Pablo Rodriguez Nic.pr Janelle McAlister - MarkMonitor

Domain System Threat Landscape Pablo Rodriguez Nic.pr Janelle McAlister - MarkMonitor Agenda n History n Nic.PR Case Study q Registrar Perspective q Registry Perspective n Future solutions History n Over the past few years

643 views • 26 slides
Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss

Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss

Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss Post CERT FIRST-TC 2018 | Advanced Incident Detection and Threat Hunting using Sysmon and Splunk | Tom Ueltschi | TLP-WHITE Seite 1 C:\> whoami

1.73k views • 128 slides
Malwares in Cyber Space Threat landscape, Emerging trends, Solutions and Challenges Atul

Malwares in Cyber Space Threat landscape, Emerging trends, Solutions and Challenges Atul

Malwares in Cyber Space Threat landscape, Emerging trends, Solutions and Challenges Atul Kabra, Solutions Architect CyberSpace The good, the bad and the ugly Internet is an unsafe neighborhood right in your office space

257 views • 12 slides
Assessment What is Threat Assessment Threat assessment is the process of gathering

Assessment What is Threat Assessment Threat assessment is the process of gathering

Threat Assessment What is Threat Assessment Threat assessment is the process of gathering information to understand the threat of violence posed by a person. Threat management is the process of developing and executing plans to mitigate

332 views • 15 slides
(or Informa5onized Force Opera5ons) Michael K. Daly November 4, 2009 What is meant by Advanced,

(or Informa5onized Force Opera5ons) Michael K. Daly November 4, 2009 What is meant by Advanced,

The Advanced Persistent Threat (or Informa5onized Force Opera5ons) Michael K. Daly November 4, 2009 What is meant by Advanced, Persistent Threat? Increasingly sophis5cated cyber aIacks by hos5le organiza5ons with the goal of: Gaining

872 views • 50 slides
Survivability Analysis of a Computer System under an Advanced Persistent Threat Attack guez

Survivability Analysis of a Computer System under an Advanced Persistent Threat Attack guez

Survivability Analysis of a Computer System under an Advanced Persistent Threat Attack guez , Xiaolin Chang , Xiaodan Li , Kishor S. Trivedi Ricardo J. Rodr rjrodriguez@unizar.es , xlchang@bjtu.edu.cn , { xiaodan.li,ktrivedi }

420 views • 26 slides
Thank you very much, Begonia, for that lovely introduction. What my talk tonight will be about,

Thank you very much, Begonia, for that lovely introduction. What my talk tonight will be about,

Thank you very much, Begonia, for that lovely introduction. What my talk tonight will be about, mostly, is how to achieve and maintain healthy relationships. Why do I think that healthy relationships are important? Because good relationships

267 views • 23 slides
Contemporary Issues 1 to develop students understanding of contemporary 1. Language of

Contemporary Issues 1 to develop students understanding of contemporary 1. Language of

22/09/2011 Social Education All modules are 1 credit each. Task and Leaving Cert Exam are 10 credits. Social and Health Ed 1 Session 1 and 2 Social and Health Ed 2 1 st Year (February to June) Session 3 and 4 Contemporary Issues 1 LCA

226 views • 4 slides
The Orange House Not secret, yet safe Working area Blijf groep North Holland and Flevoland

The Orange House Not secret, yet safe Working area Blijf groep North Holland and Flevoland

The Orange House Not secret, yet safe Working area Blijf groep North Holland and Flevoland Orange Houses Long-stay shelters + non-residential services Alkmaar Amsterdam Almere Facts & Figures 2018 *633 Kids in the shelters *3.836

611 views • 36 slides
Putting the H into Elf and Safety; Permanently BHSEA: 10 th Sept 2018: Dr Jennifer Lunt

Putting the H into Elf and Safety; Permanently BHSEA: 10 th Sept 2018: Dr Jennifer Lunt

Putting the H into Elf and Safety; Permanently BHSEA: 10 th Sept 2018: Dr Jennifer Lunt Objectives Why occupational health plays second fiddle to safety What this means for behaviour change in the workplace, and Think work

626 views • 24 slides
Edgar Allan Poe 05.31.10 || English 2327: American Literature I || D. Glen Smith, instructor Poe

Edgar Allan Poe 05.31.10 || English 2327: American Literature I || D. Glen Smith, instructor Poe

Edgar Allan Poe 05.31.10 || English 2327: American Literature I || D. Glen Smith, instructor Poe as Celebrity A fjgure celebrated in schools even today Lived in New England and made a career off his writing. Gained a celebrity status in

487 views • 11 slides
CS681: Advanced Topics in Computational Biology Week 6 Lecture 1 Can Alkan EA224

CS681: Advanced Topics in Computational Biology Week 6 Lecture 1 Can Alkan EA224

CS681: Advanced Topics in Computational Biology Week 6 Lecture 1 Can Alkan EA224 calkan@cs.bilkent.edu.tr http://www.cs.bilkent.edu.tr/~calkan/teaching/cs681/ Structural Variation Classes MOBILE NOVEL ELEMENT SEQUENCE INSERTION

808 views • 29 slides
A Unified Space Vision Buzz Aldrin October 29, 2013 WHY DOES THE U.S. NEED TO LEAD IN SPACE?

A Unified Space Vision Buzz Aldrin October 29, 2013 WHY DOES THE U.S. NEED TO LEAD IN SPACE?

A Unified Space Vision Buzz Aldrin October 29, 2013 WHY DOES THE U.S. NEED TO LEAD IN SPACE? U.S. leadership in space should achieve several goals, including: Enhance competitive edge of U.S. aerospace companies in the international

370 views • 14 slides
Creating Training Corpora for NLG Micro-Planning Claire Gardent, Anastasia Shimorina, Shashi

Creating Training Corpora for NLG Micro-Planning Claire Gardent, Anastasia Shimorina, Shashi

Creating Training Corpora for NLG Micro-Planning Claire Gardent, Anastasia Shimorina, Shashi Narayan, Laura Perez-Beltrachini Presented by: Omar Elabd 1 Final Product <originaltripleset> <otriple>Buzz_Aldrin | mission |

508 views • 21 slides

More recommend