Scribd Logo
Upload

Welcome to Scribd!

  • David Emm - The WHAT, HOW, WHO and WHY of Computer

    Uploaded by

    hannahade1
    12 views29 pages

    Original Title

    David Emm - The WHAT, HOW, WHO and WHY of computer

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views29 pages

    David Emm - The WHAT, HOW, WHO and WHY of Computer

    Uploaded by

    hannahade1

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 29

    The WHAT, HOW, WHO and WHY of computer

    malware

    David Emm
    Global Research and Analysis Team
    @emm_david
    THE SCALE OF THE THREAT

    1994 2006 2011 2020


    1 1 1 342,000
    NEW SAMPLE NEW SAMPLE NEW SAMPLE NEW SAMPLES
    EVERY HOUR EVERY MINUTE EVERY SECOND EVERY DAY

    2
    THE NATURE OF THE THREAT

    0.1% Cyber-weapons

    9.9% Targeted threats


    to organisations

    Traditional

    90% cybercrime

    3
    HOW MALWARE SPREADS

    Exploit Social
    kits networks

    E-mail USB

    4
    WEB-BASED THREATS

    Kaspersky Lab blocked 975,491,360 online attacks in 2019

    2.6 million 111,000


    attacks per day attacks per hour

    1,850 30 attacks
    attacks per second
    per minute

    5
    6
    BANKING TROJANS

    • Malware designed to steal financial data


    from bank customers
    • Username, password, credit card data, PIN,
    etc.
    • Typically spread using social engineering
    tricks, exploits or ‘drive-by downloads’

    7
    HOW BANKING TROJANS WORK

    • Capture keystrokes
    • Take screen-shots
    • e.g. to capture mouse clicks
    • Modify the hosts file
    • Redirect the browser to a fake web site
    • Inject code into the browser
    • Intercept connection to bank site
    • Modify content on the page
    • e.g. to request additional data
    • Install malicious app on smartphone
    • Capture one-time passcodes sent via SMS

    8
    BANKING TROJANS
    Number of banking Trojan attacks blocked, 2018-19
    140 000

    120 000

    100 000

    80 000

    60 000

    40 000

    20 000

    9
    RANSOMWARE

    • Malware designed to extort money by taking


    control of a victim’s computer or data stored
    on the computer
    • Ransomware locks the computer to prevent
    normal use or encrypts data stored on it
    • Typically spread using social engineering
    tricks, exploits or ‘drive-by downloads’

    10
    TYPES OF RANSOMWARE

    • Lock-screen ransomware
    • Crypto-ransomware
    • MBR ransomware
    • Ransomware targeting web servers
    • Ransomware targeting mobile devices

    11
    LOCK-SCREEN RANSOMWARE

    12
    CRYPTO-RANSOMWARE

    13
    14
    15
    16
    17
    CRYPTO-RANSOMWARE
    Number of crypto-ransomware attacks blocked, 2018-19
    140 000

    120 000

    100 000

    80 000

    60 000

    40 000

    20 000

    18
    19
    MALICIOUS CRYPTO-CURRENCY MINERS

    • Malware designed to install a hidden miner


    and use the victim’s computer to obtain
    crypto-currency
    • Typically spread using social engineering
    tricks or exploits
    • Or using a script installed on a web page

    20
    MALICIOUS CRYPTO-CURRENCY MINERS
    Number of malicious crypto-currency miner attacks blocked, 2018-19
    500 000
    450 000
    400 000
    350 000
    300 000
    250 000
    200 000
    150 000
    100 000
    50 000
    0

    21
    2,259,038
    755,485
    766,728
    22
    THE RISING TIDE OF MOBILE THREATS

    • Diverse app market with millions of


    apps and billions of app downloads
    • This makes it an attractive target for
    malware
    • 50 per cent of Android devices have
    unpatched vulnerabilities

    23
    MOBILE COMPUTING RISKS

    • Malware and spyware


    • Phishing scams
    • Browser and network exploits
    • Wi-fi sniffing
    • Data theft
    • Location tracking (privacy)
    • Audio and webcam recording
    • Ransomware

    24
    25
    5 000 000
    10 000 000
    15 000 000
    20 000 000
    25 000 000
    30 000 000
    35 000 000
    40 000 000
    45 000 000

    0
    MOBILE MALWARE

    янв.15
    апр.15
    июл.15
    окт.15
    янв.16
    апр.16
    июл.16
    окт.16
    янв.17
    апр.17
    июл.17
    окт.17
    янв.18
    апр.18
    июл.18
    окт.18
    янв.19
    апр.19
    июл.19
    окт.19
    APT THREAT LANDSCAPE
    Top APTs and targets in 2019

    Top 10 targets: Top 10 targeted countries:


    Government Saudi Arabia Iran Afghanistan France Germany Kazakhstan Russia China
    Diplomatic
    Energy
    Military
    Telecommunications
    Financial institutions
    Banks
    Education
    Defence
    Crypto-currency businesses
    South Korea
    India
    Top 10 significant threat actors:
    Vietnam
    1 Lazarus 6 Lamberts
    Malaysia
    2 Barium 7 APT10
    3 Turla 8 OrigamiElephant
    4 BlueNoroff 9 OilRig
    5 Zebrocy 10 HoneyMyte

    26 apt.securelist.com
    STAYING SAFE

    RIGHT NOW TOMORROW


    • Technology • Stop fire-fighting
    • Multi-layer protection • Audit systems
    • DEFAULT-DENY • Evaluate the risks
    • Encryption • Create a strategy
    • Updates • and a team to implement and monitor it
    • PATCH OPERATING SYSTEM • Delegate to experts
    • PATCH APPLICATIONS • Risk assessment
    • Network management • Incident response
    • Network segmentation • Analysis and forensics
    • RESTRICT LOCAL ADMIN RIGHTS • It’s bigger than IT
    • Restrict write access • Security culture
    • Backup

    27
    P PROTECT

    U UPDATE

    28
    B BACKUP
    Thank you

    David Emm
    Global Research and Analysis Team
    @emm_david

    You might also like