Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis...
Transcript of Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis...
![Page 1: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/1.jpg)
PAGE 1 |
Atacturi targetate folosind malware avansat,si implicatii asupra institutiilor financiare
Atacturi targetate folosind malware avansat,si implicatii asupra institutiilor financiareStefan Tanase, Senior Security Researcher
Kaspersky Lab
Twitter: @stefant
ROMANIAN IT&C SECURITY FORUM20 Noiembrie 2012, Bucuresti, Hotel Ramada
![Page 2: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/2.jpg)
PAGE 2 |
1994 - …
Evolutia amenintarilor informatice
![Page 3: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/3.jpg)
PAGE 3 |
Numeste virusul!Anul 1994
Dis is one half. Press any key to continue...Dis is one half. Press any key to continue...
Ce virus afiseaza acest mesajdupa ce cripteaza 50% din HDD?
• NetSky• OneHalf
• Ebola• 50 Cent
![Page 4: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/4.jpg)
PAGE 4 |
EVOLUTIA MALWARE
1994
Un virus nou in fiecare ora
![Page 5: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/5.jpg)
PAGE 5 |
EVOLUTIA MALWARE
2006
Un virus nou la fiecare minut
![Page 6: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/6.jpg)
PAGE 6 |
EVOLUTIA MALWARE
2011
Un virus nou la fiecare secunda
sau 70.000 virusi/zi
![Page 7: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/7.jpg)
PAGE 7 |
Ce se intampla in
2012
![Page 8: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/8.jpg)
PAGE 8 |
What about
2012
Kaspersky Labproceseaza in acest moment
200.000sample-uri unice de malware
IN FIECARE ZI
![Page 9: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/9.jpg)
PAGE 9 |
Cum sunt sustrase datele
Source: Kaspersky Lab
![Page 10: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/10.jpg)
PAGE 10 |
Evolutia troienilor bancari
ZeuSZeuS
ZeuSZeuS SpyeyeSpyeye
ZeuSZeuS SpyeyeSpyeye CitadelCitadel
2006
2012
Ice IXIce IX
![Page 11: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/11.jpg)
PAGE 11 |
Evolutia troienilor bancari
![Page 12: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/12.jpg)
PAGE 12 |
Ecosistemul underground acum cativa ani
• Schimbul de informatii era realizat pe platforme primitive
• Informatii personale atat despre victima cat si despre atacator vizibile
![Page 13: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/13.jpg)
PAGE 13 |
Ecosistemul underground astazi
![Page 14: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/14.jpg)
PAGE 14 |
De ce?
Nevoia de a protejainfrastructura
critica
![Page 15: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/15.jpg)
PAGE 15 |
![Page 16: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/16.jpg)
PAGE 16 |
Stuxnet: sumar
•Creat in 2008‐2009•Tinta: centrala de la Natanz, Iran•Afecteaza: echipamente PLC Siemens•Victime: +150k•Autor: necunoscut (insa aproape sigur un actor statal)•Investitie: $10‐$50 mil
Prima arma cibernetica din istorie
![Page 17: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/17.jpg)
PAGE 17 |
SDFG
![Page 18: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/18.jpg)
PAGE 18 |
Conexiunile dintre Stuxnet, Duqu, Flame, Gauss
![Page 19: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/19.jpg)
PAGE 19 |
Cea mairecenta
descoperire:Gauss
![Page 20: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/20.jpg)
PAGE 20 |
Gauss, Lagrange, Kurt Godel
Virusul contine module cu nume de matematicieni celebri
![Page 21: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/21.jpg)
PAGE 21 |
Gauss: Distributia geografica
Liban
1660Liban
16601660
Israel
483Israel
483483
Palestina
261Palestina
261261
![Page 22: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/22.jpg)
PAGE 22 |
Bancile
Victime colaterale ale razboiului
cibernetic
![Page 23: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/23.jpg)
PAGE 23 |
INSTITUTII FINANCIAREVIZATE DE CATRE GAUSS
Leba
non
LOADER AND COMMUNICATION
MODULE
LOADER AND COMMUNICATION
MODULE
LOADER AND COMMUNICATION MODULE
LOADER AND COMMUNICATION MODULE
LOADER AND COMMUNICATION MODULE
LOADER AND COMMUNICATION MODULE
LOADER AND COMMUNICATION
MODULE
LOADER AND COMMUNICATION
MODULE
LOADER AND COMMUNICATION
MODULE
LOADER AND COMMUNICATION
MODULE
LOADER AND COMMUNICATION
MODULE
LOADER AND COMMUNICATION
MODULE
LOADER AND COMMUNICATION MODULE
LOADER AND COMMUNICATION MODULE
![Page 24: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/24.jpg)
PAGE 24 |
Cum ne protejam clientii?
Amenintarile evolueaza
fulgerator de rapid
![Page 25: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/25.jpg)
PAGE 25 |
![Page 26: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/26.jpg)
PAGE 26 |
CE FEED-URI DEDATE PROCESAM?
Fisierele periculoase procesate de sistemele
noastreExecutie in emulator
Filtrare pe baza de cuvinte cheie
Analiza spamSpam-ul captat de honeypot-uri
BotFarmCapteaza traficul bot – c&c
CE INFORMATII FURNIZAM?
Malware intelligenceAnaliza comportamentala
URL-uri detectate în cadrul activității malware-ului
Download de sample-uri
Spam intelligenceAlerte pentru spam ce vizeaza intitutia dvs.
Aceste informatii pot fiaccesate printr-un portal
IRIS SISTEMDE ALERTATIMPURIE
![Page 27: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/27.jpg)
PAGE 27 |
Safe Online Banking & Shopping
TrustedSite
TrustedSite
TrustedConnection
TrustedConnection
TrustedEnvironment
TrustedEnvironment
TEHNOLOGIA SAFE MONEY
![Page 28: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/28.jpg)
PAGE 28 |
ConnectionSite Environment
Phishing sites Substitution of DNS, proxy or host file
Traffic interception
Vulnerability exploitation
Code injection
Fake pop-up windows
Snapshotting & keylogging
ONLINE BANKING IN NESIGURANTA
![Page 29: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/29.jpg)
PAGE 29 |
Anti-phishing
List of trusted sites
Desktop shortcut
Phishing sites
Site
Substitution of DNS, proxy or host file
Traffic interception
Vulnerability exploitation
Code injection
Fake pop-up windows
Snapshotting & keylogging
Connection Environment
Kaspersky Security Network
SSL certificate database in the cloud
Vulnerability scan
Enhanced HIPS protection
Self-protection
Virtual Keyboard
Secure Keyboard
ONLINE BANKING IN SIGURANTA
![Page 30: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/30.jpg)
PAGE 30 |
De ce Safe Money?
Nevoile bancilor:• Reducerea fraudelor la nivelul conturilor de online banking,
motive:– Evitarea pierderilor
– Reglementari, cerinte legale
– Reputatia de siguranta
• Raport asupra starii de securitate a end-point-ului– Pentru a ajusta automat limitele si restrictiile platilor
• Interferente minime asupra clientului sau a software-ului acestuia
![Page 31: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/31.jpg)
PAGE 31 |
Cum ne protejam propria
infrastructura?
Cyberwar, APT
![Page 32: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/32.jpg)
PAGE 32 |
Whitelisting - teoria
Whitelist
![Page 33: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/33.jpg)
PAGE 33 |
Whitelisting - practica
![Page 34: Stefan Tanase, Senior Security Researcher Kaspersky Lab · PAGE 3 | Numeste virusul! Anul 1994 Dis is one half. Press any key to continue... Dis is one half. Press any key to continue...](https://reader030.fdocument.pub/reader030/viewer/2022040412/5f0743a77e708231d41c1fd9/html5/thumbnails/34.jpg)
PAGE 34 |
Default Deny – abordarea Kaspersky Lab
• Administratorul creaza o lista de aplicatii acceptate.
• Orice alta aplicatie va fiblocata by default.
• Previne executia decod neautorizat.
• Protectie impotriva APT si malware necunoscut.
• Utilizarea eficienta a resurselor organizatiei.