Future is now
Transcripción
Future is now
Future is now LA evolución de las Amenazas digitales Dani Creus | @them0ux Security Researcher Global Research & Analysis Team R-Evolución 198x 2000 2004 201x Epoca Romántica (198X-2000) ‣ CONOCIMIENTO, SUPERACIÓN ‣ INDIVIDUALISTAS, GRUPOS REDUCIDOS ‣ OBJETIVOS : EMPRESAS, INSTITUCIONES, ETC. MALWARE (198X - 2000) CARACTER “EXPERIMENTAL” 1995 : CONCEPT (M) 1998 : CIH, NETBUS (R) 1999 : HAPPY99, MELISSA, SUB7,BACKORIFFICE (R) 2000 : ILOVEYOU (VBS) AUTO-REPRODUCCIÓN POLIMORFISMO MACRO VIRUSES RATS FIRMAS ESTÁTICAS AVP: (GUI / SOFTWARE + DB) NUEVOS FORMATOS/SISTEMAS ANTIVIRUS EDAD MEDIA (2000 – 2004) ‣ CONOCIMIENTO, DINERO, INFORMACIÓN… SUPERACIÓN… ‣ GRUPOS + NÚMEROSOS ‣ DIVERSIFICACIÓN de TAREAS ‣ VICTIMAS -> USUARIOS ‣ PHISHING ‣ COMUNIDADES 2.0 Malware (2000 – 2004) 2001 : SADMIN, CODE RED I - II, NIMDA.. 2002 : SIMILE , MYLIFE (OUTLOOK) OPTIX PRO, BEAST 2003 : SLAMMER (SQL), BLASTER 2004 : BAGLE, NETSKY, CABIR, NUCLEUS , ADWARE *MORFISMO, KEYLOGGERS RATS MOBILE VELOCIDAD DE ACTUALIZACIÓN HEURÍSTICA ANTI-EVASIÓN ANTIVIRUS -> ANTIMALWARE EDAD MEDIA (2000 – 2004) Revolución industrial (2005 – 201x) ‣ ‣ ‣ ‣ ‣ ‣ GRUPOS ORGANIZADOS / “””NUEVOS””” ACTORES NUEVOS MODELOS DE NEGOCIO (FaaS) ESQUEMAS: SOFISTICACIÓN Y AGRESIVIDAD MULTI-PLATAFORMA PROFESIONALIZACIÓN DISPONIBILIDAD PROFESIONALIZACIÓN Infraestructuras Técnico Distribuidores Desarrolladores Operadores Comercial Gestión Drops Drop MGR Soporte Cashiers DISPONIBILIDAD INFRAESTRUCTURAS EXPLOIT KITS Malware (2005-2014) ‣ 2007 : ZEUS ‣ 2008 : TORPIG, GPCode , CONFICKER ‣ 2009 : CLAMPI ‣ 2010 : TDSS,ALUREON, STUXNET ‣ 2011 : SPYEYE + ZEUS, LEAKS, DUQU, CARBERP, ROGUEWARE (FAKEAV´S) ‣ 2012 : FLAME/SKYWIPER, SHAMOON, BITCOIN MINERS ‣ 2013/2014 : ATM MALWARE, POS, RANSOMWARE Troyanos bancarios CAPTURAS DE PANTALLA Virtual keyboard PHARMING PHISHING Code card KEYLOGGING ID + Password FORM GRABBING OTP MITB Token INYECCIÓN DE CÓDIGO SMS : mTAN Amenazas digitales 0.1% 9.9% 90% Armas cibernéticas Amenazas dirigidas Delitos tradicionales Amenazas Dirigidas Threat Classification Detection Active Duqu Flame Gauss miniFlame Red October NetTraveler Cyber-espionage Cyber-espionage Cyber-espionage Cyber-espionage Cyber-espionage Series of cybermalware malware malware malware campaign espionage campaigns September 2011 May 2012 July 2012 October 2012 January 2013 May 2013 Since 2010 Facts • Sophisticated Trojan • Acts as a backdoor into a system • Facilitates the theft of private information Since 2007 Since 2011 Since 2012 Since 2007 • More than 600 specific targets • Sophisticated toolkit with modules perform a variety of functions • Miniature yet fully-fledged spyware module • The vast majority of victims were located in Lebanon • Works as standalone malware or as a plug-in for Flame • One of the first • 350 high massive espionage profile victims campaigns in 40 countries conducted on • Exploits known a global scale vulnerabilities • Targeted • Directed at private diplomatic and companies, governmental industry and agencies research facilities, • Russian language governmental text in the code agencies notes • Can spread over a local network or via a USB stick • Records screenshots, audio, keyboard activity and network traffic • Used for highly targeted attacks Since 2004 Careto / The Mask Extremely sophisticated cyber-espionage campaign February 2014 Since 2007 • 1000+ victims in 31 countries • Complex toolset with malware, rootkit, bootkit • Versions for Windows, Mac OS X, Linux • Considered one of the most advanced APTs ever HALCONES DEL DESIERTO EQUATIONAPT ‣ ‣ ‣ ‣ ‣ ‣ ‣ EQUATIONDRUG DOUBLEFANTASY EQUESTRE TRIPLEFANTASY GRAYFISH FANNY EQUATIONLASER TENDENCIAS Amenazas dirigidas • • • • Fragmentación de grupos Irrupción de mercenarios Ataques de bandera Falsa ELUSIVIDAD Delitos tradicionales • • • • Agresividad (Extorsión) “Nuevas” Plataformas (IOT, cars, etc) Adaptación técnicas avanzadas REUTILIZACIÓN ESTRATEGIAS Defensa en capas INTELIGENCIA Forjar Alianzas El factor humano Aspecto legal. Muchas GRACIAS ! Dani Creus | @them0ux Security Researcher Global Research & Analysis Team