This document summarizes Andrea Minigozzi's presentation on cyber threats landscape and defense. It discusses the evolution of threats from early computer viruses to modern advanced persistent threats. Various threat vectors are examined, including malware, social engineering, and zero-day exploits. Common attack methods like watering hole attacks and the Heartbleed bug are explained. Defensive strategies are proposed, such as previewing shortened URLs and avoiding malicious QR codes. The presentation aims to increase understanding of modern cybersecurity challenges and threats.
1. Cyber Threats:
Landscape and Defense
Ing. Andrea Garavaglia
Andrea Minigozzi, CISSP – OPST
ISIS “C. Facchinetti”
Castellanza – VA
14 – 04 - 2014
2. Cyber Threats Landscape and Defense
Andrea Minigozzi is a certified CISSP and OPST Security Expert
with fourteen years experience, encompassing SIEM, malware
analysis, investigating security incidents, computer and network
forensics, ISO 27001/NIST/COBIT audits and hardening of various
devices on civil and military programs.
Andrea is the owner of FantaGhost web site and develops
FG-Scanner project.
About US…. #whoami
Andrea Minigozzi – Andrea Garavaglia
Andrea Garavaglia supported for years Law Enforcement
with analysis tools used to discover patterns, trends, associations
and hidden networks in any number and type of data sources.
He worked also with voice and ip interceptions, traffic reconstruction,
forensics analisys.
Actually is a Network Security Monitor lover.
3. Cyber Threats Landscape and Defense
A Real problem for today’s industries
Andrea Minigozzi – Andrea Garavaglia
4. Cyber Threats Landscape and Defense
Who can become a Victim ?
Andrea Minigozzi – Andrea Garavaglia
Source: http://www.tietoturvapaiva.fi/uploads/Tietoturva%202012/stonesoft.pdf
5. Cyber Threats Landscape and Defense
From virus to Advanced Persistent Threats: the timeline
1971
Creeper
1987
Jerusalem
1982
Elk
Cloner
1992
Michelangelo
2005
MyTob
2000
I love you
2001
Code Red
2004
Sasser
1999
Melissa
2007
Storm
BotNet
2009
Conficker
1970 1980 1990 2000 - 2009
Source: http://blogs.csoonline.com/1421/40_years_after_the_first_computer_virus
1986
Brain
Andrea Minigozzi – Andrea Garavaglia
6. Cyber Threats Landscape and Defense
From virus to Advanced Persistent Threats: the timeline
2010 - Today
2010
Stuxnet
2010
VBMania
2010
Kenzero
2010
SpyEye
+ Zeus
2011
Zero
Access
2011
Duqu
2012
Flame
2012
Shamoon
2012
NGRBot
2013
CryptoLocker
2014
................
Source: http://en.wikipedia.org/wiki/Timeline_of_computer_viruses_and_worms
Andrea Minigozzi – Andrea Garavaglia
7. Cyber Threats Landscape and Defense
Terms and definitions: viruses and worms
Andrea Minigozzi – Andrea Garavaglia
VIRUS
A program that “infects” computer files, usually executable programs, by
inserting a copy of itself into the file. These copies are usually executed when
the infected files is loaded into memory, allowing the virus to infect other files. A
virus requires human involvement (usually unwitting) to propagate.
WORM
An independent computer program that reproduces by copying itself from
one system to another across a network. Unlike computer viruses, worms do
not require human involvement to propagate and exploit vulnerabilities to
bypass security systems.
8. Cyber Threats Landscape and Defense
Terms and definitions: trojan horses and 0-day exploits
TROJAN HORSE
A computer program that conceals harmful code.
A Trojan horse usually masquerades as a useful program that a user would
wish to execute.
0-DAY EXPLOIT
An exploit that takes advantage of a security vulnerability previously unknown
to the general public. In many cases, the exploit code is written by the same
person who discovered the vulnerability.
Andrea Minigozzi – Andrea Garavaglia
9. Cyber Threats Landscape and Defense
Terms and definitions: malware
MALWARE
A program that is inserted into a system, usually covertly, with
the intent of compromising the confidentiality, integrity, or availability of the
victim's data, applications, or operating system or of otherwise annoying
or disrupting the victim and often violates one or more of the following
fundamental principles:
Consent: Malware may be installed even though the user did
not knowingly ask for that to happen.
Privacy-Respectfulness: Malware may violate a user's privacy, perhaps
capturing user passwords or credit card information.
Non-Intrusiveness: Malware may annoy users by popping up
advertisements, changing web browser's home page, making systems slow or
unstable and prone to crash, or interfering with already installed
security software.
Harmlessness: Malware may be software that hurts users (such
as software that damages our system, sends spam emails, or disables security
software).
Respect for User Management: If the user attempts to remove
the software, it may reinstall itself or otherwise override user preferences.
Source: http://itlaw.wikia.com/wiki/Malware
Andrea Minigozzi – Andrea Garavaglia
10. Cyber Threats Landscape and Defense
Malicious code spreading vectors and attack surface
1980 1990 2000 - 2014
Andrea Minigozzi – Andrea Garavaglia
11. Cyber Threats Landscape and Defense
New malware in the last two years
Andrea Minigozzi – Cyber Threats Landscape and Defense
Source: http://www.mcafee.com/uk/resources/reports/rp-quarterly-threat-q3-2013.pdf
12. Cyber Threats Landscape and Defense
New malwares for emerging operating systems
Andrea Minigozzi – Cyber Threats Landscape and Defense
Source: http://www.mcafee.com/uk/resources/reports/rp-quarterly-threat-q3-2013.pdf
13. Cyber Threats Landscape and Defense
Global Email Volume, in Trillions of messages
Source: http://www.mcafee.com/uk/resources/reports/rp-quarterly-threat-q3-2013.pdf
Andrea Minigozzi – Andrea Garavaglia
14. Cyber Threats Landscape and Defense
Hacking motivations
HACKERS : They need to understand how the systems works and how to
improve security and performances
HACKTIVISTS: They use computers and computer networks to promote
political ends, chiefly free speech, human rights, and information ethics.
STATE SPONSORED HACKERS: Governments around the globe realize
that it serves their military objectives to be well positioned online.
SPY HACKERS: Corporations hire hackers to infiltrate the competition and
steal trade secrets.
CYBER TERRORISTS: These hackers, generally motivated by religious or
political beliefs, attempt to create fear and chaos by disrupting critical
infrastructures.
Andrea Minigozzi – Andrea Garavaglia
15. Cyber Threats Landscape and Defense
Attack Diagram: the past
Andrea Minigozzi – Andrea Garavaglia
16. Cyber Threats Landscape and Defense
Andrea Minigozzi – Andrea Garavaglia
Attack Diagram: the present
17. Cyber Threats Landscape and Defense
Terms and definitions: advanced persistent threats
ADVANCED PERSISTENT THREATS
Advanced Persistent Threat (APT) is a set of stealthy and continuous hacking
processes often orchestrated by human targeting a specific entity.
APT usually targets organizations and or nations for business or political
motives. APT processes require high degree of covertness over a long period of
time.
Source: https://www.academia.edu/6309905/Advanced_Persistent_Threat_-_APT
The advanced process signifies sophisticated techniques using malware to
exploit vulnerabilities in systems and Advanced Evasion Technique to avoid
detection.
The persistent process suggests that an external command and control is
continuously monitoring and extracting data off a specific target.
The threat process indicates human involvement in orchestrating the attack
Andrea Minigozzi – Andrea Garavaglia
18. Cyber Threats Landscape and Defense
Andrea Minigozzi – Andrea Garavaglia
APT Teams and Connections
B-TeamA-Team
More senior? Malware writers?
Beaconing &
Latching
Command &
Control; Agent
transfer
Command &
Control; Agent
transfer
www.hackedsite1.com
Agent Download
& Install
www.hackedsite2.com
Data transfer
Data transfer
Stage 0
Infection
Stage 1
Generate
Intermediaries
Stage 2
Setup
Relay Agents
Stage 3
Data
Exfiltration
RDP & Other
Transfer HostIntermediary HostFoothold
Host
Data Host
19. Cyber Threats Landscape and Defense
Advanced Persistent Threats LifeCycle
Source: http://en.wikipedia.org/wiki/Advanced_persistent_threat#History_and_targets
Andrea Minigozzi – Andrea Garavaglia
20. Cyber Threats Landscape and Defense
A great video from TrendMicro explain how the attacks works
Source: http://www.youtube.com/watch?v=fpeMR1214t0
Andrea Minigozzi – Andrea Garavaglia
This video describe a real
successful attack happended
some time ago:
the attacked company lost
about 60 Million dollar$
22. Cyber Threats Landscape and Defense
QR Codes and Shortened URLs: when the threats get short !
http://goo.gl/pJ0sKw
Andrea Minigozzi – Andrea Garavaglia
23. Cyber Threats Landscape and Defense
QR Codes and Shortened URLs: when the threats get short !
STAY AWAY FROM MALICIOUS QR CODES!
Scanning QR codes in the form of stickers placed randomly on
the street's walls is most dangerous. It is a very common way
that scammers use to get people scan the code just because
of curiosity. Reports say, “46% just said they were curious
what this odd little jumbled cube could do.”
So, we should not scan any QR codes that are not from
trusted sources.
LOOK CLOSELY TO A QR CODE BEFORE DO ANYTHING ELSE!
Andrea Minigozzi – Andrea Garavaglia
The are few apps on the stores you can
use to analyze the Qrcode.....
24. Cyber Threats Landscape and Defense
QR Codes and Shortened URLs: when the threats get short !
http://goo.gl/pJ0sKw
http://goo.gl/ZFm5u6
Are you able to see if the two shortened URLs above lead us to
trusted websites?
http://goo.gl/pJ0sKw
http://goo.gl/ZFm5u6
Malicious URL
FantaGhost Web Page
Andrea Minigozzi – Andrea Garavaglia
25. Cyber Threats Landscape and Defense
QR Codes and Shortened URLs: when the threats get short !
Are there any solutions for this problem?
YES! WE SHOULD PREVIEW THE SHORTENED URLS BEFORE USING THEM.
Several website tools help us to get a full URL address from the shortened URL,
an example is http://unshort.me/
In addition, some URL shortening services, such as goo.gl, give us an option to
preview the shortened URL first by add a “+” at the end of the URL.
Andrea Minigozzi – Andrea Garavaglia
26. Cyber Threats Landscape and Defense
The most dangerous (and commons) vulnerabilities
1. Email Social Engineering/Spear Phishing
2. Infection Via a Drive-By Web Download: Watering Hole Attack
3. USB Key Malware
4. Scanning Networks for Vulnerabilities and Exploitment
5. Guessing or Social Engineering Passwords
6. Wifi Compromises
7. Stolen Credentials From Third-Party Sites
8. Compromising Web-Based Databases
9. Exploiting Password Reset Services to Hijack Accounts
10. Insiders
Andrea Minigozzi – Andrea Garavaglia
27. Cyber Threats Landscape and Defense
Understanding HeartBleed Bug
Andrea Minigozzi – Andrea Garavaglia
CVE-2014-0160
Source: http://www.xkcd.com/1354 - http://regmedia.co.uk/2014/04/09/openssl_haertbleed_diagram.png