CyberSecurity – res publica – it concerns us all www.cybersecurityaustria.at © IKARUS Security Software GmbH 29.04.2015 Joe Pichlmayr, CEO Ikarus, Vorstand CybersecurityAustria, [email protected] 1 © IKARUS Security Software GmbH 29.04.2015 2 DIY - do it yourself ... Good old time… Number of malware and attacks are low and rare • Very low, lesser than 3-4 per month Typical attacks (once upon a time) • Easy to recognize, mostly no payload • Seldom properly working "in the wild” No financial interesst • Most of the codes have been proof of concepts • Cooler Code Competition Low dependence of our IT Systems • Lesser critical than today • Not all work has been done on it-based systems © IKARUS Security Software GmbH 29.04.2015 4 massive rise in 2014 and Q1/ 2015 © IKARUS Security Software GmbH 29.04.2015 5 Quelle: Ikarus Vbase 2015-04-07 massive rise in 2014 and Q1/ 2015 ~ 47,7 Millions in 2014 (47.740.671) 365 day´s in 2014 = 130.796 Unique MalwareSamples per Day 1 day = 1.440 Min / 86.400 Sec 90 per minute © IKARUS Security Software GmbH 29.04.2015 6 Massiv Increase of PUP´s (= Potentialy Unwanted Programms) from 2% up to 55% of all new malware programms in 2015 PUP´s primarily used for Datamining/Dataleakage – targeted attack preparation and ransomware © IKARUS Security Software GmbH 29.04.2015 7 privacy is gone © IKARUS Security Software GmbH 29.04.2015 Dissconnect.com 8 MobileMalware on the rise - Android New Mal .Apps per Month © IKARUS Security Software GmbH 29.04.2015 9 Trojan.AndroidOS.FakeToken Der Trojaner sendet den Zugangscode ab diesem Zeitpunkt an eine Telefonnummer bzw einen Server im Web – welche beliebig sein können und in einem xml –file im TrojanerCoder mitgeführt werden Link auf den Generator (Trojaner) wird über SMS oder Phishing-Mails vorgeblich von der Bank verschickt http://icoolshop.ru/ cp/server.php Transaction wird durch gestohlene SMS bestätigt IMEI / IMSI Download des vermeintlichen TokenGenerator Angreifer kann Konto einloggen und TAN anfordern Malware schickt Bestätigungs- SMS User Accesses Site Malware überweisst Geld (PC ist proxy) Malware phisht „Aktivierungs Code“ den der User am Endgerät eintippt Online-Banking Website Transaction Bestätigungs SMS Wird die App installiert scheint sie wie eine reguläre Bank-App auf Mit Token wir auch Trojaner installiert/aktiv © IKARUS Security Software GmbH 29.04.2015 10 APT – advanced persistent threat Ronald Biggs 2.0 CARBANAK More than 100 Banks in 30 country´s, More than 3000 infected machines Average attacktime 2-4 Month, some since 2013 © IKARUS Security Software GmbH • Transfers via OnlineBanking and international E-Payment-Systems • Controll about accounting system – additionalcredits on accounts / delta wath withdrawn • Cash-out via cash dinspenser at predefinde time 29.04.2015 11 Clear state-driven attack-vision Global cryptologic Dominance trough Responsive Presence and Network Advantage © IKARUS Security Software GmbH 29.04.2015 http://nsa.gov1.info/surveillance/ http://www.nsa.gov/about/_files/nsacss_strategy.pdf 12 First Conclusio We now know: Malware- Figures are exploding Number of Attacks grows porportinal Note ! Also complexity of these attacks ist growing proportional to every succesfull rejected attack actio - reactio © IKARUS Security Software GmbH 29.04.2015 13 Attacks against Security Industrie it self summary: Security-Companys have been infiltrated Methode: Spearphishing via email from “colleaques succesfully from unknown attackers Strategic ” with prepared Excel Sheets or PDF´s. Escalation of Keyplayer like RSA, KPN, Diginotar, TurkTrust; bit9, privileg rights to get Sysadmin Privileges – “opens” Gemalto have lost – algorithms, cryptokeys, Network to attacker from outside zertificats and costumer data – the basis for further successfull attacks against Industry Consequence: hundred thousands revoked Tokens Profil: Extrem complex attack to steal certificates or million revoked certifikates - even those one used modify “detection algorithms” as well as stealing by company´s like Google, Microsoft, the CIA and cryptokeys to break protected systems – even in many others high-secure evironments ( Lockheed Martin, Northrop Grumman..) Imagine that you can print your own passports – how much you want, no mather wich nationality, name, gender, function… © IKARUS Security Software GmbH 29.04.2015 Erosion of the Foundations of Security 14 14 Massive Exploits in million systems used worldwide Bash-Sicherheitslücke Shellshock Heartbleed-bug Der Heartbleed-Bug ist ein schwerwiegender Programmfehler der Open-Source-Bibliothek OpenSSL, durch den über verschlüsselte TLS-Verbindungen private Daten von Clients und Servern ausgelesen werden können. © IKARUS Security Software GmbH In der vom NIST verwendeten Bewertung des Schadenpotentials erhält Shellshock eine Bewertung von 10 von 10 - dem Maximum! 29.04.2015 15 Firewall ? © IKARUS Security Software GmbH 29.04.2015 16 Even such organisations could not defend themself © IKARUS Security Software GmbH 29.04.2015 17 Does not sound optimal New and succesfull attacks show us how strong the need - to change our cybersecurity strategies - is: More and more “High-Level” Systems, Organisations and Companys with very strong need for security are attacked succesfully State of the Art Security-Solutions and Riskmanagement could NOT prevent succesfull attacks Increasing professionalization of attackers capabilitys leads to the loss of petabytes of data and information The majority of succcesfull attacked company´s will never recognice – or very late - that their organisation has been hitten by an attack © IKARUS Security Software GmbH 29.04.2015 18 2. Conclusio Attention! We deliver our – undoubtedly only limeted succesfull strategies – to real critical environments And now it´s becoming really exciting © IKARUS Security Software GmbH 29.04.2015 19 © IKARUS Security Software GmbH 29.04.2015 20 3. Conclusio Note! Attacker are still arrived in this “internet of things” © IKARUS Security Software GmbH Some29.04.2015 examples 21 © IKARUS Security Software GmbH 29.04.2015 22 SmartGrid „digitalisation“ of our engergy production and networks © IKARUS Security Software GmbH 29.04.2015 23 Worm Simulator SmartMeter Networks Mike Davis has developed a Smart Meter Worm Simulator • within 24 hours he potentially infects 15,000 from 22,000 households • • • • The Control about the Meters was completly in the Hand of Davis. Remote Break of Meters – total control about engery delivery Remote access to the Concentrator (serversystem for meter) Could prevent access from energy operator © IKARUS Security Software GmbH 29.04.2015 24 Surprising reaction First reaction of the manufacturer: “completely impossible, something like a worm could not harm our meters and not spread within our network!” (sic!) After Davis has demonstrated his proof of concept in their lab The next question was: “how did you get access to our meters?” Davis answered “ I bought them on eBay” © IKARUS Security Software GmbH 29.04.2015 http://www.golem.de/news/intelligente-stromzaehler-gehackte-smart-meter-machen-lichter-aus-1410-109923.html 25 Future Trend: driverless car Most of the established car manufacturer like Nissan, Volvo, Daimler have announced driverless-cars for 2020 ! That is in 5 years !! - Googles „driverless car“ a Lexus RX450h does not need a driver But carrys a lot of technic inside ! © IKARUS Security Software GmbH 29.04.2015 26 Dircet Access to Car´s CAN-Bus Chip-Tuning of a different kind Charlie Miller and Chris Valasek did the job !, They find out what kind of attacks might be possible: fully controll about Breaking functionality Turn signal Car-Display Steering Wheel They have connected their laptop with the Car´s CAN-Bus System – but they have described also proof´s for remote access http://blog.ioactive.com/2013/08/car-hacking-content.htmlm Netz. © IKARUS Security Software GmbH 29.04.2015 27 CyberSecurity – res publica – it concerns us all www.cybersecurityaustria.at Many thanks © IKARUS Security Software GmbH 29.04.2015 Joe Pichlmayr, CEO Ikarus, Vorstand CybersecurityAustria, [email protected] 28
© Copyright 2024 ExpyDoc
