Alexandru Catalin Cosoi

Head of BitDefender Online Threats Lab

Contents

•  Malware, spam and phishing

•  Trending Menaces –  Corporate Data leaks & hacks –  Rogue Mobile Devices Applications –  Rogue Social Networks Applications

•  The anatomy of a targeted attack

•  What can we do?

Malware Evolution

Phishing Attacks

Spam – not quite history

•  About 12% decrease in the last 6 months on email spam •  About 15% increase in the last 6 months on comment spam

–  Comes from several IPs as email spam –  Although the messages in a wave are semantically identical, they are

syntactical different –  A spam analyst can notice the evolution from email spam to blog spam

•  Growing interest in social media spam

What’s Next?

•  Security companies do whatever it takes to secure their customers •  OS developers are learning from their mistakes and new versions are

safer than their predecessors •  (some) Users have learned what is a spam message, why they should

not open attachments in spam messages •  The number of threats is continuously growing

The Master Plan

A"ack 

Prepare the a"ack 

Build the structure 

• Create unique messages based on the vic<m’s social profile 

• Convince them to disable the protec<on if necessary 

• Find people and iden<fy their online iden<ty • Spread spyware that will constantly monitor their ac<vity 

• Malware that infects computers and steals data or becomes part of a botnet 

• Spam messages that contain infected a"achments 

• Fake shops and scams which provide the necessary investment 

Recent Data Leaks

Leaks

•  WikiLeaks •  Facebook Apps leaking access

tokens to 3’rd parties

Hacks

•  Operation Aurora •  LastPass •  PSN •  Fox.com •  Epsilon •  WordPress •  RSA

All Eyes on Facebook

•  23% of our Facebook security app users found something malicious on their wall –  34.7% stalker apps (who viewed my profile, etc) –  16.2% game scams –  14.1% shocking images/video –  12.5% fake Facebook Features –  8.4% fake famous games versions –  5.7% free gadget offers –  4.1% other types of less popular scams –  4.3% malware

Menaces for Android Devices

•  Fake Online Banking Applications •  Tap Snake •  FakePlayer •  Geinimi •  ADRD •  PjApps •  DroidDream

Steps of a Targeted Attack

email address • Social media accounts • Complete Name and Nicknames 

• List of registered domains 

LinkedIn & Social Networks • Gender • Workplace related info • List of friends and coworkers 

• Field of ac<vity and interests 

Aggregate data into complete social profiles • Use search engines to complement the informa<on extracted from SNS 

• Use NLP techniques to parse and use data 

Attacks Topology

Vic’s Online Iden<ty 

Proceed automa<cally and target a single individual 

Direct Profit (phishing, etc)  Iden<ty theS 

Proceed manually and target an en<re group 

Confiden<al Data / Intellectual Property 

Our online identity

Questions that need to be asked

•  What is your name or nickname? •  What are your interests? •  Who do you work for? •  Who are your friends/colleagues? •  What is you job title? •  Who is you manager/CEO/director? •  Who are your family members? •  Are you married? With whom? •  Do you have any kids? What are their names? •  Where do you live? Where were you born? •  How much do you earn? •  Where do you stay? How expensive is your house?

Hypothetical trivial example Dear Alexandru Cosoi, I'm writing to you in a time of sadness and desperation. I'm not sure if you know this, but two decades ago, your cousin, [insert random Romanian name] Cosoi moved to Nigeria. Here he managed to start a shipment business which in time managed to become quite successful. He has two sons [another random Romanian name here] Cosoi and [yet another random Romanian name here] Cosoi, which moved to UK. Your cousin is dying, bla bla bla, so we need to transfer money out of Nigeria to UK, in order to provide a decent living for his kids. We ask for your help because you are family and we wouldn't bother you if it weren't important, and also, it would be better to keep this between us. •  email address •  Gender •  Name •  location And it this doesn't work, how about a letter coming directly from my cousin's son? :)

Wrapping up

•  Social engineering works. •  Social engineering can be automated •  We need to understand the addiction to social networks and the fact that

users will post information about themselves online •  Blocking access to social networks is not a sollution •  Education can work. It’s our duty to educate both users and employees

about social engineering and how their own data can turn against them.