dr kenneth geers the role of malware in chief research ... · comodo malware detections. sentosa...

The Role of Malware in Intelligence Operations

VB 2018 / Montreal

Dr Kenneth Geers

Chief Research Scientist

Comodo Cybersecurity

Dr. Kenneth Geers PhD, CISSP

Atlantic Council Senior Fellow

NATO Cyber Centre Ambassador

Professor: Ukraine

20 yrs USG: US Army, NSA, NCIS, NATO

Publications

• Understanding Cyber Conflict

• Cyber War in Perspective

• Tallinn Manual

• Strategic Cyber Security

• The Virtual Battlefield

kenneth.geers@comodo.com

@KennethGeers

Applications

Trojans

Worms

Viruses

Backdoors

Malware Timeline

Russia

USA

Poland

Switzerland

United States

Russia

South Africa

Malware Ratio Analysis

Brazil

Cape VerdeMay 14-15

UkraineJuly 29

USAAug 18-21

EgyptAug 2

Trojan Detections by Country

IndonesiaChina

BangladeshAug 13-14

BrazilAug 9-10

IraqJuly 1-2

India

Worm Detections by Country

TurkeyApr 19-25

IndiaMay 27-28

RussiaApr 16-23 Indonesia

BrazilJul 2-6

Canada

UkraineApr 19

UkraineMay 24

MalaysiaAug 23Ukraine

Aug 5

UkraineJun 24

Virus Detections by Country

Backdoor Detections by Country

United Kingdom

Russia

Italy

March 13

Tro

jan

sV

iru

ses

Wo

rms

Foreign Intelligence

Malware type:trojans

Mar 29 – Apr 1

U.S. InaugurationJan 20, 2017

USA / Russia / China

Comodo Malware Detections

Sentosa Island

June 20-21

VirusDetections

Oct 2

Kh

ash

ogg

i dis

app

ears

Oct 18

ExploitDetections

BackdoorDetections

VirusDetections

Oct 18

Oct 18

Oct 2

Kh

ash

ogg

i dis

app

ears

Oct 14

Oct 19

Oct 14

App / Trojan / WormDetections

TrojanDetections

WormDetections

Turkey Saudi Arabia

June 14-15

Virus

Trojan

Law Enforcement / Counterintelligence

April 25-27

June 4

May 24

Trojan downloader

May 28Business

March 12-13

Saint Kitts and NevisDetections

May 24

“Cyber War”

March 28

Syria

Jun 12

Jun 19Apr 9-12

May 24 – Jun 3

Aug 9-16 Sep 8-9May 3

UN seeks inquiry into “Russian” Idlib airstrikes

Possible US, Israeli military action in Syria

Int’l tension over CW War mostly over;

World turns attention to Idlib

Int’l concern over Idlib, chemicalweapons

OPCWinspectors in Syria

Chemicalweapons attack;US airstrikes

May 31

May 9Jul 6

Aug 2

Mar 17

Battle for Yemeni port

Saudi bombing;Peace talks;US visit to SA

Yemeni missile hits Saudi industrial target;Yemeni drone hits Saudi HQ in Yemen Saudis escalate

Yemen port siege

Missiles fired at Riyadh from Yemen;Saudi airstrikes vs. Yemeni Presidential palace

Yemen

Apr 10Apr 23

May 21-23

Jul 16Aug 8

Mar 17-18

Sep 2

Palestine appeal vs. Israel at UN

Anger at video of Palestinian shot by Israeli sniper

2 Israel soldiers killed;Army raids West Bank

Palestine submits ICC referral for “Israel crimes”

Israeli airstrikes in Gaza

Israeli airstrikes in Gaza

US defunds UNRWA

Palestine

May 20

Apr 9

Apr 28

Jun 16Jul 24

Aug 23

Israel/Iran tension;Currency crisis

Pompeo in Saudi Arabia, calls for new Iran sanctions

Pompeo threatens to “crush” Iran

Political protests in Iran

US-Iran tension

Iran

Democracy

VirginiaNov 2017Gubernatorial Election

July 1-4

April 18

May 18-25

USA: trojan detectionscolored by state

OhioJul 22-Aug 4

E = Election / R = Referendum / S = Snap election call / V = Vote recount

EE E R R S E R R E E V E E

Comodo Malware Detections

Arizona

SuspiciousApplications

Florida

SuspiciousApplications

Minnesota

Oct 8-12

Adware

Adware /TrojanAdware /

Trojan

Missouri

Oct 13

Adware /Trojan

New Jersey

Adware /Trojan /

Ransomware

Nevada

SuspiciousApplications

Tennessee

SuspiciousApplications

Wisconsin

SuspiciousApplications

Trojans

Worms

Backdoors

Viruses