cso cxo series breakfast in partnership with kaspersky lab,, 11th nov sydney. 13th nov melbourne
TRANSCRIPT
![Page 1: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/1.jpg)
WELCOME
![Page 2: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/2.jpg)
WelcomeMatt Tett
MC/Moderator, CSO Australia
![Page 3: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/3.jpg)
Australia Threat LandscapeVicente Diaz
Principal Security Researcher, Global Research and Analysis Team, Kaspersky Lab
![Page 4: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/4.jpg)
Presentation
![Page 5: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/5.jpg)
Agenda for today• Malicious threats in Australia• APTs– Geopolitical position and current status for Australia– Domestic surveillance?– Role of Australia in recent APTs
• Mitigation strategies
![Page 6: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/6.jpg)
MALICIOUS THREATS IN AUSTRALIAPart 1
![Page 7: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/7.jpg)
General overview• 47th (out of 200) position web AV detections• 130th (out of 200) on access Scan
• The lower the worst, so pretty good!
• 35th (out of 200) hosting malware
![Page 8: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/8.jpg)
Main detections – web antivirusTrojan-Downloader.Win32.Upatre.vjj Trojan-Downloader.VBS.Agent.anx Trojan-Downloader.MSWord.Agent.qh Backdoor.Win32.Caphaw.vuv Trojan-Downloader.JS.Agent.hfd Trojan-Downloader.Win32.Upatre.cuez Trojan-Downloader.MSWord.Agent.oh Backdoor.Win32.Caphaw.aud Trojan-Dropper.Win32.Injector.nads Trojan-Downloader.Win32.Upatre.eixc
Trojan-Downloader.Win32.Upatre.ewvg Trojan.Win32.Yakes.mmjv Trojan.JS.Agent.clm Trojan-Downloader.Win32.Upatre.dmjp Trojan-Downloader.JS.Agent.hdo Trojan-Downloader.Win32.Dofoil.btkj Trojan.Win32.Agent.nesvyf Trojan-Downloader.Win32.Upatre.dhqy Trojan-Spy.Win32.SpyEyes.atkd Trojan-Downloader.JS.Iframe.diq
![Page 9: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/9.jpg)
Banking Threats• Big impact of Upatre -> downloader of Dyre
US1 US2 UK1 UK2 UK3 US3 ES1 CA1 US4 UK4 IT1 ES2 US5 DE1 NL1 DE2 AU1 AU2 US6 CH10
20
40
60
80
100
120
140
160
![Page 10: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/10.jpg)
DDoS attacks
![Page 11: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/11.jpg)
FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION!We are Armada Collective.All your servers will be DDoS-ed starting Monday if you don't pay 20 Bitcoins @ 1KS3qYKnwEeH1GEHh3yo1eCyoGfiQ14gWfWhen we say all, we mean all - users will not be able to access sites host with you at all.Right now we will start 15 minutes attack on your site's IP (xx.xx.xx.xx). It will not be hard, we will not crash it at the moment to try to minimize eventual damage, which we want to avoid at this moment. It's just to prove that this is not a hoax. Check your logs!If you don't pay by Monday, attack will start, price to stop will increase to 40 BTC and will go up 20 BTC for every day of attack.If you report this to media and try to get some free publicity by using our name, instead of paying, attack will start permanently and will lastfor a long time.This is not a joke.Our attacks are extremely powerful - sometimes over 1 Tbps per second. So, no cheap protection will help.Prevent it all with just 20 BTC @ 1KS3qYKnwEeH1GEHh3yo1eCyoGfiQ14gWfDo not reply, we will probably not read. Pay and we will know its you. AND YOU WILL NEVER AGAIN HEAR FROM US!BItcoin is anonymous, nobody will ever know you cooperated.
![Page 12: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/12.jpg)
Mobile Threats
![Page 13: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/13.jpg)
Mobile Threats
![Page 14: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/14.jpg)
MODERN APTS AND AUSTRALIAPart 2
![Page 15: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/15.jpg)
Geopolitical situation • Motivators for attackers today– 12th economy in the world– materials, banking, telcos, food market– Wang Yi urged Australia to become “a bridge between
east and west. “• Also, member of 5 eyes– The SPE miniFlame module ENG_AUS
![Page 16: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/16.jpg)
Domestic surveillance?
![Page 17: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/17.jpg)
External cyberespionageMandiant: “existence of attacks mainly against mining and resources sectors with Chinese origins.”
Context: “most state-sponsored hacking in Australia was Chinese in origin, although Context had “detected some remnants of the Russians, who are always much better at cleaning up".
![Page 18: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/18.jpg)
Modern APTs
![Page 19: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/19.jpg)
External cyberespionage - evidences• Detection of PlugX – mostly used by Chinese APT
actors• Target of NetTraveler• Target of IceFog
![Page 20: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/20.jpg)
Role of Australia in recent attacks• Not only China– Crouching Yeti• Academic and Research Network• IT company –systems to streamline management and
governance processes – MiniDuke• Government
![Page 21: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/21.jpg)
Role of Australia in recent attacks• Carbanak and Anunak
![Page 22: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/22.jpg)
Modern APTs
![Page 23: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/23.jpg)
Modern APTs
![Page 24: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/24.jpg)
MITIGATION STRATEGIESPart 3
![Page 25: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/25.jpg)
Mitigation strategies• Most effective strategies (courtesy of Australian
Signal Directorate) to avoid 85% of attacks:– Application whitelisting– Patching systems– Restricting administrative privileges– Creating a defence-in-depth system
![Page 26: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/26.jpg)
Mitigation strategies• The role of Threat intelligence
Source: https://digital-forensics.sans.org/summit-archives/cti_summit2014/Threat_Intelligence_Buyers_Guide_Rick_Holland.pdf
![Page 27: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/27.jpg)
CSO’s Fireside Chat with Vicente DiazConducted by David Braue
Journalist, CSO Australia
![Page 28: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/28.jpg)
Cyber Security Panel SesionVicente Diaz - Principal Security Researcher, Global Research and Analysis Team,
Kaspersky LabDaniella Traino – Cyber Security Business Team, Data61 – NICTA
Craig Templeton – Principal, Cyber Security Research, ANZSamantha MacLeod – General Manager of Cyber Security, ME Bank
Vince Humphries – Executive Manager, Unsolicited Communications & Cyber Security, ACMAModerated by Matt Tett, CSO MC/Moderator
![Page 29: CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney. 13th Nov Melbourne](https://reader036.vdocuments.site/reader036/viewer/2022062503/58efb47e1a28abb2318b45c5/html5/thumbnails/29.jpg)
Thank you