new trends on cyber security - cyber espionage & identity theft
DESCRIPTION
New trends on cyber security - Cyber Espionage & Identity theft. By K S Yash, CRO [email protected] www.avslabs.biz. Cyber Espionage. Espionage has gone from Physical world into Cyber world. Black hat around world breaking into networks and stealing important corporate information. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: New trends on cyber security - Cyber Espionage & Identity theft](https://reader036.vdocuments.site/reader036/viewer/2022062321/568141ec550346895dadcde9/html5/thumbnails/1.jpg)
New trends on cyber security - Cyber Espionage & Identity theft
By K S Yash, [email protected]
1www.avslabs.biz
![Page 2: New trends on cyber security - Cyber Espionage & Identity theft](https://reader036.vdocuments.site/reader036/viewer/2022062321/568141ec550346895dadcde9/html5/thumbnails/2.jpg)
Cyber Espionage
Espionage has gone from Physical world into Cyber world. Black hat around world breaking into networks and stealing important corporate information.
2 www.avslabs.biz
![Page 3: New trends on cyber security - Cyber Espionage & Identity theft](https://reader036.vdocuments.site/reader036/viewer/2022062321/568141ec550346895dadcde9/html5/thumbnails/3.jpg)
Recent attacks on corporate
Stealing of sensitive information in corporate leads to loss of 8 million $ contract to a Bangalore based company (source DNA newspaper)
Is it true?
3 www.avslabs.biz
![Page 4: New trends on cyber security - Cyber Espionage & Identity theft](https://reader036.vdocuments.site/reader036/viewer/2022062321/568141ec550346895dadcde9/html5/thumbnails/4.jpg)
Are you in danger?
Investment Required Information Worthiness(IRIW)
• What is worth of information for black hat to steal• Is it only black hat or a competitor hiring a black hat
who want information• Your business turnover is 20 crores, profit is 5 crores• Are you at risk with crucial information getting stolen?• Cyber espionage contracts start above 10 lakhs.
4 www.avslabs.biz
![Page 5: New trends on cyber security - Cyber Espionage & Identity theft](https://reader036.vdocuments.site/reader036/viewer/2022062321/568141ec550346895dadcde9/html5/thumbnails/5.jpg)
Protection in corporate
• Gateway antivirus• Corporate firewall• Personal Antivirus and Firewall• Some have RSA secure ID token!
5 www.avslabs.biz
![Page 6: New trends on cyber security - Cyber Espionage & Identity theft](https://reader036.vdocuments.site/reader036/viewer/2022062321/568141ec550346895dadcde9/html5/thumbnails/6.jpg)
Is this enough?
No. Not all type of attacks can be prevented bythese programs.
• Social Engineering• Tunnel Remote Admin Tools with Proxy• kernel level key logger (undetectable)• delivery using MS office , PDF undetected
vulnerability.
6 www.avslabs.biz
![Page 7: New trends on cyber security - Cyber Espionage & Identity theft](https://reader036.vdocuments.site/reader036/viewer/2022062321/568141ec550346895dadcde9/html5/thumbnails/7.jpg)
Type of attack
Social engineering: • Getting a email from a friend or colleague with
a attachment or weblink• The weblink could clicked to read the article.
The key logger or Trojan will be installed• In case of net banking, phishing attack is
nothing but social engineering.
7 www.avslabs.biz
![Page 8: New trends on cyber security - Cyber Espionage & Identity theft](https://reader036.vdocuments.site/reader036/viewer/2022062321/568141ec550346895dadcde9/html5/thumbnails/8.jpg)
Social engineering
• Email could come which looks like coming from friend as a greeting, web admin writing to you, picture file coming from a stranger or known person when you are on messenger.
• The threat need not come as attachment which is a program file.
8 www.avslabs.biz
![Page 9: New trends on cyber security - Cyber Espionage & Identity theft](https://reader036.vdocuments.site/reader036/viewer/2022062321/568141ec550346895dadcde9/html5/thumbnails/9.jpg)
Remote tunnel Trojan (proxy)
• Black hats use Trojans which can be deployed to a victim computer.• The Trojan connects back to an intermediate server
usually in china or Russia(RBN. St. Petersburg).• These intermediate server are usually illegal networks
and don’t co-operate for tracking the actual black hat hacker.• The Trojan injects into victim machine IE or Explorer
and connects using port HTTP or HTTPS• Usually these programs cannot be detected even with
an Intrusion Prevention System that detect anomaly.
9 www.avslabs.biz
![Page 10: New trends on cyber security - Cyber Espionage & Identity theft](https://reader036.vdocuments.site/reader036/viewer/2022062321/568141ec550346895dadcde9/html5/thumbnails/10.jpg)
Kernel Keylogger
Advanced key loggers– Capture keystrokes, – Identify specific sites using windows title– Post logs using port 80(http), load through ftp,
send via SMTP injection– Firewall bypassing feature working on windows
kernel.
10 www.avslabs.biz
![Page 11: New trends on cyber security - Cyber Espionage & Identity theft](https://reader036.vdocuments.site/reader036/viewer/2022062321/568141ec550346895dadcde9/html5/thumbnails/11.jpg)
Undetectable Vulnerability
• Black hat discover new vulnerabilities in acrobat PDF and MS office files.
• These vulnerabilities are usually like adding a weblink inside the pdf or the doc
• In ms office files , black hat discover buffer overflows. When the office document is opened, the buffer overflow happens and control transfers to the trojan which is inside the ms office file.
11 www.avslabs.biz
![Page 12: New trends on cyber security - Cyber Espionage & Identity theft](https://reader036.vdocuments.site/reader036/viewer/2022062321/568141ec550346895dadcde9/html5/thumbnails/12.jpg)
Identity Theft
Stealing of some one credentials making use of that credential privilege and doing transactions.
Areas common for identity theft• Net banking• Email (web based)• Identity theft of internal network credentials
12 www.avslabs.biz
![Page 13: New trends on cyber security - Cyber Espionage & Identity theft](https://reader036.vdocuments.site/reader036/viewer/2022062321/568141ec550346895dadcde9/html5/thumbnails/13.jpg)
Common tools used
• Phishing• Key logger• Trojans
13 www.avslabs.biz
![Page 14: New trends on cyber security - Cyber Espionage & Identity theft](https://reader036.vdocuments.site/reader036/viewer/2022062321/568141ec550346895dadcde9/html5/thumbnails/14.jpg)
Phishing
• Email from bank, email provider asking for personal details credentials are stolen• Sample e-mails offering to return £450 - 650 worth of
tax to "every man aged between 30 and 55 years"• From: UK Government & Ministry of Finance• Age, marital status and number of children• personal info can used to construct data for credit card
forms and other online transactions• As the UK Government is expected to make
announcements relating to recession-busting tax cuts
14 www.avslabs.biz
![Page 15: New trends on cyber security - Cyber Espionage & Identity theft](https://reader036.vdocuments.site/reader036/viewer/2022062321/568141ec550346895dadcde9/html5/thumbnails/15.jpg)
Identity theft toolsAdvanced key loggers : – Capture keystrokes, – Identify specific sites using windows title– Post logs using port 80(http), load into ftp, send via SMTP
use injection– Firewall bypassing feature working on windows kernel.
Trojans:– Windows kernel level– Tunnel Trojan uses intermediate server(to ensure no trace)
Like a proxy– Work on port 80, 443 (bypassing most firewall)– Can work at kernel level to avoid detection by antivirus
15 www.avslabs.biz
![Page 16: New trends on cyber security - Cyber Espionage & Identity theft](https://reader036.vdocuments.site/reader036/viewer/2022062321/568141ec550346895dadcde9/html5/thumbnails/16.jpg)
Netbanking
• Total of 80 cases on average pending in various law enforcement agencies relating to net banking per state
• Total of 2 crores for 80 cases per state on average. average money stolen is 2.5 lakh per case
• Banks pay? no? it is a consumer problem• Bank protects the transmission, back end server
not consumer desktop. It is a consumer, end point risk.
16 www.avslabs.biz
![Page 17: New trends on cyber security - Cyber Espionage & Identity theft](https://reader036.vdocuments.site/reader036/viewer/2022062321/568141ec550346895dadcde9/html5/thumbnails/17.jpg)
Netbanking
• Virtual keyboard in most banking sites are not safe
• The logic of virtual keyboard can broken by advanced researcher in a few minutes and a mouse logger tuned for specific bank can be written by black hat hackers
• In Europe two years back a mouse logger appeared that could almost intercept 121 different banks virtual keyboard.
17 www.avslabs.biz
![Page 18: New trends on cyber security - Cyber Espionage & Identity theft](https://reader036.vdocuments.site/reader036/viewer/2022062321/568141ec550346895dadcde9/html5/thumbnails/18.jpg)
Can Antivirus & Firewall Help?
• Antivirus works with signature and some with heuristics.
• Black hats normally write tools and test their tools against all antivirus, firewall before they deploy.
• They find way around heuristics, signature scans, anomaly and behavior blocking technologies.
18 www.avslabs.biz
![Page 19: New trends on cyber security - Cyber Espionage & Identity theft](https://reader036.vdocuments.site/reader036/viewer/2022062321/568141ec550346895dadcde9/html5/thumbnails/19.jpg)
Identity theft protector
Consumer can protect themselves from netbanking, web based emails passwords from getting stolen.
• Keyboard driver level encryption with browser plug-in
• Safe browser without a BHO• Program that changes windows title bars
19 www.avslabs.biz
![Page 20: New trends on cyber security - Cyber Espionage & Identity theft](https://reader036.vdocuments.site/reader036/viewer/2022062321/568141ec550346895dadcde9/html5/thumbnails/20.jpg)
How can this be prevented
• Banks can hire white hat hackers and specifically research on writing an anti-identity theft program.
• This program can be signed by banks digital certificate.
• Customer can click on secure login button, signed Active-x can download this authenticated & signed anti-identity theft program. Making this process simple for end customer.
20 www.avslabs.biz