Future is now. LA evolución de las Amenazas digitales. Dani Security Researcher Global Research & Analysis Team

Tamaño: px

Comenzar la demostración a partir de la página:

Download "Future is now. LA evolución de las Amenazas digitales. Dani Creus @them0ux Security Researcher Global Research & Analysis Team"

Juana Lara Vázquez
hace 8 años
Vistas:

1 Future is now LA evolución de las Amenazas digitales Dani Security Researcher Global Research & Analysis Team

2 R-Evolución 201x x

3 Epoca Romántica (198X-2000) CONOCIMIENTO, SUPERACIÓN INDIVIDUALISTAS, GRUPOS REDUCIDOS OBJETIVOS : EMPRESAS, INSTITUCIONES, ETC.

4 MALWARE (198X ) CARACTER EXPERIMENTAL 1995 : CONCEPT (M) 1998 : CIH, NETBUS (R) 1999 : HAPPY99, MELISSA, SUB7,BACKORIFFICE (R) 2000 : ILOVEYOU (VBS) AUTO-REPRODUCCIÓN POLIMORFISMO MACRO VIRUSES RATS FIRMAS ESTÁTICAS AVP: (GUI / SOFTWARE + DB) NUEVOS FORMATOS/SISTEMAS ANTIVIRUS

ILOVEYOU (VBS) AUTO-REPRODUCCIÓN POLIMORFISMO MACRO VIRUSES RATS

5 EDAD MEDIA ( ) DINERO, CONOCIMIENTO, INFORMACIÓN SUPERACIÓN GRUPOS + NÚMEROSOS DIVERSIFICACIÓN de TAREAS VICTIMAS -> USUARIOS PHISHING COMUNIDADES 2.0

6 Malware ( ) 2001 : SADMIN, CODE RED I - II, NIMDA : SIMILE, MYLIFE (OUTLOOK) OPTIX PRO, BEAST 2003 : SLAMMER (SQL), BLASTER 2004 : BAGLE, NETSKY, CABIR, NUCLEUS, ADWARE *MORFISMO, KEYLOGGERS RATS MOBILE VELOCIDAD DE ACTUALIZACIÓN HEURÍSTICA ANTI-EVASIÓN ANTIVIRUS -> ANTIMALWARE

BLASTER 2004 : BAGLE, NETSKY, CABIR, NUCLEUS, ADWARE *MORFISMO,

7 EDAD MEDIA ( )

8 Revolución industrial ( x) GRUPOS ORGANIZADOS / NUEVOS ACTORES NUEVOS MODELOS DE NEGOCIO (FaaS) ESQUEMAS: SOFISTICACIÓN Y AGRESIVIDAD MULTI-PLATAFORMA PROFESIONALIZACIÓN DISPONIBILIDAD

9 PROFESIONALIZACIÓN Infraestructuras Técnico Desarrolladores Distribuidores Operadores Comercial Gestión Drops Soporte Cashiers Drop MGR

10 DISPONIBILIDAD

11 INFRAESTRUCTURAS

12 EXPLOIT KITS

13 Malware ( ) 2007 : ZEUS 2008 : TORPIG, GPCode, CONFICKER 2009 : CLAMPI 2010 : TDSS,ALUREON, STUXNET 2011 : SPYEYE + ZEUS, LEAKS, DUQU, CARBERP, ROGUEWARE (FAKEAV S) 2012 : FLAME/SKYWIPER, SHAMOON, BITCOIN MINERS 2013/2014 : ATM MALWARE, POS, RANSOMWARE

LEAKS, DUQU, CARBERP, ROGUEWARE (FAKEAV S) 2012 :

14 PHARMING KEYLOGGING ID + Password FORM GRABBING Troyanos bancarios CAPTURAS DE PANTALLA Virtual keyboard OTP PHISHING Code card MITB Token INYECCIÓN DE CÓDIGO SMS : mtan

16 Amenazas digitales 0.1% 9.9% 90% Armas cibernéticas Amenazas dirigidas Delitos tradicionales

17 Amenazas Dirigidas Threat Classification Detection Active Facts Duqu Cyber-espionage malware September 2011 May 2012 Since 2010 Sophisticated Trojan Acts as a backdoor into a system Facilitates the theft of private information Flame Cyber-espionage malware Since 2007 More than 600 specific targets Can spread over a local network or via a USB stick Records screenshots, audio, keyboard activity and network traffic Gauss Cyber-espionage malware July 2012 Since 2011 Sophisticated toolkit with modules perform a variety of functions The vast majority of victims were located in Lebanon miniflame Cyber-espionage malware October 2012 Since 2012 Miniature yet fully-fledged spyware module Used for highly targeted attacks Works as standalone malware or as a plug-in for Flame Red October Cyber-espionage campaign January 2013 Since 2007 One of the first massive espionage campaigns conducted on a global scale Targeted diplomatic and governmental agencies Russian language text in the code notes NetTraveler Series of cyberespionage campaigns May 2013 Since high profile victims in 40 countries Exploits known vulnerabilities Directed at private companies, industry and research facilities, governmental agencies Careto / The Mask Extremely sophisticated cyber-espionage campaign February 2014 Since victims in 31 countries Complex toolset with malware, rootkit, bootkit Versions for Windows, Mac OS X, Linux Considered one of the most advanced APTs ever

and network traffic Gauss Cyber-espionage malware July 2012 Since 2011 Sophisticated toolkit with modules perform a variety of functions The vast majority of victims were located in Lebanon miniflame

18 HALCONES DEL DESIERTO

19 EQUATIONAPT EQUATIONDRUG DOUBLEFANTASY EQUESTRE TRIPLEFANTASY GRAYFISH FANNY EQUATIONLASER

20 TENDENCIAS Amenazas dirigidas Fragmentación de grupos Irrupción de mercenarios Ataques de bandera Falsa ELUSIVIDAD Delitos tradicionales Agresividad (Extorsión) Nuevas Plataformas (IOT, cars, etc) Adaptación técnicas avanzadas REUTILIZACIÓN

ELUSIVIDAD Delitos tradicionales Agresividad (Extorsión)

21 ESTRATEGIAS Defensa en capas INTELIGENCIA Forjar Alianzas El factor humano Aspecto legal.

22 Muchas GRACIAS! Dani Security Researcher Global Research & Analysis Team

Documentos relacionados

e RIME EVOLUTION Dani Security Researcher Global Research & Analysis Team Kaspersky Lab

e RIME EVOLUTION Dani Security Researcher Global Research & Analysis Team Kaspersky Lab e RIME EVOLUTION Dani Creus @them0ux Security Researcher Global Research & Analysis Team Kaspersky Lab Marc Rivero @seifreed Senior ecrime IT Ers Deloitte CyberSOC CONTEXTO MOTIVACIONES OFF-LINE/ONLINE