View
300
Download
0
Category
Preview:
Citation preview
WELCOME
WelcomeMatt Tett
MC/Moderator, CSO Australia
Australia Threat LandscapeVicente Diaz
Principal Security Researcher, Global Research and Analysis Team, Kaspersky Lab
Presentation
Agenda for today• Malicious threats in Australia• APTs– Geopolitical position and current status for Australia– Domestic surveillance?– Role of Australia in recent APTs
• Mitigation strategies
MALICIOUS THREATS IN AUSTRALIAPart 1
General overview• 47th (out of 200) position web AV detections• 130th (out of 200) on access Scan
• The lower the worst, so pretty good!
• 35th (out of 200) hosting malware
Main detections – web antivirusTrojan-Downloader.Win32.Upatre.vjj Trojan-Downloader.VBS.Agent.anx Trojan-Downloader.MSWord.Agent.qh Backdoor.Win32.Caphaw.vuv Trojan-Downloader.JS.Agent.hfd Trojan-Downloader.Win32.Upatre.cuez Trojan-Downloader.MSWord.Agent.oh Backdoor.Win32.Caphaw.aud Trojan-Dropper.Win32.Injector.nads Trojan-Downloader.Win32.Upatre.eixc
Trojan-Downloader.Win32.Upatre.ewvg Trojan.Win32.Yakes.mmjv Trojan.JS.Agent.clm Trojan-Downloader.Win32.Upatre.dmjp Trojan-Downloader.JS.Agent.hdo Trojan-Downloader.Win32.Dofoil.btkj Trojan.Win32.Agent.nesvyf Trojan-Downloader.Win32.Upatre.dhqy Trojan-Spy.Win32.SpyEyes.atkd Trojan-Downloader.JS.Iframe.diq
Banking Threats• Big impact of Upatre -> downloader of Dyre
US1 US2 UK1 UK2 UK3 US3 ES1 CA1 US4 UK4 IT1 ES2 US5 DE1 NL1 DE2 AU1 AU2 US6 CH10
20
40
60
80
100
120
140
160
DDoS attacks
FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION!We are Armada Collective.All your servers will be DDoS-ed starting Monday if you don't pay 20 Bitcoins @ 1KS3qYKnwEeH1GEHh3yo1eCyoGfiQ14gWfWhen we say all, we mean all - users will not be able to access sites host with you at all.Right now we will start 15 minutes attack on your site's IP (xx.xx.xx.xx). It will not be hard, we will not crash it at the moment to try to minimize eventual damage, which we want to avoid at this moment. It's just to prove that this is not a hoax. Check your logs!If you don't pay by Monday, attack will start, price to stop will increase to 40 BTC and will go up 20 BTC for every day of attack.If you report this to media and try to get some free publicity by using our name, instead of paying, attack will start permanently and will lastfor a long time.This is not a joke.Our attacks are extremely powerful - sometimes over 1 Tbps per second. So, no cheap protection will help.Prevent it all with just 20 BTC @ 1KS3qYKnwEeH1GEHh3yo1eCyoGfiQ14gWfDo not reply, we will probably not read. Pay and we will know its you. AND YOU WILL NEVER AGAIN HEAR FROM US!BItcoin is anonymous, nobody will ever know you cooperated.
Mobile Threats
Mobile Threats
MODERN APTS AND AUSTRALIAPart 2
Geopolitical situation • Motivators for attackers today– 12th economy in the world– materials, banking, telcos, food market– Wang Yi urged Australia to become “a bridge between
east and west. “• Also, member of 5 eyes– The SPE miniFlame module ENG_AUS
Domestic surveillance?
External cyberespionageMandiant: “existence of attacks mainly against mining and resources sectors with Chinese origins.”
Context: “most state-sponsored hacking in Australia was Chinese in origin, although Context had “detected some remnants of the Russians, who are always much better at cleaning up".
Modern APTs
External cyberespionage - evidences• Detection of PlugX – mostly used by Chinese APT
actors• Target of NetTraveler• Target of IceFog
Role of Australia in recent attacks• Not only China– Crouching Yeti• Academic and Research Network• IT company –systems to streamline management and
governance processes – MiniDuke• Government
Role of Australia in recent attacks• Carbanak and Anunak
Modern APTs
Modern APTs
MITIGATION STRATEGIESPart 3
Mitigation strategies• Most effective strategies (courtesy of Australian
Signal Directorate) to avoid 85% of attacks:– Application whitelisting– Patching systems– Restricting administrative privileges– Creating a defence-in-depth system
Mitigation strategies• The role of Threat intelligence
Source: https://digital-forensics.sans.org/summit-archives/cti_summit2014/Threat_Intelligence_Buyers_Guide_Rick_Holland.pdf
CSO’s Fireside Chat with Vicente DiazConducted by David Braue
Journalist, CSO Australia
Cyber Security Panel SesionVicente Diaz - Principal Security Researcher, Global Research and Analysis Team,
Kaspersky LabDaniella Traino – Cyber Security Business Team, Data61 – NICTA
Craig Templeton – Principal, Cyber Security Research, ANZSamantha MacLeod – General Manager of Cyber Security, ME Bank
Vince Humphries – Executive Manager, Unsolicited Communications & Cyber Security, ACMAModerated by Matt Tett, CSO MC/Moderator
Thank you
Recommended