1 / 21

New trends on cyber security - Cyber Espionage & Identity theft

New trends on cyber security - Cyber Espionage & Identity theft. By K S Yash, CRO yash@avslabs.biz www.avslabs.biz. Cyber Espionage. Espionage has gone from Physical world into Cyber world. Black hat around world breaking into networks and stealing important corporate information.

sai
Download Presentation

New trends on cyber security - Cyber Espionage & Identity theft

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. New trends on cyber security - Cyber Espionage & Identity theft By K S Yash, CRO yash@avslabs.biz www.avslabs.biz www.avslabs.biz

  2. Cyber Espionage www.avslabs.biz Espionage has gone from Physical world into Cyber world. Black hat around world breaking into networks and stealing important corporate information.

  3. Recent attacks on corporate www.avslabs.biz Stealing of sensitive information in corporate leads to loss of 8 million $ contract to a Bangalore based company (source DNA newspaper) Is it true?

  4. Are you in danger? www.avslabs.biz Investment Required Information Worthiness(IRIW) • What is worth of information for black hat to steal • Is it only black hat or a competitor hiring a black hat who want information • Your business turnover is 20 crores, profit is 5 crores • Are you at risk with crucial information getting stolen? • Cyber espionage contracts start above 10 lakhs.

  5. Protection in corporate www.avslabs.biz Gateway antivirus Corporate firewall Personal Antivirus and Firewall Some have RSA secure ID token!

  6. Is this enough? www.avslabs.biz No. Not all type of attacks can be prevented by these programs. Social Engineering Tunnel Remote Admin Tools with Proxy kernel level key logger (undetectable) delivery using MS office , PDF undetected vulnerability.

  7. Type of attack www.avslabs.biz Social engineering: Getting a email from a friend or colleague with a attachment or weblink The weblink could clicked to read the article. The key logger or Trojan will be installed In case of net banking, phishing attack is nothing but social engineering.

  8. Social engineering www.avslabs.biz Email could come which looks like coming from friend as a greeting, web admin writing to you, picture file coming from a stranger or known person when you are on messenger. The threat need not come as attachment which is a program file.

  9. Remote tunnel Trojan (proxy) www.avslabs.biz • Black hats use Trojans which can be deployed to a victim computer. • The Trojan connects back to an intermediate server usually in china or Russia(RBN. St. Petersburg). • These intermediate server are usually illegal networks and don’t co-operate for tracking the actual black hat hacker. • The Trojan injects into victim machine IE or Explorer and connects using port HTTP or HTTPS • Usually these programs cannot be detected even with an Intrusion Prevention System that detect anomaly.

  10. Kernel Keylogger www.avslabs.biz Advanced key loggers • Capture keystrokes, • Identify specific sites using windows title • Post logs using port 80(http), load through ftp, send via SMTP injection • Firewall bypassing feature working on windows kernel.

  11. Undetectable Vulnerability www.avslabs.biz Black hat discover new vulnerabilities in acrobat PDF and MS office files. These vulnerabilities are usually like adding a weblink inside the pdf or the doc In ms office files , black hat discover buffer overflows. When the office document is opened, the buffer overflow happens and control transfers to the trojan which is inside the ms office file.

  12. Identity Theft www.avslabs.biz Stealing of some one credentials making use of that credential privilege and doing transactions. Areas common for identity theft Net banking Email (web based) Identity theft of internal network credentials

  13. Common tools used www.avslabs.biz Phishing Key logger Trojans

  14. Phishing www.avslabs.biz Email from bank, email provider asking for personal details credentials are stolen Sample e-mails offering to return £450 - 650 worth of tax to "every man aged between 30 and 55 years" From: UK Government & Ministry of Finance Age, marital status and number of children personal info can used to construct data for credit card forms and other online transactions As the UK Government is expected to make announcements relating to recession-busting tax cuts

  15. Identity theft tools www.avslabs.biz Advanced key loggers : • Capture keystrokes, • Identify specific sites using windows title • Post logs using port 80(http), load into ftp, send via SMTP use injection • Firewall bypassing feature working on windows kernel. Trojans: • Windows kernel level • Tunnel Trojan uses intermediate server(to ensure no trace) Like a proxy • Work on port 80, 443 (bypassing most firewall) • Can work at kernel level to avoid detection by antivirus

  16. Netbanking www.avslabs.biz Total of 80 cases on average pending in various law enforcement agencies relating to net banking per state Total of 2 crores for 80 cases per state on average. average money stolen is 2.5 lakh per case Banks pay? no? it is a consumer problem Bank protects the transmission, back end server not consumer desktop. It is a consumer, end point risk.

  17. Netbanking www.avslabs.biz Virtual keyboard in most banking sites are not safe The logic of virtual keyboard can broken by advanced researcher in a few minutes and a mouse logger tuned for specific bank can be written by black hat hackers In Europe two years back a mouse logger appeared that could almost intercept 121 different banks virtual keyboard.

  18. Can Antivirus & Firewall Help? www.avslabs.biz Antivirus works with signature and some with heuristics. Black hats normally write tools and test their tools against all antivirus, firewall before they deploy. They find way around heuristics, signature scans, anomaly and behavior blocking technologies.

  19. Identity theft protector www.avslabs.biz Consumer can protect themselves from netbanking, web based emails passwords from getting stolen. Keyboard driver level encryption with browser plug-in Safe browser without a BHO Program that changes windows title bars

  20. How can this be prevented www.avslabs.biz Banks can hire white hat hackers and specifically research on writing an anti-identity theft program. This program can be signed by banks digital certificate. Customer can click on secure login button, signed Active-x can download this authenticated & signed anti-identity theft program. Making this process simple for end customer.

  21. Thanking you www.avslabs.biz Q&A Contact : yash@avslabs.biz

More Related