Transcript Document 7567233

Cyberthreat Landscape 2010-2011
Outcomes, Trends and Forecasts
Cyberthreat Landscape
Visualize 2010 Trends, Review What is Behind Us, and Look Forward
2010 by the Numbers
Outcomes for 2010
Forecasts 2011
2010 by the Numbers
Overall Attacks Increase
Total Yearly
Detections
2,500,000,000.00
1,906,039,380
2,000,000,000.00
1,500,000,000.00
+1400%
1,000,000,000.00
134,814,015
500,000,000.00
30,075,005
0.00
2008
2009
2010
Source: Kaspersky Lab
| 11 February 2011
PAGE 3 | Kaspersky Lab International Press Tour “Cyberthreat
Landscape 2010-2011: Outcomes, Trends and Forecasts"
2010 by the Numbers
Web Attacks Increase
+ 800%
Source: Kaspersky Lab
| 11 February 2011
PAGE 4 | Kaspersky Lab International Press Tour “Cyberthreat
Landscape 2010-2011: Outcomes, Trends and Forecasts"
2010 by the Numbers
Strength in the Cloud and Heuristics
95%
75%
Source: Kaspersky Lab
| 11 February 2011
PAGE 5 | Kaspersky Lab International Press Tour “Cyberthreat
Landscape 2010-2011: Outcomes, Trends and Forecasts"
2010 by the Numbers
2010 Kaspersky Security Network
Kaspersky Security Network (KSN)
Cloud Based Services
Malware, Spam Detection
Voluntary Data Collection
KSN 2010 Malware Statistics
Overall Detections
Web Attacks, Sources
| 11 February 2011
PAGE 6 | Kaspersky Lab International Press Tour “Cyberthreat
Landscape 2010-2011: Outcomes, Trends and Forecasts"
2010 by the Numbers
Where Is the Malware?
Poland
1%
Where is the malware?
Philippines
British Virgin Islands Hong Kong
1%
Vietnam
1%
0%
0%
France
Moldova Turkey
Sweden
2%
Australia
Canada 1%
1%
3%
0%
Latvia 2%
United Kingdom
2%
4%
United States
Russian Federation
China
United States
29%
Ukraine
4%
Netherlands
Germany
Spain
Ukraine
Spain
5%
United Kingdom
Sweden
Germany
7%
Latvia
France
Canada
British Virgin Islands
Netherlands
7%
Poland
Russian Federation
Moldova
17%
Philippines
Turkey
China
14%
Vietnam
Hong Kong
Australia
Source: Kaspersky Lab
| 11 February 2011
PAGE 7 | Kaspersky Lab International Press Tour “Cyberthreat
Landscape 2010-2011: Outcomes, Trends and Forecasts"
Cyberthreat Landscape
2010 Outcomes
Exploitation 2010 – A Year of Vulnerability
Targeted Attacks
The New Stuxnet Era
Digital Certificates and (dis)Trust
Mobile Malware
The Calm Before the Storm
2009 Predictions for 2010 - Outcomes
2010 Outcomes
Web Attacks Increase – What and How?
Attack Techniques, Sources and Monetization
• Spread Techniques
• Automated Exploitation Systems, Ready-Made Exploit Packs
• Monetization
| 11 February 2011
PAGE 9 | Kaspersky Lab International Press Tour “Cyberthreat
Landscape 2010-2011: Outcomes, Trends and Forecasts"
2010 Outcomes
Exploitation 2010 - A Year of Microsoft Vulnerabilities
300
270
250
4 0day Stuxnet Itw
229
217
200
IE Use-after-free
0day
166
154
150
MS10
CVE-2010
Malcrafted HCP Url
CVE-2010 Rolling Total
119
114
100
IE6 Aurora Disclosure
IE Peers 0day
53
50
51
35
26
Jan
25
18
11
Mar
15
10
3
Feb
41
35
34
13
99
2
0
PAGE 10 |
80
78
5
4
2
Apr
May
Jun
Jul
Aug
Kaspersky Lab International Press Tour “Cyberthreat
| 11 February 2011
Landscape 2010-2011: Outcomes, Trends and Forecasts"
16
12
10
Sep
Oct
17
12
3
Nov
Dec
Source: Microsoft Security Bulletins
2010 Outcomes
Exploitation 2010 - A Year of Adobe Reader Vulnerabilities
80
70
70
68
70
60
PEK delivers libTIFF
with ROP
50
43
45
43
APSB
40
30
45
Cooltype.dll SING TTF
targeted emails
Targeted emails –
libTIFF attacks
26
Monthly CVE
CVE Rolling Total
26
23
20
17
15
10
11
9
2
1
0
Jan
11
Feb
1
0
Mar
Apr
1
0
May
Jun
2
1
0
Jul
Aug
Sep
2
1
1
0
Oct
Nov
0
Dec
Source: Microsoft Security Bulletins
PAGE 11 |
Kaspersky Lab International Press Tour “Cyberthreat
| 11 February 2011
Landscape 2010-2011: Outcomes, Trends and Forecasts"
2010 Outcomes
Exploitation 2010 - A Year of Oracle-Sun Java Vulnerabilities
70
65
65
65
60
50
Java
Trusted Method
Chain ITW
40
CPU
Monthly CVE
Rolling CVE Total
30
27
27
27
27
27
28
27
Java
RMIConnectionImpl
ITW
20
10
0
0
Jan
PAGE 12 |
0
Feb
0
Mar
0
Apr
0
May
Jun
0
Jul
0
Aug
Kaspersky Lab International Press Tour “Cyberthreat
| 11 February 2011
Landscape 2010-2011: Outcomes, Trends and Forecasts"
0
Sep
0
Oct
Nov
0
Dec
Source: Microsoft Security Bulletins
2010 Outcomes
Exploitation 2010 - A Year of Vulnerabilities
#1. Internet Explorer
#2. Adobe Reader
#3. Oracle Sun Java
Source: Kaspersky Lab
PAGE 13 |
Kaspersky Lab International Press Tour “Cyberthreat
| 11 February 2011
Landscape 2010-2011: Outcomes, Trends and Forecasts"
2010 Outcomes
Attacking Commerce and Industry
Operation Aurora
• Commercial Targets
– 30+ Multinational Corporations (non-governmental entities)
» Google, Yahoo, Symantec, Adobe, Northrop Grumman, Dow Chemical, etc
– Determined Coordination – Holiday Timing
– Access and Obtain Source Code on Misconfigured/Insecure Perforce Servers - Authentication
Systems, Sensitive Communications
Stuxnet
• Development and Deployment Sophistication
• Unmatched Precision Targeting PLC’s
– First public industrial cyber-sabotage incident
| 11 February 2011
PAGE 14 | Kaspersky Lab International Press Tour “Cyberthreat
Landscape 2010-2011: Outcomes, Trends and Forecasts"
Calm Before the Storm 2010
Cloud Computing Quietly Attracts Cyberattacks
The Low Rumble of Cloud Computing
• Legitimate adoption
• Crooked adoption
| 11 February 2011
PAGE 15 | Kaspersky Lab International Press Tour “Cyberthreat
Landscape 2010-2011: Outcomes, Trends and Forecasts"
Calm Before the Storm 2010
Cloud Computing Quietly Attracts Cyberattacks
2010 Anti-Cloud Activity
• Attacking legitimate cloud services
• Attacking cloud related client components
| 11 February 2011
PAGE 16 | Kaspersky Lab International Press Tour “Cyberthreat
Landscape 2010-2011: Outcomes, Trends and Forecasts"
2010 Outcomes
Digital (mis)Trust
Shaky Foundation of Trust
• Successful Cybercriminal Access and Use
• Potential Certificate “Authority” Subversion
• Key Theft
– Stuxnet
– Zeus, SpyEye
• Certificate Cutting
| 11 February 2011
PAGE 17 | Kaspersky Lab International Press Tour “Cyberthreat
Landscape 2010-2011: Outcomes, Trends and Forecasts"
2010 Outcomes
Mobile Malware – Android and iPhone
Android Popularity Skyrockets
• New Exploits - Kernel Problems and Coverity’s 88 Highly Critical Vulnerabilities
• Exploit and Shellcode Development – Defcon 18 Demo
• SMS Trojans and Spyware
Android Sideloading and iPhone jail-breaking
iPwned and Market
• Both Closed and Open Models at Risk
| 11 February 2011
PAGE 18 | Kaspersky Lab International Press Tour “Cyberthreat
Landscape 2010-2011: Outcomes, Trends and Forecasts"
2010 Outcomes
Sensitive Data Accessible and Exposed
Network Concerns, Plain Text and Incidents
• BGP Tables and Plain Text Transmissions
• Firesheep Firefox Session Hijack Plug-in
Data Leaks and Breaches
• Wikileaks Data Leaks
• Numerous Breaches
– Physical Losses
– Hacked Servers/Malware
– Social Engineering
| 11 February 2011
PAGE 19 | Kaspersky Lab International Press Tour “Cyberthreat
Landscape 2010-2011: Outcomes, Trends and Forecasts"
2010 Outcomes
2010 Prediction Results from 2009
An increase in the number of attacks via P2P networks
Correct!
Competition for traffic
Correct!
Malware epidemics and increasing complexity of malicious programs
Correct!
Decreasing global numbers of Rogue AV
Correct!(?)
Attacks on and via Google Wave
Incorrect!
Attacks on iPhone and Android devices
Partially Correct!
| 11 February 2011
PAGE 20 | Kaspersky Lab International Press Tour “Cyberthreat
Landscape 2010-2011: Outcomes, Trends and Forecasts"
Cyberthreat Landscape
2011 Forecasts
Steal Everything
2011 Forecasts
What to Watch 2011
Four phenomena to watch in 2011
Methods
• Client side exploits
• Mobile platforms, especially Android
• Social networks
New Organizers
• New Markets and Buyers
• Unlikely immediate impact on average user
Spyware 2.0 and New Aims
• Steal Everything
• Acquisition of someone or something’s complete profile and behavior
• Similarity to social networks and advertisers collection
| 11 February 2011
PAGE 22 | Kaspersky Lab International Press Tour “Cyberthreat
Landscape 2010-2011: Outcomes, Trends and Forecasts"
2011 Forecasts
Precise Methods, New Organizers, New Aims
New generation of better organized, more malevolent malware writers
Malware attacks target information and data for immediate financial gain
Personally identifying information becomes the target of the new breed of
cybercriminals and another source of income for those already in the game
Spyware 2.0 emerges, a new class of malware that steals users’ personal data
(identity theft) plus any other type of data it can find
Spyware 2.0 becomes a popular tool for both new and old players alike
An increasing number of attacks on corporate users by traditional cybercriminals
and the gradual decline in direct attacks on everyday users
Mobile devices and cloud services become increasingly targeted platforms
Exploiting vulnerabilities remains the principal method of carrying out attacks
and a significant increase in the scope and speed with which they are used
| 11 February 2011
PAGE 23 | Kaspersky Lab International Press Tour “Cyberthreat
Landscape 2010-2011: Outcomes, Trends and Forecasts"
Thank You
Cyberthreat Landscape 2010-2011
Outcomes, Trends and Forecasts
Kurt Baumgartner, Senior Security Researcher, Kaspersky Lab
Kaspersky Lab International Press Tour “Cyberthreat Landscape 2010-2011: Outcomes, Trends and Forecasts”
Moscow, February 10-13, 2011