WELCOME

WelcomeMatt Tett

MC/Moderator, CSO Australia

Australia Threat LandscapeVicente Diaz

Principal Security Researcher, Global Research and Analysis Team, Kaspersky Lab

Presentation

Agenda for today• Malicious threats in Australia• APTs– Geopolitical position and current status for Australia– Domestic surveillance?– Role of Australia in recent APTs

• Mitigation strategies

MALICIOUS THREATS IN AUSTRALIAPart 1

General overview• 47th (out of 200) position web AV detections• 130th (out of 200) on access Scan

• The lower the worst, so pretty good!

• 35th (out of 200) hosting malware

Main detections – web antivirusTrojan-Downloader.Win32.Upatre.vjj Trojan-Downloader.VBS.Agent.anx Trojan-Downloader.MSWord.Agent.qh Backdoor.Win32.Caphaw.vuv Trojan-Downloader.JS.Agent.hfd Trojan-Downloader.Win32.Upatre.cuez Trojan-Downloader.MSWord.Agent.oh Backdoor.Win32.Caphaw.aud Trojan-Dropper.Win32.Injector.nads Trojan-Downloader.Win32.Upatre.eixc

Trojan-Downloader.Win32.Upatre.ewvg Trojan.Win32.Yakes.mmjv Trojan.JS.Agent.clm Trojan-Downloader.Win32.Upatre.dmjp Trojan-Downloader.JS.Agent.hdo Trojan-Downloader.Win32.Dofoil.btkj Trojan.Win32.Agent.nesvyf Trojan-Downloader.Win32.Upatre.dhqy Trojan-Spy.Win32.SpyEyes.atkd Trojan-Downloader.JS.Iframe.diq

Banking Threats• Big impact of Upatre -> downloader of Dyre

US1 US2 UK1 UK2 UK3 US3 ES1 CA1 US4 UK4 IT1 ES2 US5 DE1 NL1 DE2 AU1 AU2 US6 CH10

20

40

60

80

100

120

140

160

DDoS attacks

FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION!We are Armada Collective.All your servers will be DDoS-ed starting Monday if you don't pay 20 Bitcoins @ 1KS3qYKnwEeH1GEHh3yo1eCyoGfiQ14gWfWhen we say all, we mean all - users will not be able to access sites host with you at all.Right now we will start 15 minutes attack on your site's IP (xx.xx.xx.xx). It will not be hard, we will not crash it at the moment to try to minimize eventual damage, which we want to avoid at this moment. It's just to prove that this is not a hoax. Check your logs!If you don't pay by Monday, attack will start, price to stop will increase to 40 BTC and will go up 20 BTC for every day of attack.If you report this to media and try to get some free publicity by using our name, instead of paying, attack will start permanently and will lastfor a long time.This is not a joke.Our attacks are extremely powerful - sometimes over 1 Tbps per second. So, no cheap protection will help.Prevent it all with just 20 BTC @ 1KS3qYKnwEeH1GEHh3yo1eCyoGfiQ14gWfDo not reply, we will probably not read. Pay and we will know its you. AND YOU WILL NEVER AGAIN HEAR FROM US!BItcoin is anonymous, nobody will ever know you cooperated.

Mobile Threats

Mobile Threats

MODERN APTS AND AUSTRALIAPart 2

Geopolitical situation • Motivators for attackers today– 12th economy in the world– materials, banking, telcos, food market– Wang Yi urged Australia to become “a bridge between

east and west. “• Also, member of 5 eyes– The SPE miniFlame module ENG_AUS

Domestic surveillance?

External cyberespionageMandiant: “existence of attacks mainly against mining and resources sectors with Chinese origins.”

Context: “most state-sponsored hacking in Australia was Chinese in origin, although Context had “detected some remnants of the Russians, who are always much better at cleaning up".

Modern APTs

External cyberespionage - evidences• Detection of PlugX – mostly used by Chinese APT

actors• Target of NetTraveler• Target of IceFog

Role of Australia in recent attacks• Not only China– Crouching Yeti• Academic and Research Network• IT company –systems to streamline management and

governance processes – MiniDuke• Government

Role of Australia in recent attacks• Carbanak and Anunak

Modern APTs

Modern APTs

MITIGATION STRATEGIESPart 3

Mitigation strategies• Most effective strategies (courtesy of Australian

Signal Directorate) to avoid 85% of attacks:– Application whitelisting– Patching systems– Restricting administrative privileges– Creating a defence-in-depth system

Mitigation strategies• The role of Threat intelligence

Source: https://digital-forensics.sans.org/summit-archives/cti_summit2014/Threat_Intelligence_Buyers_Guide_Rick_Holland.pdf

CSO’s Fireside Chat with Vicente DiazConducted by David Braue

Journalist, CSO Australia

Cyber Security Panel SesionVicente Diaz - Principal Security Researcher, Global Research and Analysis Team,

Kaspersky LabDaniella Traino – Cyber Security Business Team, Data61 – NICTA

Craig Templeton – Principal, Cyber Security Research, ANZSamantha MacLeod – General Manager of Cyber Security, ME Bank

Vince Humphries – Executive Manager, Unsolicited Communications & Cyber Security, ACMAModerated by Matt Tett, CSO MC/Moderator

Thank you