snw europe; datacenter technologies;...
TRANSCRIPT
POWERING THE CLOUD : 30th – 31st October 2012, Congress Frankfurt
SNW EUROPE; DATACENTER TECHNOLOGIES; VIRTUALIZATION WORLD
#ptc #SNWEurope #vw #dct
Physical or Virtual. On premise or in the cloud. An endpoint is an
endpoint is an endpoint: and needs proper protection.
Presented by Peter Beardmore, Senior Director of Product Marketing,
Kaspersky Lab
Session reference KN16 for your feedback forms
Physical or Virtual.
On premise or in the cloud.
An endpoint is an endpoint is an endpoint:
and needs proper protection.
Malware attacks at a glance
PAGE 3 |
• Over 125,000 new malicious samples found every day
• Currently over 8 Million signatures in our AV database
Four Main Actors
PAGE 4 |
• Cyber criminals (financially motivated)
• Hacktivists
• APT (targeted attacks against businesses)
• Nation-state cyber-espionage
Attacking consumers
PAGE 5 |
• Vast majority of attacks via the web
• Java has taken over as preferred target of exploitation
• Cyber-crime market has matured
• Fake AV, Ransomware and banker malware for the most part
• VM-aware
Targeting businesses in general
PAGE 6 |
• Better ROI
• Network worms
• Extremely persistent
• Use of stolen certificates
• Post-Stuxnet trend
• Privilege escalation exploits
VM(M) in sight
PAGE 7 |
• Just recently…
It doesn’t stop here
PAGE 8 |
It’s an ongoing trend…
PAGE 9 |
Let’s go back a bit more
PAGE 10 |
Increased focus started a while ago
PAGE 11 |
‘APT’ – Advanced Persistent Threats
PAGE 12 |
• Very organized, very targeted
• Sometimes sophisticated, sometimes rudimentary
• E-mail is preferred delivery mechanism – malicious PDF, Word .doc
• Flash files inside PDF and Office documents very popular
Levels of attackers
PAGE 13 |
Top tier
• All own code, introducing brand new zero-day
Second tier
• Re-used code, new zero-day
Third tier
• Re-used code, re-used zero-day
Fourth tier
• All old stuff (usage of patched vulnerabilities)
Remember the RSA attack?
Even the nation-state attacks (Duqu)
VM(M)-specific security scenarios
PAGE 16 |
• Privilege Escalation / Escape to host
• Network traffic sniffing
• Lost audit trails
• Everything still has to be patched
• Mostly future threats
• Innovation spurred on by security researchers and APT
Just a couple months ago…
| 31 October 2012 Kaspersky Lab PowerPoint Template PAGE 17 |
Conclusions
PAGE 18 |
• There’s no significant difference between the VM and real world
• For non-targeted attacks security through obscurity works
• Being second worst is no longer a valid tactic
• All the signs point toward more VM-specific attacks
Thank You
www.ThreatPost.com