A short talk on Advanced Persistent Threat and corresponding malware seen in the wild. Also touches upon the role of electronic media in over hyping specific cases.
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
APT Malware & Media
1. APT .. Malware and Media
Entertainment for the Industry
http://www.3slabs.com
2. Advanced Persistent Threat
??
• Target: Organization “XYZ”
– Follows Security Best Practices
– Regular Penetration Tests done
– Empty report with Nessus, AppScan/Acunetix/... on their online
assets
I am a h4x0r and I have better and easier
targets than “XYZ”
I am an employee and my employer
“demands” that I compromise “XYZ”
4. The Popular “APT”s 2013
•
•
•
•
•
•
•
•
Red October
APT1
MiniDuke
TeamSpy
Flame
Duqu
StuxNet
[ …. Lot more .. ]
Top countries with Online Resources
seeded with Malware
http://www.securelist.com/en/analysis/204792292/IT_Threat_Evolution_Q1_2013
5. The “supposedly” Father of APT
You cannot blame it all on the CHINESE ANY MORE !
http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet
6. Life of an “APT”
Exploits
R&D
AV Evasion
Payloads
[…]
0day Research
Profiling
Ops
Monitoring
Phishing
Analysis
Targeted Attacks
[…]
Admin & Misc
11. The Case of APT “proliferation”
• The MiniDuke Exploit CVE-2013-0640
– Adobe Reader 0day Found-in-the-Wild
– Highly Sophisticated Exploit
• ASLR & DEP bypass using
– Information Leak
– Dynamic Return-Oriented-Programming (ROP)
– First ‘public’ example of ROP-only Shellcode
• Reliable Sandbox Escape
http://www.fireeye.com/blog/technical/cyber-exploits/2013/02/the-number-of-the-beast.html
http://www.fireeye.com/blog/technical/cyber-exploits/2013/02/its-a-kind-of-magic-1.html
http://www.varanoid.com/security-vendors/mcafee/analyzing-the-first-rop-only-sandbox-escaping-pdfexploit/
12. The Case of APT “proliferation”
This exploit was
developed in TAG
TEAM effort with