SlideShare a Scribd company logo

Russia the threat landscape

А
Альбина Минуллина

1) Russia poses a serious threat landscape, targeting governments, financial organizations, telecommunications, utilities, and transport sectors, as well as citizens. 2) An investigation of a cryptocurrency bank found 1000 workstations and 200 servers infected over 2 weeks, with backups also hacked using unique encryption keys on each device and PowerShell scripts. 3) Threat tactics seen include wipers, cryptors like Black Energy and HDDCryptor, as well as Shamoon 2 and WannaCry exploiting the EternalBlue vulnerability and using techniques like full disk encryption, malware-less attacks, and "tailored" encryption.

Technology
1 of 39
Downloaded 12 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
RUSSIA: THE THREAT LANDSCAPE Sergey Gordeychik Targeted Attack Discovery APT Advanced threats Intelligence Abnormal Behavior Threat Hunting
THE THREAT LANDSCAPE 2 Government Financial organizationsTelecommunications Utilities Transport Citizens
The case of the CRYPTOBANK
INVESTIGATION RESULTS 4 1000 workstations, 200 servers 2 weeks of unsuccessful encryption attempts Backups servers hacked also FDE tool/unique encryption key for each device PowerShell scripts…
TTP 5 Enterprise wipers/cryptors Black Energy HDDCryptor Shamoon 2 Wannacrypt Full disk encryption Malware-less “Tailored” encryption https://kas.pr/aAg2
Russia the threat landscape
14 OF MARCH Microsoft publish MS17-010 critical security update
14 OF APRIL WikiLeaks publish Vault 7 from Shadow Brokers Exploit EternalBlue Backdoor DoublePulsar
23 OF APRIL Warning: Drop everything and patch all the Windows things now! DoublePulsar via EternalBlue MS17-010 3% of Internet faced Windows was hacked
12 OF MAY Wannacry Russia, Ukraine, India, Taiwan
25 OF MAY
PowerShell scripts?..
PowerShell scripts?..
INVESTIGATION RESULTS 14 The initial breach occurred 6 months before Spear phishing “from” jd@wincor-nixdorf.net Cobalt Strike beacon Privilege escalation (Mimikatz, Pass-the-Hash) Access to ATM management station Silence…
15 countries Near East Asia East/West Europe Russia 40+ banks XFS ATM withdraw sdelete.exe wipe “Offensive Security Certified” hacking
CYBER THREAT VELOCITY https://www.youtube.com/watch?v=e50DpEvKJ-k
COBALT: MAY 2017
TECHNIQUES, TACTICS AND PROCEDURES 18 Pentest-style attack Massive breach post processing Targets selection and profiling Black market Remote access Insiders Passwords Drops Organized activity
The case of the https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx
OOPS, THEY DID IT AGAIN 22 Domain controllers under control since 2013 psexec for lateral movement Steganography for C2 communications Checks for (only) Qihoo 360 AV 3 days for ”do it again” after cleanup • Trusted domain in daughter company • Overseas branch • Backdoor VPN channel
THEY NETHER GIVE UP 23 You don't have to be a target to be a victim Supply chain attack Multiple C2 channel Malware-less attacks Server side implants Taidoor/ Whitewhile Poisoned Flight/Elirks PlugX/ ZeroT TropicTrooper
KATA IMPLEMENTATION STATISTICS 24 78 installations in critical infrastructure Government FSI Media Utilities Active targeted attacks Espionage 55% Criminal 45% 0,00% 20,00% 40,00% 60,00% 80,00% 100,00% 120,00% Espionage Criminal Random
KATA IMPLEMENTATION STATISTICS 25 0 10 20 30 40 50 60
https://www.hackread.com/mirai-botnet-linked-to-dyn-dns-ddos-attacks
http://census2012.sourceforge.net/paper.html
November 2, 1988
https://www.slideshare.net/dleyanlin/5- worms-and-other-malware-14762181
ICS/SCADA
Russia the threat landscape
2016 VS 2017 China:1380 -> 469 Russia: 2302 -> 3637
A THOUSAND BATTLES, A THOUSAND VICTORIES
THREAT HUNTING 34 https://sqrrl.com/solutions/cyber-threat-hunting/ Cyber threat hunting is the practice of searching iteratively through data to detect advanced threats that evade traditional security solutions. SecurityToolsMonitoringHunting Prevention Threat hunting SOC Alerting Risks
http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf https://www.sans.org/reading-room/whitepapers/analyst/who-what-where-when-effective-threat-hunting-36785 http://info.isightpartners.com/definitive-guide Eric M. Hutchins∗ , Michael J. Cloppert† , Rohan M. Amin, Ph.D.‡ Lockheed Martin Corporation
http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf https://www.sans.org/reading-room/whitepapers/analyst/who-what-where-when-effective-threat-hunting-36785 http://info.isightpartners.com/definitive-guide Eric M. Hutchins∗ , Michael J. Cloppert† , Rohan M. Amin, Ph.D.‡ Lockheed Martin Corporation
FROM THE OTHER SIDE OF THE FENCES https://securelist.com/blog/virus-watch/74150/plugx-malware-a-good-hacker-is-an-apologetic- hacker/http://blog.ptsecurity.com/2016/12/cobalt-how-criminals-hacked-`atms.html
THE THREAT LANDSCAPE 38 Government Critical Financial organizations High Telecommunications High Utilities High Transport High Citizens
39 Know the enemy Know you self Follow tends Use what you have Looks forward Remember the past Hunt the hunters
SILENCE IS A SCARY SOUND
BE SAFE! Sergey Gordeychik 1337@kaspersky.com @scadasl Targeted Attack Discovery APT Advanced threats IT issues Abnormal Behavior Internal threats

More Related Content

PDF
Secure Coding for Java - An Introduction
Sebastien Gioria
 
PPTX
Как автоматизировать, то что находит аналитик SOC
Denis Batrankov, CISSP
 
PDF
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
Hacks in Taiwan (HITCON)
 
PDF
What you need to know about ExPetr ransomware
Kaspersky
 
PDF
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
Kaspersky
 
PPTX
Kaspersky Kesb ep10 no_cm_v01a
Igor Pandzic
 
PPTX
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SWITCHPOINT NV/SA
 
PPTX
Cyber kill chain
Ankita Ganguly
 
Secure Coding for Java - An Introduction
Sebastien Gioria
 
Как автоматизировать, то что находит аналитик SOC
Denis Batrankov, CISSP
 
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
Hacks in Taiwan (HITCON)
 
What you need to know about ExPetr ransomware
Kaspersky
 
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
Kaspersky
 
Kaspersky Kesb ep10 no_cm_v01a
Igor Pandzic
 
SOPHOS presentation used during the SWITCHPOINT NV/SA Quarterly Experience Da...
SWITCHPOINT NV/SA
 
Cyber kill chain
Ankita Ganguly
 

What's hot (20)

PDF
Présentation kaspersky threat intelligence services
ANSItunCERT
 
PPTX
Hands on Security - Disrupting the Kill Chain Breakout Session
Splunk
 
PDF
ICS Cyber Security Effectiveness Measurement
Aleksey Lukatskiy
 
PPTX
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
HackIT Ukraine
 
PPTX
Preventing Today's Malware
David Perkins
 
PDF
A Threat Hunter Himself
Sergey Soldatov
 
PPTX
Shadow IT
Risk Analysis Consultants, s.r.o.
 
PDF
Palestra Filipi Pires - Ransomware – Existe proteção para isso?
BHack Conference
 
PPTX
Content Analysis System and Advanced Threat Protection
Blue Coat
 
PPTX
Breaking the cyber kill chain!
Nahidul Kibria
 
PDF
Threat Hunting with Cyber Kill Chain
Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
PDF
Industrial Threats Landscape, H2'2017
Kaspersky
 
PDF
Antispam aneb plnoleté řešení
MarketingArrowECS_CZ
 
DOCX
How to use mtr 2
Eduardo Narvaez
 
PPSX
SonicWALL Advanced Features
David Perkins
 
PDF
Catching Multilayered Zero-Day Attacks on MS Office
Kaspersky
 
PDF
Addressing the cyber kill chain
Symantec Brasil
 
PDF
CSF18 - Incident Response in the Cloud - Yuri Diogenes
NCCOMMS
 
PDF
The Next Generation Security
Cybera Inc.
 
PDF
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Luca Bongiorni
 
Présentation kaspersky threat intelligence services
ANSItunCERT
 
Hands on Security - Disrupting the Kill Chain Breakout Session
Splunk
 
ICS Cyber Security Effectiveness Measurement
Aleksey Lukatskiy
 
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
HackIT Ukraine
 
Preventing Today's Malware
David Perkins
 
A Threat Hunter Himself
Sergey Soldatov
 
Shadow IT
Risk Analysis Consultants, s.r.o.
 
Palestra Filipi Pires - Ransomware – Existe proteção para isso?
BHack Conference
 
Content Analysis System and Advanced Threat Protection
Blue Coat
 
Breaking the cyber kill chain!
Nahidul Kibria
 
Threat Hunting with Cyber Kill Chain
Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Industrial Threats Landscape, H2'2017
Kaspersky
 
Antispam aneb plnoleté řešení
MarketingArrowECS_CZ
 
How to use mtr 2
Eduardo Narvaez
 
SonicWALL Advanced Features
David Perkins
 
Catching Multilayered Zero-Day Attacks on MS Office
Kaspersky
 
Addressing the cyber kill chain
Symantec Brasil
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
NCCOMMS
 
The Next Generation Security
Cybera Inc.
 
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Luca Bongiorni
 
Ad

Similar to Russia the threat landscape (20)

PPTX
How secure are you?
Joe Morris
 
PPTX
Cyber security # Lec 1
Kabul Education University
 
PDF
Article 1 - cyber threat.pdf
1445629213
 
PPTX
GovSec Joyal New Threat Matrix
Paul Joyal
 
PDF
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Graeme Wood
 
PPT
Cyber Security Emerging Threats
isc2dfw
 
PPT
Combating Cyber Threats: Cyber Thread Information Program
amirrullohacmad
 
PDF
Cybersecurity | Risk. Impact. Innovations.
Vertex Holdings
 
PDF
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
Lumension
 
PDF
Keynote: Which way is the SolarWind Blowing? Techniques are changing…are you ...
JamieWilliams130
 
PPTX
Zero Trust.pptx
ThavaselviMunusamy1
 
PDF
UN Presentation - 10-17-2018 - Maccaglia
Stefano Maccaglia
 
PPTX
Looking Ahead Why 2019 Will Be The year of Cyberwarfare
Securicon
 
PDF
Exp w22 exp-w22
SelectedPresentations
 
PPTX
Types-of-Cyberattacks-Understanding-the-Threat-Landscape.pptx
akolisnychenko
 
PDF
NSA's panic. JetBrains [EN].pdf
Overkill Security
 
PDF
Dell Technologies Cyber Security playbook
Margarete McGrath
 
PPTX
Event: George Washington University -- National Security Threat Convergence: ...
Chuck Brooks
 
PDF
Resiliency-Part One -11-3-2015
Dr Robert D. Childs
 
PPTX
Emerging Threats to Infrastructure
Jorge Orchilles
 
How secure are you?
Joe Morris
 
Cyber security # Lec 1
Kabul Education University
 
Article 1 - cyber threat.pdf
1445629213
 
GovSec Joyal New Threat Matrix
Paul Joyal
 
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Graeme Wood
 
Cyber Security Emerging Threats
isc2dfw
 
Combating Cyber Threats: Cyber Thread Information Program
amirrullohacmad
 
Cybersecurity | Risk. Impact. Innovations.
Vertex Holdings
 
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
Lumension
 
Keynote: Which way is the SolarWind Blowing? Techniques are changing…are you ...
JamieWilliams130
 
Zero Trust.pptx
ThavaselviMunusamy1
 
UN Presentation - 10-17-2018 - Maccaglia
Stefano Maccaglia
 
Looking Ahead Why 2019 Will Be The year of Cyberwarfare
Securicon
 
Exp w22 exp-w22
SelectedPresentations
 
Types-of-Cyberattacks-Understanding-the-Threat-Landscape.pptx
akolisnychenko
 
NSA's panic. JetBrains [EN].pdf
Overkill Security
 
Dell Technologies Cyber Security playbook
Margarete McGrath
 
Event: George Washington University -- National Security Threat Convergence: ...
Chuck Brooks
 
Resiliency-Part One -11-3-2015
Dr Robert D. Childs
 
Emerging Threats to Infrastructure
Jorge Orchilles
 
Ad

More from Альбина Минуллина (20)

PDF
Не бойтесь виртуализации АСУ ТП
Альбина Минуллина
 
PDF
Технология плоского_прямого резервного копирования
Альбина Минуллина
 
PDF
Сетевые решения HUAWEI для корпоративной инфраструктуры
Альбина Минуллина
 
PDF
От реального оборудования к виртуальному
Альбина Минуллина
 
PDF
Модернизация ЦОДа
Альбина Минуллина
 
PDF
Доступ к корпоративным приложениям, десктопам и данным с любого устройства
Альбина Минуллина
 
PDF
WorkspaceOne
Альбина Минуллина
 
PDF
SimpliVity
Альбина Минуллина
 
PDF
HPE Aruba Mobile First
Альбина Минуллина
 
PDF
All Flash системы хранения – примеры из реального опыта
Альбина Минуллина
 
PDF
Тренды угроз для БД и веб-приложений
Альбина Минуллина
 
PDF
Типовые атаки на корпоративную информационную систему (КИС)
Альбина Минуллина
 
PDF
Результаты пилотов Kaspersky Anti Targeted Attack Platform
Альбина Минуллина
 
PDF
Можно ли обмануть DLP
Альбина Минуллина
 
PDF
Искусственный интеллект на защите информации
Альбина Минуллина
 
PDF
Внедрение IDM
Альбина Минуллина
 
PDF
Визуализация взломов в собственной сети PAN
Альбина Минуллина
 
PDF
Аудит веб-приложений
Альбина Минуллина
 
PDF
Адаптивная модель кибербезопасности для цифрового предприятия
Альбина Минуллина
 
PDF
SandBlast Solutions
Альбина Минуллина
 
Не бойтесь виртуализации АСУ ТП
Альбина Минуллина
 
Технология плоского_прямого резервного копирования
Альбина Минуллина
 
Сетевые решения HUAWEI для корпоративной инфраструктуры
Альбина Минуллина
 
От реального оборудования к виртуальному
Альбина Минуллина
 
Модернизация ЦОДа
Альбина Минуллина
 
Доступ к корпоративным приложениям, десктопам и данным с любого устройства
Альбина Минуллина
 
WorkspaceOne
Альбина Минуллина
 
SimpliVity
Альбина Минуллина
 
HPE Aruba Mobile First
Альбина Минуллина
 
All Flash системы хранения – примеры из реального опыта
Альбина Минуллина
 
Тренды угроз для БД и веб-приложений
Альбина Минуллина
 
Типовые атаки на корпоративную информационную систему (КИС)
Альбина Минуллина
 
Результаты пилотов Kaspersky Anti Targeted Attack Platform
Альбина Минуллина
 
Можно ли обмануть DLP
Альбина Минуллина
 
Искусственный интеллект на защите информации
Альбина Минуллина
 
Внедрение IDM
Альбина Минуллина
 
Визуализация взломов в собственной сети PAN
Альбина Минуллина
 
Аудит веб-приложений
Альбина Минуллина
 
Адаптивная модель кибербезопасности для цифрового предприятия
Альбина Минуллина
 
SandBlast Solutions
Альбина Минуллина
 

Recently uploaded (20)

PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
KodekX | Application Modernization Development
KodekX
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 

Russia the threat landscape