Click to edit Master title style • Click to edit Master text styles – Second level • Third level Why does the disaster always strike in your city? – Fourth level » Fifth level Evolution of social networking threats Ștefan Tănase Senior Regional Researcher, EEMEA Global Research and Analysis Team June 10th, 2009 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Event details (title, place) Moscow, January 28-31, 2010 Overview Click to edit Master title style • Intro • Click to edit Master text styles • –Evolution of social networks Second level • Third level • Evolution of social networking threats – Fourth level – The web» as Fifththe levelmain infection vector – What to expect from 2010? – Targeted attacks • Questions and answers – You – Ryan Naraine June 10th, 2009 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Event details (title, place) Moscow, January 28-31, 2010 Intro –tolet’s up! Click edit stand Master title style • “White”, “black”, “pink”… “not wearing any” • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Event details (title, place) Moscow, January 28-31, 2010 Avatarto edit Master title style Click • • • • • Have you seen Avatar? Click to edit Master text styles In 3D? – Second level Twice? • Third level – Fourth level girlfriends? With both of your » Fifth level • At the same time? • What was the vulnerability presented in Avatar? • Trusting technology to win against humans. June 10th, 2009 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Event details (title, place) Moscow, January 28-31, 2010 Evolution of Master social networks Click to edit title style • In terms of traffic: • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Event details (title, place) Moscow, January 28-31, 2010 Evolution of Master social networks Click to edit title style • In terms of money: • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Event details (title, place) Moscow, January 28-31, 2010 Evolution of Master social networks Click to edit title style • Total number of malicious software samples that are • targeting Click to edit Master text styles social networks: +100.000 – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Event details (title, place) Moscow, January 28-31, 2010 What to toedit expect fromtitle 2010? Click Master style • As social networks continue to grow, the threats • Click to edit Master text styles associated with them will obviously escalate. – Second level • Third level – Fourth level – Old threats in old applications - it’s sooo 2009! » Fifth level – Old threats in new applications - predictable – New threats in old applications - more/less predictable – New threats in new applications - totally unpredictable June 10th, 2009 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Event details (title, place) Moscow, January 28-31, 2010 What’s right Click to out editthere Master titlenow style 2,000 • Click1,800 to edit Master text styles 15,000% – Second level 1,600 growth vs 2006 1,400 • Third level 1,200 – Fourth level 1,000 » Fifth level 800 600 400 200 0 2006 2007 2008 2009 Infected websites out of a pool of 300K Source: Kaspersky Lab Analytical article - http://www.viruslist.com/en/analysis?pubid=204792089 June 10th, 2009 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Event details (title, place) Moscow, January 28-31, 2010 What’s right Click to out editthere Master titlenow style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Event details (title, place) Moscow, January 28-31, 2010 What’s right Click to out editthere Master titlenow style • 1 in 150 websites is currently spreading infections • Click to edit Master text styles – Legitimate websites, with legitimate traffic – Second level – Breaches caused by compromised FTP accounts • Third level – Fourth level – Injected with iframes or javascripts that deliver exploits » Fifth level – Visitors not running the latest versions of plug-ins and browsers get infected – FTP passwords are extracted from the infected computers • Everything that’s out there… is out there anyway. So let’s talk about the future. June 10th, 2009 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Event details (title, place) Moscow, January 28-31, 2010 What to toedit expect fromtitle 2010? Click Master style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Event details (title, place) Moscow, January 28-31, 2010 What to toedit expect fromtitle 2010? Click Master style •• Old threats, new applications Click to edit Master text styles – Second level • Third level • Vulnerabilities in the applications themselves – Fourth level » Fifth level – Google Wave XSS is a very good example • Unwanted content: spam, phishing • Malicious programs: more space to spread them • Koobface: development of new modules – to target the new applications once they become popular June 10th, 2009 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Event details (title, place) Moscow, January 28-31, 2010 What to toedit expect fromtitle 2010? Click Master style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Event details (title, place) Moscow, January 28-31, 2010 What to toedit expect fromtitle 2010? Click Master style •• New threats, old applications Click to edit Master text styles – Second level • Third level • Exploiting the new features as they are being added – Fourth level level • Evolution»ofFifthKoobface: – Start attacking more experienced users – AV detection rates will really start to matter – Encrypted config files (plain text at the moment) – P2P architecture (server – client at the moment) – Use of drive-by downloads, not just social engineering June 10th, 2009 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Event details (title, place) Moscow, January 28-31, 2010 What to toedit expect fromtitle 2010? Click Master style •• New threats, new applications Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Event details (title, place) Moscow, January 28-31, 2010 Targeted attacks become mainstream Click to edit Master title style • So much personal information becomes public on • Click to edit Master text styles social networks right now – Second level • Advertisers • Third levelare already doing it: targeted ads – Age, gender, location, interests, work field, browsing habits, relationships – Fourth level » Fifth level • Targeted ads? Targeted attacks are already out there • But social networks are enabling the cybercriminals to start delivering automated targeted attacks • The personal data is there. Next step? Automation. • Geographical IP location has been around for a while • Automatic language translation services are becoming better • Personal interests & tastes are public (ie: trending topics) June 10th, 2009 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Event details (title, place) Moscow, January 28-31, 2010 Geo targeting example Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Event details (title, place) Moscow, January 28-31, 2010 Language example Click to edittargeting Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Event details (title, place) Moscow, January 28-31, 2010 Interests targeting Click to edit Masterexample title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Event details (title, place) Moscow, January 28-31, 2010 Targeted attacks become mainstream Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Event details (title, place) Moscow, January 28-31, 2010 What’s Click to next? edit Master title style The number and complexity •• Click to edit Master text stylesof threats that exploit web 2.0 platforms will continue to grow – Second level • Third level are opening up new ways for • Social networks – Fourth level automated targeted attacks against individuals » Fifth level • Localized, contextualized, personalized • It will be very hard for social networks to do better: unfortunately, their business means usability, not security • Attacks will also shift towards other platforms (Mac) June 10th, 2009 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Event details (title, place) Moscow, January 28-31, 2010 Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level Thank you! Questions? » Fifth level [email protected] twitter.com/stefant Stefan Tanase Senior Regional Researcher, EEMEA Global Research and Analysis Team Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, th, 2009 June 10January Moscow, 28-31, 2010 Event details (title, place)
© Copyright 2025 Paperzz