Анатомия внешней атаки

  • Published on
    07-Jan-2017

  • View
    3.326

  • Download
    0

Embed Size (px)

Transcript

  • 12 2016-

  • -

    2015 Cisco and/or its affiliates. All rights reserved. 2

  • 2015 Cisco and/or its affiliates. All rights reserved. 3

  • ?

  • ? e-mail

    IP

    3rd

    backdoor

  • ?

  • ,

  • ,

  • OSINT: Maltego

  • OSINT: Shodan

  • OSINT: Metagoofil

  • OSINT: theHarvester

  • OSINT: recon-ng

  • OSINT: GHDB

  • OSINT: FOCA

  • OSINT: EXIF

  • OSINT: Nessus

  • OSINT:

  • ?

  • ,

  • Angler 40% , exploit kits 2014

    Flash

    Angler

    -

    TTD

    Web IP Email

  • :1. 2.

    -

  • , ..

    -

    USB-

    ,

    (RFC 1918)

  • : ,

    TOR

    $300-$500 .

    Email

    (, ) (, -)

  • ,

    15000 ,

    Angler

    99,8% 10

  • 76110

    12/2014 1/2015 2/2015 3/2015 4/2015 5/2015

    New URLScheme

    Com

    prom

    ised

    Use

    rs

    Old URLScheme

    27425 2404018960 20863

    47688

    76110

    736913163

    9010 1195814730 12008

    Adware MultiPlug URL ,

    : URL vs. URL

    URL .

    3 ( 500 ) Add-On ( 4000 )

  • Dridex: ,

    Outbreak Filters

    Dridex

    850 Dridex,

  • Rombertik , .

    MBR

    960

    ,

    -

  • , . , 2015- .

  • , - ,

    PC Cyborg

    2001

    GPCoder

    2005 2012 2013 2014

    Fake Antivirus

    2006

    Android

    2007

    QiaoZhaz

    20081989 2015 2016

    CRYZIP

    Redplus

    Bitcoin

    RevetonRansomlock

    Dirty DecryptCryptorbitCryptographic LockerUrausy

    Cryptolocker

    CryptoDefenseKolerKovterSimplelockCokriCBT-LockerTorrentLockerVirlockCoinVaultSvpeng

    TeslaCrypt

    VirlockLockdroidReveton

    ToxCryptvaultDMALockChimeraHidden TearLockscreenTeslacrypt 2.0

    Cryptowall

    SamSamLocky

    CerberRadamantHydracryptRokkuJigsawPowerware

    73V3NKerangerPetyaTeslacrypt 3.0Teslacrypt 4.0Teslacrypt 4.1

  • 221 WordPress

  • :

    5

    , .

    Cisco

    5,64

    Apache/OpenSSH

    5,05

  • , , ( 26 )

    , ,

    , ,

    92%

    31%5%

  • ?

  • : ,

  • : Adobe Flash Adobe Flash Microsoft Silverlight

    Nuclear Magnitude Angler Neutrino RIGFlash

    CVE-2015-7645

    CVE-2015-8446

    CVE-2015-8651

    CVE-2016-1019

    CVE-2016-1001

    CVE-2016-4117

    Silverlight

    CVE-2016-0034

  • DNS:

    91,3% DNS

    68%

    , ,

  • ?

    -

    Zeus Palevo

    , CTB-Locker, Angler DarkHotel

    , Tor, -

    DNS ,

    DNS ,

    DNS

  • DNS IP NO C&C TOR Locky DNSSamSam DNS (TOR)TeslaCrypt DNSCryptoWall DNS

    TorrentLocker DNS

    PadCrypt DNS (TOR)CTB-Locker DNSFAKBEN DNS (TOR)PayCrypt DNSKeyRanger DNS

    C&C

    ?

  • : ,

    85%

  • ?

    Bitglass

    205

    Trustwave

    188

    Mandiant

    229

    2287

    Ponemon

    206

    HP

    416Symantec

    305

  • 59%

    51% ,

    54%

    45%

    54%

    56%

    -5% 0% -4%

    -1% +0% +0%

  • 1.

    2.

    3.

    4. API 5.

    6. ,

    6

  • Email-

    Web-

    3

    , C2

    4 5 LAN &

    .

    8 , HTTPS

    7

    (you@gmail.com)

    2

    (SNS)

    1

    .6

    HR-

  • security-request@cisco.com

    :

    ?

    http://www.facebook.com/CiscoRu

    http://twitter.com/CiscoRussiahttp://www.youtube.com/CiscoRussiaMedia

    http://www.flickr.com/photos/CiscoRussia

    http://vkontakte.ru/Cisco

    http://blogs.cisco.ru/

    http://habrahabr.ru/company/cisco

    http://linkedin.com/groups/Cisco-Russia-3798428

    http://slideshare.net/CiscoRu

    https://plus.google.com/106603907471961036146/postshttp://www.cisco.ru/

  • !