ложкин From ap ts to criminals cut
-
date post
16-Apr-2017 -
Category
Internet
-
view
334 -
download
1
Transcript of ложкин From ap ts to criminals cut
COPYCATS: FROM APTS TO CRIMINALS
Sergey LozhkinSenior Security Researcher Kaspersky Lab
AGENDA
SkimerCarbanakMETEL
GCMANAPTs??????
GCMAN
200 USD PER MINUTE
BE PERSISTENT
• 2 months of tries on Sat
— What was your pw?— Sonic17
TROUBLE IN THOUGHT
INFO−.ASP
Ads Web
server
GCMAN ATTACK
Corporate online
banking webserver
Online banking
DBAdmin’s
WorkstationsProcessing Connection
server
GCMAN SUMMARY
1. Knocking to front door2. Avoid whitelisting
techs3. >1 year persistence
CARBANAK
CARBANAK SUMMARY
1. Global criminals’ ATP2. Spear-phishing is
everything 3. It is all about MONEY
METEL
Source http://ageofgeeks.com/wp-content/uploads/2015/04/furious-7-paul-walker.jpg
METEL – TRANSACTIONS ROLLBACK
CHALLENGE
WIPE PATERN
RAND 4096 ALWAYS
METEL SUMMARY
1. IOCs’ horror 2. Spear-phishing is
everything 3. It is all about MONEY
SKIMER
SKIMER
SKIMER–XFS SERVICE PATCH
SKIMER–SERVICE PATCHED
ATM INFECTOR –MAGIC CARD
CARD 1 – INTERFACE COMMANDSCARD 2 – TRACK 2 HARDCODED
SKIMER SUMMARY
1. Silent2. Attack on ATM users3. Attack on banks
LAZARUS
LAZARUS SUMMARY
1. Active from 20092. Attacks on everything3. New group that made
1bln USD after Carba
7H@NK Y0U1
Sergey LozhkinPrincipal Security Researcher Kaspersky Lab