Cyber Security Threat Landscape

Ashutosh Bahuguna | Scientist-C | CERT-In

abahuguna@cert-in.org.in
 Topics of Discussion
• Disaster/Event and Cyber Attacks

• The Drive-by-download

• Client Side Attacks

• Targeted Attacks /RATS

• Mobile Malware Threats

• Case Study : DNS Changer Malware

• Low-Hanging Fruit : Web-application #

# Demo.
Disaster Induced by Cyber Attacks
Estonia Cyber Attack

Attacks on Critical Sector Infrastructure- Nuclear, Power, Defense…

What will happen, if motor shaft will spin with 100 X of its normal
speed?

What will happen, if control rod of nuclear reactor is controlled by

attacker?
 Cyber Attacks induced by Disaster/Event;

Case Study- Himalayan Tsunami in State of Uttarakhand

Fake donations websites during Disaster/Crisis
Malware spread through malicious mails and links
Attacks on Government websites

 Malware propagation through various Crucial/legitimate govt. websites

 Defacement of crucial/Govt. websites

 DDoS attacks on various crucial/Govt. websites

Client Side - Threats
 C2 Operations and Threats
Bot Herder
C&C

C&C C&C
 Drive-by-download
Unintended download of computer software from the Internet:

• Downloads which a person authorized but without understanding the

consequences

• Any download that happens without a person's knowledge

11
 2 User request legitimate website

Resp.
3 Website response
including malicious
code
Req. Connect
Legitimate website Attacker

1.2 Infect a legitimate website

Legitimate user’s
system
1.1 Create a Malicious website
4 User’s browser
Attacker request for content
from malicious website

5 Malicious website successfully

delivers malware/virus

Malicious website
Attack on client side software

• PDF Reader/ Flash

• Microsoft office Docs
• JAVA
• Client side web browsers and extensions
/plugins
Targeted Attacks

14
Targeted attack /Advanced Persistent threat

• Probably the most damaging type of internet threat.

• Designed to target a specific individual or organisation.

• How did they get in?

– Takes place via interesting and relevant email I local language with Microsoft Office/ PDF
attachments
– Likely to have themes around political or newsworthy events
– Suspicious features of the mail header
– Likely to be from a webmail account (adds legitimacy) Often attackers try to convey a sense of
importance or urgency to open the attachment
Targeted Attack Vectors

• Spear phishing – emails

• Malicious office/pdf documents

• Pre-malware loaded USB (pen) drives

• Malicious websites hosting by exploit kits

Mobile Threats

• The mobile counterparts.

• Zitmo(Zeus In The Mobile), Spitmo(SpyeyeIn The Mobile),
carberp
• Multitude among almost the major platforms.(Android,
Symbian, Blackberry)
Quick Response Code (QR Code)
Use your tablet or phone camera to scan this image to visit our
website!

• Visit our Website @

!! What if Setup by Attacker- SET toolkit for Launching Attack!!

Server Side - Threats
Web-Application Attacks

• Low-hanging Fruit – In-house developed- **Develop your website just Rs. 500/-**.

• My Valid Email-id
echo 6173686f6f2e6f6e6c696e6540676d61696c2e636f6d | perl -pe
's/(..)/chr(hex($1))/ge'

• “75% of all attacks occurring at application layer”—Gartner

• “8 out of 10 websites are vulnerable to attack”—WhiteHat Security Team

• Web apps account for 80 percent of internet vulnerabilities

Attacks are moving Up

Application Layer

Transport Layer

Network Layer

Physical Layer
Case Study: Malicious Webshell Upload
• Abusing the upload feature!!!!!
• Vulnerability utilized:
--Un-validated malicious file upload in upload module of
website.
• Uploaded backdoor shell “web32.php”.
• Maintained backdoor access.
• Malicious Action: modified the content of home page of the
website.
 Thank You!

Stay Safe! !