SlideShare a Scribd company logo

SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states

Mikko Hypponen
Mikko Hypponen

Keynote at SecTor 2011 in Toronto / Mikko Hypponen, F-Secure

TechnologyNews & Politics
1 of 58
ONLINE ATTACKS AND ESPIONAGE BY NATION-STATES Mikko Hypponen CRO, F-Secure Corp twitter.com/mikko Protecting the irreplaceable | f-secure.com
Fake News? Hacked News site?
6es7-417
Duqu
Connects to 206.183.111.97 aka canoyragomez.rapidns.com
Protecting the irreplaceable | f-secure.com
Protecting the irreplaceable | f-secure.com
21
Document Exploit Code EXE DOC Filling
28
29
Little financial incentive to target: • Supporters of Tibet • Members of Falun Dafa / Falun Kong • Supporters of the Uighur minorities • Supporters of Inner Mongolian minorities
Data from Messagelabs / Symantec study
Case Agent.BTZ
• 48
• 49
Our desire for success is like wolf's desire for blood. We work together against the enemy like a pack of wolves.
Poison ivy, gh0st rat, zwshell
20 October, 2011
How do I know if I was hit? • Your colleagues have no idea of the mail you got from them • Your machine connects to funky hosts on it's own • Word / Excel / Acrobat flashes and restarts • You get weird error messages from Office • Non-SSL port 443 traffic in your network
Funky hosts? • Some actual hosts we've seen in targeted attacks • kira.8800.org • angelwp.3322.org • xpgod.8866.org:8181 • ysc20008.3322.org • a041181.3322.org • mm2007.6600.org • sgiorgus.8800.org • a85468546.9966.org • cvnxus.8800.org • wcs.8800.org • qingchun521.9966.org • miao1314.8800.org • getmeg.go.8866.org • update-microsoft.kmip.net • hobby.8800.org • a2b2.3322.org • dns3.westcowboy.com • swzcs.to.8866.org • hi222.3322.org • www.scratchindian.com • hackeroo.3322.org • wangba8888.3322.org • hgz3.8800.org • cybersyndrome.3322.org
From obvious to non-obvious • boxy.3322.org • jj2190067.3322.org • hzone.no-ip.biz • tempsys.8866.org • zts7.8800.org • shenyuan.9966.org • xinxin20080628.gicp.net • www.adobeupdating.com • ip2.kabsersky.com • mapowr.symantecs.com.tw • iran.msntv.org • windows.redirect.hm
PATCH, PATCH, PATCH GET RID OF ADOBE READER ADD TRAPS TO YOUR FIREWALLS HOPE THAT THEY DON’T TARGET YOU
ONLINE ATTACKS AND ESPIONAGE BY NATION-STATES Mikko Hypponen CRO, F-Secure Corp twitter.com/mikko Protecting the irreplaceable | f-secure.com

Recommended

Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]
Mikko Hypponen
 
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Mikko Hypponen
 
AusCERT - Mikko Hypponen
AusCERT - Mikko HypponenAusCERT - Mikko Hypponen
AusCERT - Mikko Hypponen
Mikko Hypponen
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generation
Tony Lauro
 
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
viaForensics
 
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO_Presentations
 
My dog is a hacker and will steal your data!
My dog is a hacker and will steal your data!My dog is a hacker and will steal your data!
My dog is a hacker and will steal your data!
rafa_el_souza
 
Anonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian GovernmentAnonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian Government
Positive Hack Days
 

Recommended

Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]
Mikko Hypponen
 
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Mikko Hypponen
 
AusCERT - Mikko Hypponen
AusCERT - Mikko HypponenAusCERT - Mikko Hypponen
AusCERT - Mikko Hypponen
Mikko Hypponen
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generation
Tony Lauro
 
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
viaForensics
 
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO_Presentations
 
My dog is a hacker and will steal your data!
My dog is a hacker and will steal your data!My dog is a hacker and will steal your data!
My dog is a hacker and will steal your data!
rafa_el_souza
 
Anonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian GovernmentAnonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian Government
Positive Hack Days
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_rise
Cyphort
 
Mobile #Infosec hackathon for journalists(2)
Mobile #Infosec hackathon for journalists(2)Mobile #Infosec hackathon for journalists(2)
Mobile #Infosec hackathon for journalists(2)
Tanja Drca
 
Ciberamenazas - ¿A qué nos enfrentamos?
Ciberamenazas - ¿A qué nos enfrentamos?Ciberamenazas - ¿A qué nos enfrentamos?
Ciberamenazas - ¿A qué nos enfrentamos?
Antonio Sanz Alcober
 
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
COIICV
 
Vishwadeep Presentation On NSA PRISM Spying
Vishwadeep Presentation On NSA PRISM SpyingVishwadeep Presentation On NSA PRISM Spying
Vishwadeep Presentation On NSA PRISM Spying
Vishwadeep Badgujar
 
Hacking final
Hacking finalHacking final
Hacking final
JiyaaNaqvi
 
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolDo-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Martin Vigo
 
Securing blockchain assets
Securing blockchain assetsSecuring blockchain assets
Securing blockchain assets
Simon Wilson
 
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
acinfotec
 
Intelligence-Led Security: Powering the Future of Cyber Defense
Intelligence-Led Security: Powering the Future of Cyber DefenseIntelligence-Led Security: Powering the Future of Cyber Defense
Intelligence-Led Security: Powering the Future of Cyber Defense
Priyanka Aash
 
Datashur Presentation pin flash drive - Kingfin
Datashur Presentation pin flash drive - KingfinDatashur Presentation pin flash drive - Kingfin
Datashur Presentation pin flash drive - Kingfin
Kingfin Enterprises Limited
 
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Asociación de Ejecutivos de Cooperativas de Puerto Rico
 
Stu w25 b
Stu w25 bStu w25 b
Stu w25 b
SelectedPresentations
 
Evil Twin
Evil TwinEvil Twin
Evil Twin
n|u - The Open Security Community
 
Analysis of cyber security and threats
Analysis of cyber security and threatsAnalysis of cyber security and threats
Analysis of cyber security and threats
Sudhanshu Maurya
 
Unwelcome Network Surprises
Unwelcome Network SurprisesUnwelcome Network Surprises
Unwelcome Network Surprises
Tenable Network Security
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
EC-Council
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
CrowdStrike
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
CrowdStrike
 
Caribbean DDoS activity
Caribbean DDoS activityCaribbean DDoS activity
Caribbean DDoS activity
Shiva Bissessar
 
Hunt for the red DA
Hunt for the red DAHunt for the red DA
Hunt for the red DA
Neil Lines
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015
Michael Gough
 

More Related Content

What's hot

Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolDo-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Martin Vigo
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
CrowdStrike
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
CrowdStrike
 

What's hot (20)

Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_rise
 
Mobile #Infosec hackathon for journalists(2)
Mobile #Infosec hackathon for journalists(2)Mobile #Infosec hackathon for journalists(2)
Mobile #Infosec hackathon for journalists(2)
 
Ciberamenazas - ¿A qué nos enfrentamos?
Ciberamenazas - ¿A qué nos enfrentamos?Ciberamenazas - ¿A qué nos enfrentamos?
Ciberamenazas - ¿A qué nos enfrentamos?
 
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
 
Vishwadeep Presentation On NSA PRISM Spying
Vishwadeep Presentation On NSA PRISM SpyingVishwadeep Presentation On NSA PRISM Spying
Vishwadeep Presentation On NSA PRISM Spying
 
Hacking final
Hacking finalHacking final
Hacking final
 
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolDo-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
 
Securing blockchain assets
Securing blockchain assetsSecuring blockchain assets
Securing blockchain assets
 
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
 
Intelligence-Led Security: Powering the Future of Cyber Defense
Intelligence-Led Security: Powering the Future of Cyber DefenseIntelligence-Led Security: Powering the Future of Cyber Defense
Intelligence-Led Security: Powering the Future of Cyber Defense
 
Datashur Presentation pin flash drive - Kingfin
Datashur Presentation pin flash drive - KingfinDatashur Presentation pin flash drive - Kingfin
Datashur Presentation pin flash drive - Kingfin
 
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
 
Stu w25 b
Stu w25 bStu w25 b
Stu w25 b
 
Evil Twin
Evil TwinEvil Twin
Evil Twin
 
Analysis of cyber security and threats
Analysis of cyber security and threatsAnalysis of cyber security and threats
Analysis of cyber security and threats
 
Unwelcome Network Surprises
Unwelcome Network SurprisesUnwelcome Network Surprises
Unwelcome Network Surprises
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
 
Caribbean DDoS activity
Caribbean DDoS activityCaribbean DDoS activity
Caribbean DDoS activity
 

Similar to SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states

The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security Mindset
Adam W. Warner
 
Technology in a global society presentation
Technology in a global society presentationTechnology in a global society presentation
Technology in a global society presentation
delmount
 
Real Business Threats!
Real Business Threats!Real Business Threats!
Real Business Threats!
Rochester Security Summit
 
IT security for all. Bootcamp slides
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slides
Wallarm
 
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
CODE BLUE
 

Similar to SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states (20)

Hunt for the red DA
Hunt for the red DAHunt for the red DA
Hunt for the red DA
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015
 
The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security Mindset
 
Keith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysisKeith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysis
 
Technology in a global society presentation
Technology in a global society presentationTechnology in a global society presentation
Technology in a global society presentation
 
I´m not a number, I´m a free man
I´m not a number, I´m a free manI´m not a number, I´m a free man
I´m not a number, I´m a free man
 
Social and Mobile and Cloud OH MY!
Social and Mobile and Cloud OH MY!Social and Mobile and Cloud OH MY!
Social and Mobile and Cloud OH MY!
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
 
black hat deephish
black hat deephishblack hat deephish
black hat deephish
 
Google Hacking 101
Google Hacking 101Google Hacking 101
Google Hacking 101
 
Free lowcost dec2010
Free lowcost dec2010Free lowcost dec2010
Free lowcost dec2010
 
Modern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layerModern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layer
 
Rv defcon25 keeping an eye on mobile applications - mikhail sosonkin
Rv defcon25 keeping an eye on mobile applications - mikhail sosonkinRv defcon25 keeping an eye on mobile applications - mikhail sosonkin
Rv defcon25 keeping an eye on mobile applications - mikhail sosonkin
 
ToR - Deep Web
ToR - Deep Web ToR - Deep Web
ToR - Deep Web
 
Real Business Threats!
Real Business Threats!Real Business Threats!
Real Business Threats!
 
IT security for all. Bootcamp slides
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slides
 
Splunk at Oscar Health
Splunk at Oscar HealthSplunk at Oscar Health
Splunk at Oscar Health
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015
 
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
 
Project KidHack - Teaching Kids Security through Gaming at BSidesCharm on Apr...
Project KidHack - Teaching Kids Security through Gaming at BSidesCharm on Apr...Project KidHack - Teaching Kids Security through Gaming at BSidesCharm on Apr...
Project KidHack - Teaching Kids Security through Gaming at BSidesCharm on Apr...
 

More from Mikko Hypponen

More from Mikko Hypponen (7)

State of the Net
State of the NetState of the Net
State of the Net
 
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
 
Living In A Surveillance State - TEDxBrussels 2013
Living In A Surveillance State - TEDxBrussels 2013Living In A Surveillance State - TEDxBrussels 2013
Living In A Surveillance State - TEDxBrussels 2013
 
SXSW - Mikko Hypponen
SXSW - Mikko HypponenSXSW - Mikko Hypponen
SXSW - Mikko Hypponen
 
Google Zeitgeist - Mikko Hypponen
Google Zeitgeist - Mikko HypponenGoogle Zeitgeist - Mikko Hypponen
Google Zeitgeist - Mikko Hypponen
 
TEDxRotterdam - Mikko Hypponen
TEDxRotterdam - Mikko HypponenTEDxRotterdam - Mikko Hypponen
TEDxRotterdam - Mikko Hypponen
 
TEDxHelsinki - Mikko Hypponen
TEDxHelsinki - Mikko HypponenTEDxHelsinki - Mikko Hypponen
TEDxHelsinki - Mikko Hypponen
 

Recently uploaded

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Recently uploaded (20)

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 

SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states

  • 1. ONLINE ATTACKS AND ESPIONAGE BY NATION-STATES Mikko Hypponen CRO, F-Secure Corp twitter.com/mikko Protecting the irreplaceable | f-secure.com
  • 2. Fake News? Hacked News site?
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 12.
  • 13. Duqu
  • 14. Connects to 206.183.111.97 aka canoyragomez.rapidns.com
  • 15.
  • 16.
  • 19.
  • 20.
  • 21. 21
  • 22.
  • 23.
  • 24. Document Exploit Code EXE DOC Filling
  • 25.
  • 26.
  • 27.
  • 28. 28
  • 29. 29
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40. Little financial incentive to target: • Supporters of Tibet • Members of Falun Dafa / Falun Kong • Supporters of the Uighur minorities • Supporters of Inner Mongolian minorities
  • 41. Data from Messagelabs / Symantec study
  • 42.
  • 43.
  • 45.
  • 46.
  • 47.
  • 50.
  • 51. Our desire for success is like wolf's desire for blood. We work together against the enemy like a pack of wolves.
  • 52. Poison ivy, gh0st rat, zwshell
  • 54. How do I know if I was hit? • Your colleagues have no idea of the mail you got from them • Your machine connects to funky hosts on it's own • Word / Excel / Acrobat flashes and restarts • You get weird error messages from Office • Non-SSL port 443 traffic in your network
  • 55. Funky hosts? • Some actual hosts we've seen in targeted attacks • kira.8800.org • angelwp.3322.org • xpgod.8866.org:8181 • ysc20008.3322.org • a041181.3322.org • mm2007.6600.org • sgiorgus.8800.org • a85468546.9966.org • cvnxus.8800.org • wcs.8800.org • qingchun521.9966.org • miao1314.8800.org • getmeg.go.8866.org • update-microsoft.kmip.net • hobby.8800.org • a2b2.3322.org • dns3.westcowboy.com • swzcs.to.8866.org • hi222.3322.org • www.scratchindian.com • hackeroo.3322.org • wangba8888.3322.org • hgz3.8800.org • cybersyndrome.3322.org
  • 56. From obvious to non-obvious • boxy.3322.org • jj2190067.3322.org • hzone.no-ip.biz • tempsys.8866.org • zts7.8800.org • shenyuan.9966.org • xinxin20080628.gicp.net • www.adobeupdating.com • ip2.kabsersky.com • mapowr.symantecs.com.tw • iran.msntv.org • windows.redirect.hm
  • 57. PATCH, PATCH, PATCH GET RID OF ADOBE READER ADD TRAPS TO YOUR FIREWALLS HOPE THAT THEY DON’T TARGET YOU
  • 58. ONLINE ATTACKS AND ESPIONAGE BY NATION-STATES Mikko Hypponen CRO, F-Secure Corp twitter.com/mikko Protecting the irreplaceable | f-secure.com