The Elderwood Project

Symantec Security Response has uncovered a global cyber attack infrastructure implicated in multiple international targeted attacks against many organizations THE ELDERWOOD PROJECT 2 Favored Attack Methods Targeted Applications Zero Day Vulnerabilities CVE-2010-0249 - 2010 "Watering Hole" Attacks Spear Phishing Emails CVE-2011-0609 Internet CVE-2011-0611 -2011 Explorer CVE-2011-2110 CVE-2012-0779 Sent to targeted high value individuals CVE-2012-1875 Compromise Web - 2012 Adobe Flash servers then wait for victims CVE-2012-1889 Player CVE-2012-1535 Watering Hole vs. Spear Phishing Identify target and then set a trap on Web sites that intended target is likely to visit Identify target and then send email to selected users enticing them to open attached file or click link • Requires skill and determination to plant exploit on a suitable site • Effective - but may take time for victims to arrive at "watering hole" • Larger volume of victims & stolen data • Higher collateral damage • Lower skill levelrequired to perform spear- phishing attacks • Effective but emails can be susceptible to blocking at target perimeter • Lowervolume of victims & stolen data • Targeted emails reduce likelihood of collateral damage Stolen Data Collateral Damage Skill Required Effectiveness Stolen Data Collateral Damage Skill Required Effectiveness Target of Attacks Primary target is the defense sector and its supply chain Defense NGO Other targets are used as stepping stones to the primary T Financial Shipping Aeronautics target Software Arms Energy Electronic Manufacturing Engineering Motives Who Possible attackers What is the aim of these attacks? Any one of the follow players could Intellectual property be behind these attack: Trade secrets & designs Plans Large well funded criminal gang Contacts Agroup backed by a nation state Infrastructure details Nation state Intelligence for future attacks Global Infections Top 5 regions with the highest number of infections by Elderwood related malware 72% USA 6% China 9% Canada Other regions impacted Taiwan United Kingdom Switzerland India 3% 3% Australia Hong Kong Denmark What Next? To find out more about these attacks or to keep informed simply scan the QR codes to continue Follow us on Twitter Subscribe to our blog Download the Elderwood @threatintel whitepaper Whitepaper: http://bit.ly/Q07MpB Security Response Blog: http://www.symantec.com/connect/symantec-blogs/sr Twitter: http://twitter.com/threatintel Symantec Security Response ØSymantec. http://www.symantec.com/security_response Copyright © 2012 Symantec Corporation 回 简 Symantec Security Response has uncovered a global cyber attack infrastructure implicated in multiple international targeted attacks against many organizations THE ELDERWOOD PROJECT 2 Favored Attack Methods Targeted Applications Zero Day Vulnerabilities CVE-2010-0249 - 2010 "Watering Hole" Attacks Spear Phishing Emails CVE-2011-0609 Internet CVE-2011-0611 -2011 Explorer CVE-2011-2110 CVE-2012-0779 Sent to targeted high value individuals CVE-2012-1875 Compromise Web - 2012 Adobe Flash servers then wait for victims CVE-2012-1889 Player CVE-2012-1535 Watering Hole vs. Spear Phishing Identify target and then set a trap on Web sites that intended target is likely to visit Identify target and then send email to selected users enticing them to open attached file or click link • Requires skill and determination to plant exploit on a suitable site • Effective - but may take time for victims to arrive at "watering hole" • Larger volume of victims & stolen data • Higher collateral damage • Lower skill levelrequired to perform spear- phishing attacks • Effective but emails can be susceptible to blocking at target perimeter • Lowervolume of victims & stolen data • Targeted emails reduce likelihood of collateral damage Stolen Data Collateral Damage Skill Required Effectiveness Stolen Data Collateral Damage Skill Required Effectiveness Target of Attacks Primary target is the defense sector and its supply chain Defense NGO Other targets are used as stepping stones to the primary T Financial Shipping Aeronautics target Software Arms Energy Electronic Manufacturing Engineering Motives Who Possible attackers What is the aim of these attacks? Any one of the follow players could Intellectual property be behind these attack: Trade secrets & designs Plans Large well funded criminal gang Contacts Agroup backed by a nation state Infrastructure details Nation state Intelligence for future attacks Global Infections Top 5 regions with the highest number of infections by Elderwood related malware 72% USA 6% China 9% Canada Other regions impacted Taiwan United Kingdom Switzerland India 3% 3% Australia Hong Kong Denmark What Next? To find out more about these attacks or to keep informed simply scan the QR codes to continue Follow us on Twitter Subscribe to our blog Download the Elderwood @threatintel whitepaper Whitepaper: http://bit.ly/Q07MpB Security Response Blog: http://www.symantec.com/connect/symantec-blogs/sr Twitter: http://twitter.com/threatintel Symantec Security Response ØSymantec. http://www.symantec.com/security_response Copyright © 2012 Symantec Corporation 回 简