presented by: lee neubecker “nation state malware: the ......v. attack points routers - clock...
TRANSCRIPT
![Page 1: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/1.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
“Nation State Malware: The Next Cyberwar Begins”
Presented by: Lee Neubecker● Cyber Security Professional and Computer Forensics Expert
● Former Founder and CEO of Forensicon.com 2000 - 2016
● Former Group Product Manager Lycos.com Community Products
● Security Research & Blogger: just Launched at leeneubecker.com
![Page 2: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/2.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
OverviewI. Recent News
II. History of Computer Convergence
III. Overview of Super Nation State Malware
IV. Attack Points / What you probably didn’t know
V. Safeguarding Yourself
VI. Public Policy
![Page 3: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/3.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
I. Recent News:A. Snowden DisclosuresB. OPM Data BreachC. Hacking Team Code PostedD. Presidential Campaigns Hacked / DNCE. US Cert Advisory to ICSF. CIA VAULT 7 Wikileaks Dump
![Page 4: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/4.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
![Page 5: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/5.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
![Page 6: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/6.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
![Page 7: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/7.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
https://ics-cert.us-cert.gov/sites/default/files/documents/NCCIC_ICS-CERT_AAL_Malware_Trends_Paper_S508C.pdf
![Page 8: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/8.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
![Page 9: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/9.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
![Page 10: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/10.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
“Only fully restoring the BIOS of the motherboard would take it out”
![Page 11: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/11.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
![Page 12: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/12.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
More from wired.co.uk
![Page 13: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/13.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
![Page 14: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/14.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
OverviewI. Recent News
II. History of Computer Convergence
III. Overview of Super Nation State Malware
IV. Attack Points / What you probably didn’t know
V. Safeguarding Yourself
VI. Public Policy
![Page 15: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/15.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
First there was BIOSThe Basic Input / Output System stored onboard a hardware chip that controls the
initial boot up of the computer.
![Page 16: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/16.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
BIOS limitations● Could only use the first 512KB of Memory
● Maximum 4 primary partitions
● Max size of 2.2TB sized partitions
● Required Master Boot Record to store the Bootloader
● Often Unsigned BIOS
![Page 17: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/17.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
Migration of all Major Computer OS to
Common Framework - UEFI● UEFI - The Unified Extensible Firmware Interface (UEFI) is a specification
that defines a software interface between an operating system and platform
firmware.
● In 2005 Intel donated EFI to the newly-formed UEFI Forum, a consortium
made up of the usual suspects: AMD, Apple, IBM, Intel, Microsoft, and so on.
● Introduced a more efficient means to combat terrorism
● With the new surface came new vulnerabilities to exploit
![Page 18: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/18.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
UEFI (Unified Extensible Firmware Interface)● Rather than all of the boot code being stored in the
motherboard's BIOS, UEFI sits in the/EFI/ directory in
some non-volatile memory (NVRAM); either in NAND on
the motherboard, on your hard drive, or on a network
share.
● NAND memory doesn’t require power to retain storage.
![Page 19: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/19.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
UEFI Advantages● GPT Partition Allows Unlimited Logical Partitions
(Windows max of 128 Logical Partitions)
● Maximum Partition Size Increased 2.2Terabyte -> Massive size 9.4 Zetabyte
● Shorter OS Boot Times
● With Secure Boot On Prevents Non-Signed OS from Loading
● Flexible pre-OS environment, including network capability
● CPU Independent Architecture and Drivers
![Page 20: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/20.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
Boot Process Diagram with UEFI / SMM(System Management Mode)
![Page 21: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/21.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
Boot LoadersBootstrap loader. Alternatively referred to as bootstrapping,
bootloader, or boot program, a bootstrap loader is a program
that resides in the computer's EPROM, ROM, or other
non-volatile memory. It is automatically executed by the
processor when turning on the computer.
![Page 22: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/22.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
GRUB Bootloader● GNU (GNU’s Not UNIX) GRUB (short for GNU Grand Unified Bootloader) is a
boot loader package from the open source free GNU Project.
● GRUB provides a user the choice to boot one of multiple operating systems
installed on a computer or select a specific kernel configuration available on a
particular operating system's partitions.
● Most Major Current Popular Computing Devices now based off Linux GRUB
Bootloader.
![Page 23: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/23.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
![Page 24: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/24.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
![Page 25: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/25.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
Serial Peripheral Interface (SPI) - Flash
Storage
![Page 26: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/26.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
SMM - Where Nation State Malware Resides
![Page 27: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/27.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
Boot Process Diagram with UEFI / SMM(System Management Mode)
SMM Takes Control Before the OS Loads from the Hard Drive or Other Boot Device
![Page 28: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/28.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
Modem Implant on Chip SMM Recovery
![Page 29: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/29.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
II. History of computing platform convergenceI. UEFI - Unified Extensible Firmware Interface
II. Plug and Play
III. Bootloaders (GRUB)
IV. System Management Mode (SMM) Rootkit Control
V. New exploit surface before OS - SPI / SMM
VI. False on off for networking services
![Page 30: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/30.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
III. Super Nation State Malware● Why this is a threat - why we should be concerned
● Where it resides
● How it infects
● What it does
● Detection
● Remediation
● Prevention
![Page 31: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/31.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
Why We Should be Concerned● January 2015 Corey Kallenberg Discloses Vulnerabilities
● June 2015 US OPM Hacked
● July 2015 Hacking Team Hacked - Source Code Posted
● Summer/Fall 2016 Presidential Candidates Hacked
● October 2016 US Cert Issues Notice to Industrial Control Systems
● US NIST Compromised December 2016
● March 2017 CIA Vault 7 Tools Leaked
Script Kiddie Wars will begin soon!
![Page 32: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/32.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
Where Nation State Malware Resides● Resides within RAM / NVRAM / SPI / Option ROMS
● Can Load from Network shares if no boot media available
● Can call out via Socket Level connections pre OS boot using sound, Infrared,
Bluetooth, WIFI, Ethernet
● Creates Partitions to virtualize your main OS
● WMIC May Provide Insight - (Windows Management Instrumentation
Command-line)
![Page 33: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/33.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
How it Infects● Emailed Attachment Containing Payload
● Peripheral USB Driver / Plug and Play / Printer Connection
● SMB File Shares
● SSH Brute Force Attacks
● MITM Attack - Flash Update
● Memory Attacks - Buffer Overflow
● Cell Phone Network Compromise - Bad Update
![Page 34: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/34.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
What it Does● Establishes Backdoor for Monitoring and Exfiltration of Data
● Sends the targets GPS location using processor based modem on the chip
● Can Schedule Remote Boot Ups
● Overrides DNS Routing
● Control of Camera / Microphone
● Establishes Encrypted Outbound Channels to Exfiltrate Data
● Moves Laterally and Attacks Other Devices on Local Network
● Persists With User by Attaching to Smart Phone
● Hides in RAM and Kernel - Largely Undetectable by OS Applications
![Page 35: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/35.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
Detection● Escapes Detection from Most Antivirus Programs
● Alteration of partitions - hidden partitions (WMIC may help detect)
● Firewall logs - may show irregular outbound activity
● Tracer Routes - Odd delays when loading webpages or routes that are
unusual
● Trusted Root Certificates - Unusual certificates in trust
● Local Loopback Network Connections
● Multiple IP Addresses / Devices Active
● EFI Content - Intel’s CHIPSEC utility may be useful in detection
![Page 36: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/36.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
Intel CHIPSEC UEFI ToolAdvanced Threat Research team at Intel Security has designed a new module for
its existing CHIPSEC open-source framework that is able to detect malicious EFI
binaries.“CHIPSEC is a framework for analyzing the security of PC platforms
including hardware, system firmware (BIOS/UEFI), and platform components. It
includes a security test suite, tools for accessing various low-level interfaces, and
forensic capabilities.” reads the description of the framework.”It can be run on
Windows, Linux, Mac OS X and UEFI shell.”
![Page 37: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/37.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
Remediation● Replacing hard drives can’t mitigate infection
● Internet Restore of IOS Can’t fix
● Apple Security Engineer - Corey Kallenberg told me “You
have to replace your motherboard” Fall 2016
● Replacing/Reflashing SPI / BIOS / NVRAM / RAM and
onboard storage may fix but beyond the scope of most
![Page 38: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/38.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
Prevention● Use older mouse & keyboard (Pre 2005) with USB adapter (No vulnerable
SPI chip nor remote broadcasting via Bluetooth or RF)
● Don’t share USB devices between untrusted computers
● Firmware patch all hardware & peripherals too latest
● Apply software / security updates regularly and timely
● Use OPENDNS.com 208.67.222.222 · 208.67.220.220
● Verify all download installation packages before installing (Virustotal.com)
![Page 39: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/39.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
FCC Warning Added ~2005 to bottoms of USB Keyboards
(2) This device must
accept interference
received, including
interference that may
cause undesired
operation.
![Page 40: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/40.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
BAD USB
![Page 41: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/41.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
Verify Your Download Installation Packages
![Page 42: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/42.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
VirusTotal.com Reports when they last analyzed fileIf the program has never been analyzed - big problem!
![Page 43: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/43.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
Virustotal.com Provides Results from AV VendorsVerify What Other AV Vendors Say
![Page 44: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/44.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
More on Prevention● Enable Secure boot and BIOS Hardware Boot Password
● Use a non-privileged user account to surf the web
● Encrypt your hard drive
● Don’t connect to untrusted devices or networks
● Use SOPHOS for Antivirus - install first thing
● Enable firewall (Block SSH and other inbound traffic)
● Use Complex 14 character plus passwords
![Page 45: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/45.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
Smartphone Safety Tips● Plug your smartphone only into your own brick charger
● Keep bluetooth & wifi off on your phone unless required
● Turn off data / network roaming / handoff features
● Turn off NTP auto time set - manually set
● Don’t check for updates on untrusted networks
● Beware of signal deprecation LTE to 3G, 2G, 1x, GSM
![Page 46: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/46.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
V. Attack points● Routers - clock rollback attack
● Cell Phone Network
● USB devices (driver hijacking) / Plug N Play / Auto Run
● Bluetooth / Wifi / Infrared / MIDI Open Sound Protocol
● Modem onboard processor - backdoor - SMM
● Monitor / Mouse as transmitter - Mikrotik Patent
● IOT devices as relay attack point for Mesh Networks
● Mesh Networks - P2P - Fluxwire CIA Vault 7 Leak
![Page 47: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/47.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
VI. Public policy● Balance the Need for Privacy and Security vs. Need to Keep Country Safe
● Government should disclose leaked vulnerabilities to Software / Hardware
Makers for fixes to known zero day vulnerabilities leaked
● If our government monitors everything, they must be able to protect those
tools from distribution
● Track record doesn’t look that great
● Notification laws will collapse business if they follow the rules
![Page 48: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/48.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
Public Policy - Things that need to happen● Ease of Verifying Certificates - Library Printed Bulletins
● All Peripherals need to have Drivers Signed especially USB Storage
● Hardware BIOS / Firmware needs reliable roll back option to restore defaults
● New computing equipment needs to be secured at point of purchase
● Distribution of Firmware and Security Updates via Read Only Disc Media
● Leaked tools for Backdoor Access Need to be Disclosed & Patched
● Cell Phone Networks Need to be Secured
● Computing devices need to block date/time rollbacks prior to mfg date
![Page 49: Presented by: Lee Neubecker “Nation State Malware: The ......V. Attack points Routers - clock rollback attack Cell Phone Network USB devices (driver hijacking) / Plug N Play / Auto](https://reader036.vdocuments.net/reader036/viewer/2022070707/5ea1f12c068df116807ecd76/html5/thumbnails/49.jpg)
Nation State Malware: The Next Cyberwar Begins = Copyright 2017 leeneubecker.com
Q&A DiscussionAbout Lee Neubecker
● Blogger at leeneubecker.com
● Former founder and CEO of Forensicon.com
● Available as a Speaker for your Next Organization’s Event
● Security Research & Forensic Expert Considering New
Opportunities in the Cyber Security Realm
● Contact & Inquiries to me at: [email protected]