Many organization around the world learn to appreciate the benefits of using software "As a service". But there also others who enjoy this model - Cyber Criminals. In the last years there been unprecedented development in the quality and scale of criminal cyber services. In order to perform criminal activities on the web today you don't need to be hacker - all you need is a credit card.
2. About myself:
Moshe Ferber, 37, lives in Modiin (+2).
Information security professional for over 15 years.
Managed the security department for NessTechnologies.
Founded Cloud7, Israel based MSSP (currently owned by Matrix).
Shareholder at Clarisite – Your customer’s eye view
Shareholder at FortyCloud – Make your public cloud private
Instructor for the See-Security CyberWarfare college.
Member of the board at MacshavaTova
Member of board at the Cloud Security Alliance, Israeli Chapter.
2
4. TODAY ALL YOU NEED
IS A CREDIT CARD
“Today’s cybercriminals do not necessarily require
considerable technical expertise to get the job done,
All they need is a credit card.”
Troels Oerting
Head of EC3 European Cybercrime Centre
7. IaaS – hosting services
Bulletproof is a service provided by some domain
hosting or web hosting firms that allows their
customer considerable leniency in the kinds of
material they may upload and distribute.
“great offers to
spammers”
Source: Kreb on Security
“We accept any
traffic”
“For your
spamming needs”
8. Source: McAfee cyber crime exposed
“We host
everything,
except child
porno”
“We have good
relationship
with the
government ”
9. IaaS – Botnet services
Spread SPAM
Targeting
accounts
DDOS Launch
Steal intangible
goods
Click jacking
Bitcoin Mining
“Discount
for regular
customers”
“The more
you buy the
less you
pay”
“All
countries
expect
Russia”
“24/7
friendly
support”
10. 60% of Internet traffic: BOTS
Taken from: http://www.incapsula.com/the-incapsula-blog/item/820-bot-
traffic-report-2013
11. PaaS - Do it yourself
from vulnerability to exploit
Source: Forbes
21. DDOS as a service
Source: http://www.webroot.com/blog/2012/06/06/ddos-for-hire-services-offering-to-take-
down-your-competitors-web-sites-going-mainstream/
Competitors you can
not cope?
Earn money while your
competitors try way out
“Order DDOS attack
today”
22. DDOS as a service
Source: http://www.webroot.com/blog/2012/06/06/ddos-for-hire-services-offering-to-take-
down-your-competitors-web-sites-going-mainstream/
Our prices will
pleasantly surprise you
Get a discount for two
sites
23. SaaS – Password cracking service
Your victim details
Nice introduction
“where did you heard
about us?”
Source: Raj Shamni, cyber crime exposed
25. Citadel spyware services
Source: Kreb on security
Shutdown mechanism
when encountering
Russian computer
Citadel CRM
Store
And support
ticketing system
Basic Package:
retails for $2,399 + a
$125 monthly “rent”
automatically
updates to
evade the last
antivirus
signatures-
At only 15$ a
month
34. Sources
Raj Samani, Mcafee EMEA CTO.
Cyber Crime exposed, a McAfee whitepaper
Dancho Danchev – botnets networks for hire
Infosec institute – Cybercrime as a service
Fortinet 2013 Cyber Crime report
SecureWorks blog
35. Keep in Touch
Moshe Ferber
moshe@onlinecloudsec.com
www.onlinecloudsec.com
http://il.linkedin.com/in/MosheFerber
Cloud Security Course Schedule can be find at:
http://www.onlinecloudsec.com/course-schedule
social network for customers, Citadel CRM Store, to allow users to be active players in the in product development.Reporting bugs and other errors in software with a ticketing system.Code sharing platform that allows each client to share its module and software code with others creating new modules or improvements.Promoting public proposals for software improvements and new features.Efficient Jabber instant message communication channel.