Cybersecurity threats: medium-term outlook Dr Ian Brown Oxford University  University College London
Outline <ul><li>Recent DDoS attacks and extent of the threat </li></ul><ul><li>Other cybersecurity threats to global finan...
Definitions <ul><li>Distributed Denial of Service (DDoS) </li></ul><ul><li>Botnets </li></ul><ul><li>Phishing (spear, rock...
DDoS threat <ul><li>~5% machines part of BotNets (20m) </li></ul><ul><li>Rent your own! 3-7c/machine/week </li></ul>
DDoS extortion <ul><li>Market participants - custom virus writers, bot herders, mafias </li></ul><ul><li>Gambling companie...
Recent attacks upon Estonia <ul><li>Sustained DDoS attacks during April on Estonian govt websites, banks and telecoms </li...
Phishing <ul><li>Symantec alone blocking 8m e-mails daily in 2006 </li></ul><ul><li>Similar criminal ecology to DDoS - cus...
Scale of phishing threat <ul><li>UK online banking losses £33.5m in 2006 </li></ul><ul><li>US losses estimated $2bn </li><...
Taking down the phishers? <ul><li>Targeted financial services institutions can ask hosts to take down sites </li></ul><ul>...
Redistributing liability <ul><li>House of Lords concluded liability must be shifted to some combination of software vendor...
Conclusions <ul><li>DDoS, phishing and other attacks are merging into an Internet criminal economy </li></ul><ul><li>Finan...
Upcoming SlideShare
Loading in...5
×

Cybercrime: medium-term outlook

491

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
491
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Cybercrime: medium-term outlook

    1. 1. Cybersecurity threats: medium-term outlook Dr Ian Brown Oxford University University College London
    2. 2. Outline <ul><li>Recent DDoS attacks and extent of the threat </li></ul><ul><li>Other cybersecurity threats to global financial services </li></ul><ul><li>Impact on global firms, feasible solutions or precautions </li></ul><ul><li>Future outlook for Internet security </li></ul>
    3. 3. Definitions <ul><li>Distributed Denial of Service (DDoS) </li></ul><ul><li>Botnets </li></ul><ul><li>Phishing (spear, rock, pharming) </li></ul>
    4. 4. DDoS threat <ul><li>~5% machines part of BotNets (20m) </li></ul><ul><li>Rent your own! 3-7c/machine/week </li></ul>
    5. 5. DDoS extortion <ul><li>Market participants - custom virus writers, bot herders, mafias </li></ul><ul><li>Gambling companies have been hardest hit, but other industries also targeted </li></ul><ul><li>No “silver bullet” technology solutions available in medium term </li></ul>
    6. 6. Recent attacks upon Estonia <ul><li>Sustained DDoS attacks during April on Estonian govt websites, banks and telecoms </li></ul><ul><li>Russian govt widely blamed, but no evidence </li></ul><ul><li>Govts undoubtedly have such cyberwarfare capability - China </li></ul>
    7. 7. Phishing <ul><li>Symantec alone blocking 8m e-mails daily in 2006 </li></ul><ul><li>Similar criminal ecology to DDoS - custom virus writers, botnet herders, site operators, spammers, mules </li></ul>Source: Anti-Phishing Working Group May 2007 report. 96.6% of attacks are on financial services insitutions
    8. 8. Scale of phishing threat <ul><li>UK online banking losses £33.5m in 2006 </li></ul><ul><li>US losses estimated $2bn </li></ul><ul><li>Theft being supplemented by more sophisticated scams such as pump-and-dump, cut-outs </li></ul>Data: House of Lords Personal Internet Security report (2007) p.15
    9. 9. Taking down the phishers? <ul><li>Targeted financial services institutions can ask hosts to take down sites </li></ul><ul><li>Some hosts still unresponsive </li></ul><ul><li>Phishers moving to botnet hosts and more sophisticated frauds (escrow, “sales reps”) </li></ul>Source: R. Clayton & T. Moore (2007)
    10. 10. Redistributing liability <ul><li>House of Lords concluded liability must be shifted to some combination of software vendors, ISPs and financial institutions </li></ul><ul><li>Intended to lead to innovations such as RBS off-line consumer card terminal </li></ul>
    11. 11. Conclusions <ul><li>DDoS, phishing and other attacks are merging into an Internet criminal economy </li></ul><ul><li>Financial services vulnerable both to direct attack and as guardians of customer assets </li></ul><ul><li>Security opinion leaders moving to liability redistribution as key solution - could be new insurance market and concern for banks </li></ul>
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×