Your SlideShare is downloading. ×
Cybercrime: medium-term outlook
Cybercrime: medium-term outlook
Cybercrime: medium-term outlook
Cybercrime: medium-term outlook
Cybercrime: medium-term outlook
Cybercrime: medium-term outlook
Cybercrime: medium-term outlook
Cybercrime: medium-term outlook
Cybercrime: medium-term outlook
Cybercrime: medium-term outlook
Cybercrime: medium-term outlook
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Cybercrime: medium-term outlook

485

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
485
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Transcript

    • 1. Cybersecurity threats: medium-term outlook Dr Ian Brown Oxford University University College London
    • 2. Outline
      • Recent DDoS attacks and extent of the threat
      • Other cybersecurity threats to global financial services
      • Impact on global firms, feasible solutions or precautions
      • Future outlook for Internet security
    • 3. Definitions
      • Distributed Denial of Service (DDoS)
      • Botnets
      • Phishing (spear, rock, pharming)
    • 4. DDoS threat
      • ~5% machines part of BotNets (20m)
      • Rent your own! 3-7c/machine/week
    • 5. DDoS extortion
      • Market participants - custom virus writers, bot herders, mafias
      • Gambling companies have been hardest hit, but other industries also targeted
      • No “silver bullet” technology solutions available in medium term
    • 6. Recent attacks upon Estonia
      • Sustained DDoS attacks during April on Estonian govt websites, banks and telecoms
      • Russian govt widely blamed, but no evidence
      • Govts undoubtedly have such cyberwarfare capability - China
    • 7. Phishing
      • Symantec alone blocking 8m e-mails daily in 2006
      • Similar criminal ecology to DDoS - custom virus writers, botnet herders, site operators, spammers, mules
      Source: Anti-Phishing Working Group May 2007 report. 96.6% of attacks are on financial services insitutions
    • 8. Scale of phishing threat
      • UK online banking losses £33.5m in 2006
      • US losses estimated $2bn
      • Theft being supplemented by more sophisticated scams such as pump-and-dump, cut-outs
      Data: House of Lords Personal Internet Security report (2007) p.15
    • 9. Taking down the phishers?
      • Targeted financial services institutions can ask hosts to take down sites
      • Some hosts still unresponsive
      • Phishers moving to botnet hosts and more sophisticated frauds (escrow, “sales reps”)
      Source: R. Clayton & T. Moore (2007)
    • 10. Redistributing liability
      • House of Lords concluded liability must be shifted to some combination of software vendors, ISPs and financial institutions
      • Intended to lead to innovations such as RBS off-line consumer card terminal
    • 11. Conclusions
      • DDoS, phishing and other attacks are merging into an Internet criminal economy
      • Financial services vulnerable both to direct attack and as guardians of customer assets
      • Security opinion leaders moving to liability redistribution as key solution - could be new insurance market and concern for banks

    ×