Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Demo for audience: Perform a live internet search on an Indian celeb or breaking news and get to a compromised website that will try to install malware on the machine.
  • Verified by Visa (VBV) phishing emails for Indian banks
  • Ask the audience – which the latest version of Adobe Acrobat.
  • educate the student population in schools and colleges along with parents. children in the program are thought about using the internet safely – not just from computer viruses but from sexual predators
  • Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009

    1. 1. Indian Cybercrime Scene<br />Vinoo Thomas Rahul Mohandas<br />Research Lead Research Scientist<br />McAfee Labs McAfee Labs<br />Caught In the Cross-Fire<br />
    2. 2. Agenda<br />Knowing the enemy – Who’s at your front door?<br />India in the information age<br />World “Wild” Web – Indian users caught in the cross fire<br />India’s contribution to worldwide Spam, Botnet and DDOS attacks <br />Regional malware <br />Targeted attacks<br />The future<br />2<br />
    3. 3.<br />India’s Growing Cyber Population<br />
    4. 4.<br />Why do Indians go online?<br />
    5. 5.<br />What do Indians search online?<br />
    6. 6. Breaking news? Think Malware <br />Malware authors make use of breaking news or popular search terms to ensure a higher return on investment. <br />Popular news items that were misused include:<br />Searches for Michael Jackson’s death lead to malware<br />Benazir Bhutto assassination, Bangalore Blasts<br />Indian celebrities and cricketers<br />
    7. 7. Riskiest Indian Celebrities<br />7<br /><br />
    8. 8. Popular Indian Sites Compromised to Serve Malware<br />8<br />
    9. 9. World “Wild” Web<br />Risks on the Web are constantly changing. A site that is safe one day, can be risky the next.<br />It’s not always easy for consumers to identify which site is safe. Even experienced users can be deceived if a trusted site was compromised to serve malware.<br />Thousands of legitimate web sites are compromised every day to serve malware to unsuspecting users.<br />High-profile Indian sites that been compromised to serve malware include banks, security vendors, portals, businesses, as well as educational and government sites.<br />
    10. 10. Payload and impact of users getting infected<br />Compromised users on a limited bandwidth Internet plan can end up getting a huge bill at the end of month – for no fault of theirs!!<br />
    11. 11. W32/Conficker in India vs. rest of world<br />11<br />
    12. 12. Conficker world infection map<br /><br />12<br />
    13. 13. W32/Conficker.worm - Infection Data <br /><br />
    14. 14. Twitter-Facebook Episode<br />Twitter, Facebook, Live Journal, YouTube, Fotki–what do they have in common? <br />Hosted an account of a pro-Georgian blogger who went under the nickname cyxymu (taken after Sukhumi, the capital of Abkhazia, one of Georgia’s pro-Russian breakaway republics).<br />They all suffered a massive distributed denial-of-service (DDoS) attack. The attack that was able to take down Twitter for several hours and significantly slow down connectivity to YouTube, Live Journal and Facebook .<br /><br />
    15. 15. India’s Contribution to DDoS<br />India’s Contribution was 8%<br /><br />
    16. 16. India’s Spam Contribution<br />`<br />
    17. 17. Phishers target Indian Banks<br />Uses pure Social engineering to deceiveusers<br />Stolen credentials make itsway to underground forumsand sold there<br />Commercial Do-It-YourselfPhish kits available forIndian banks<br />Increase in phish emailsobserved during Verified by Visa and MasterCard SecureCode campaign.<br />17<br />
    18. 18. Malware source code freely available<br />18<br />
    19. 19. Malware is localized and targeted<br />
    20. 20. Exploits using MSWord, Excel,PowerPoint, WordPad areincreasingly popular<br />Multiple zero-day vulnerabilities in office discovered and exploited in 2009.<br />Mostly spammed to users or hosted on malicious website<br />Attachment claims to contain sensitive information on Pakistani Air force.<br />Exploits a patched vulnerabilityin Microsoft ms06-028 bulletin.<br />Targeted Attacks: Microsoft Office<br />20<br />
    21. 21. Targeted Attacks: Adobe PDF<br />21<br /> >80% users have Adobe Acrobat installed<br />Easy to social engineer useras it’s considered trustworthy<br />Over 5 new exploits releasedthis year alone includingzero-days.<br />Most exploits use JavaScript to spray shellcode on heap<br />Heavily deployed in webattack toolkits.<br />
    22. 22. The future.......<br />
    23. 23. Cyber Crime Altering Threat Landscape<br />23<br /><ul><li>Over 1,500,000 unique malware detections in 2008
    24. 24. 1H09 up 150% from 1H08
    25. 25. Malware is heavily obfuscated with packers and compression technologies
    26. 26. 80% of threats are financially motivated, up from 50% two years ago with password stealing Trojans being rampant
    27. 27. 6500+ new variants analyzed daily</li></li></ul><li>Why take to cybercrime?<br />Low Risk<br />+ High Reward <br />+ Opportunity<br />=<br />Safer than traditional crime<br />
    28. 28. 25<br />Cyber Crime – India Statistics <br />India: 63% of businesses have seen an increase in threats from 2008 to 2009<br />India: 40% of businesses in India had an incident that cost an average of $13,543 to fix and recover from and causing revenue loss.<br />India is the 14th most dangerous domain for web surfing with 3.07% of Indian websites rated Red or Yellow by McAfee Site Advisor. <br /><br />
    29. 29. Summary - What does this mean to you?<br />The malware problem is here to stay – threats are becoming more region specific and sophisticated.<br />Monetary reward is the primary motivation for malware authors.<br />India’s growing cyber population makes an attractive target.<br />Need to improve user education and awareness at grassroots level.<br />26<br />
    30. 30. McAfee In Action<br />McAfee Initiative to Fight Cybercrime<br /><br /><br />27<br />
    31. 31. 28<br />McAfee Security Resources<br />Web Sites<br />McAfee:<br />Threat Center:<br />Submit a Sample:<br />Scan Your PC:<br />Notifications<br />Security Advisories:<br />Word of Mouth<br />Blog:<br />Podcasts:<br />
    32. 32. Q & A<br />Thank You!<br />Rahul Mohandas<br />Vinoo Thomas<br /><br /><br />