Your SlideShare is downloading. ×
0
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
The Evolution of Cybercrime
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

The Evolution of Cybercrime

642

Published on

How underground markets for stolen data and hacking tools are driving cybercrime today, and some of the possible security responses, defenses, and strategies

How underground markets for stolen data and hacking tools are driving cybercrime today, and some of the possible security responses, defenses, and strategies

Published in: Internet
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
642
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
37
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • This series of screenshots shows typical operations at an online data mart, and some prices. Krebs and others who track prices note rapid declines when large new data collections are put on the market (e.g. Target) and also decline over time as data ages.
  • This series of screenshots shows typical operations at an online data mart, and some prices. Krebs and others who track prices note rapid declines when large new data collections are put on the market (e.g. Target) and also decline over time as data ages.
  • The text on the slide says it all. Note that the prevalence of Blackhole as exploit kit of choice in 2012 was 60%, but dropped to 49% in 2013, probably due to the October arrest of its creator “Paunch” – Stats from
  • Here’s a more polished RAT or Remote Access Terminal. The world map shows where you, the bad guy, where your zombies are located. Look closely and you can see that Alfred PC is viewing the Dodge Challenger website at 10:45 pm, local time.
  • Does your web store have live chat support? This one does! Another Dark Market online shop where cyber criminals can sell the credentials they have stolen. Note SSH root and Cpanel, handy for taking over web servers, a huge growth market because web servers have high bandwidth and are always on.
  • Using various tools and websites, some of which we will look at in a moment, criminals can quickly and efficiently mount a cybercrime operation, purchasing all of the ingredients, and selling or “fencing” their ill-gotten gains, like your company’s banking credentials, or you customers’ credit cards.
  • Hard to say, this is one answer, 2011 data released in 2012. Since then a lot more people in America have become involved (Rand).
  • .
  • Here is how most data breaches occur. Three threat action categories account for roughly 9 out of 10 breaches: Hacking, Malware, and Social engineering. In many cases it is a blend of hacking and malware or all three. Most of the hacking is not sophisticated stuff, as we will see. Social engineering, as in deceptive emails and social media posts, is on the rise.
  • In the first of several slides based on the 2014 Verizon Data Breach Investigation Report we point out that different sectors are attacked in different ways.
  • No need to review in detail, refer people to the report, which is free. However, if your audience is in a particular sector, review in more detail.
  • No need to review in detail, refer people to the report, which is free. However, if your audience is in a particular sector, review in more detail.
  • Transcript

    • 1. The Evolution of Cybercrime Stephen Cobb, CISSP Security Researcher, ESET NA
    • 2. What’s on the agenda? • Defending IT systems and the valuable data they contain requires an up-to-date understanding of the scale and nature of security threats • For many organizations, the greatest IT security threat is cybercrime, the nature of which is evolving (read the headlines) • We explore the evolving cybercrime threat • Describe a layered approach to defending your systems and data
    • 3. What does cybercrime have to do with cybersecurity? • Cybercrime is one of the main threats to the confidentiality, integrity, and availability of your data and systems • Understanding cybercrime helps fight cybercrime and improve security
    • 4. 4 leading sources of trouble ERRORS DISASTERS EMPLOYEES CRIMINALS
    • 5. 4 leading sources of trouble CRIMINALS EMPLOYEES ERRORS DISASTERS YOUR DATA & SYSTEMS
    • 6. Question #1 Has your organization experienced an external attack on any of its IT systems in the last 12 months?  Yes  No  I’m not sure  I don’t work for an organization
    • 7. Cybercrime today • A global industry • A growth industry • Increasing in size and efficiency • Victimizing a broad swathe of society • Your organization is a target • Too many people still look surprised when they hear this, or see these…
    • 8. Thanks to krebsonsecurity.com for screenshots
    • 9. Elements of cybercrime operations • Host an exploit kit on a server • Put malware on different server • Send malicious email linked to exploit kit • Find holes in visiting systems • Use holes to infect visitors with malware • Use console on command and control box • To steal, DDoS, spread more malware • Use markets to sell/rent infected systems • Use markets to sell any data you can find • E.g. Community Health Systems 4.5m IDs
    • 10. Cybercrime tools are readily available • Exploit Kits • Buy or rent • A few hundred dollars to thousands • Add new exploits over time • Note all of the Java exploits From a chart by DeepEnd Research
    • 11. Proliferation and variety of exploit kits over time Markets for Cybercrime Tools and Stolen Data (RAND, 2014)
    • 12. A market-based industry
    • 13. Who are these people?
    • 14. Different levels of participants in the underground market Markets for Cybercrime Tools and Stolen Data (RAND, 2014)
    • 15. Estimate of channels and tiers used by participants Markets for Cybercrime Tools and Stolen Data (RAND, 2014)
    • 16. Question #2 Do you think top management in your organization understands the scale and scope of cybercrime today?  Yes  No  Not sure  I don’t work for an organization
    • 17. How big is the problem? • That is hard to say and that’s part of the problem • Hard to solve problems you can’t even measure • What about the government? • Don’t they quantify crime? • Yes, but…
    • 18. Cybercrime statistics • Missing or inconsistent • Too often rely on private sector • E.g. the $1 trillion loss
    • 19. End of the line
    • 20. Lacking in consistency • The curve is always up • But what does cybercrime really cost? • Gen. Alexander’s $1 trillion loss number was not from NSA or the government • Tyler/Savage study is a more realistic number
    • 21. Tyler/Savage estimate of global cost of cybercrime • Cost of genuine cybercrime • $3.46 billion • Cost of transitional cybercrime • $46.60 billion • Cost of cybercriminal infrastructure • $24.84 billion • Cost of traditional crimes going cyber • $150.20 billion • Total = $225.10 billion Based on 2007-2010 data, authors disinclined to aggregate
    • 22. Dollar losses from computer fraud cases IC3 report, mainly US, mainly cases referred for investigation
    • 23. Contrast with FBI non-cyber crime stats: Fewer bank robberies, less loot 7,644 7,720 6,957 7,272 6,182 6,071 6,062 Average loot Incidents 5,628 5,086 $10,086 $8,268 $9,254 $9,996 $11,787 $10,198 $7,585 $7,643 $7,539 14,000 12,000 10,000 8,000 6,000 4,000 2,000 - 2003 2004 2005 2006 2007 2008 2009 2010 2011
    • 24. What do defenders need to know? • The type of cyber crime to expect • This is one area where we do have data • Strategy to defend against them • A layered defense
    • 25. How do bad guys come at you? Breaches per threat action category 2014 Verizon Data Breach Investigation Report
    • 26. Not all threats are equal across sectors • Each business needs its own risk assessment • But threats clearly vary by industry sector • Reduce risks more effectively by focusing on the ones that impact your organization 7% 7% 13% 13% 13% 13% 33% 0% 5% 10% 15% 20% 25% 30% 35% Crimeware Theft and loss Cyber espionage Everything else Insider misuse Miscellaneous errors POS intrusion Frequency of incident patterns by sector: Construction 2014 Verizon Data Breach Investigation Report
    • 27. Different threats for different sectors DENIAL OF SERVICE 2014 Verizon Data Breach Investigation Report WEB APP ATTACK POS INTRUSION INSIDER MISUSE THEFT/ LOSS MISC. ERROR CRIMEWARE CARD SKIMMER EVERYTHING ELSE CYBER ESPIONAGE Accommodat ion 75% 1% 8% 1% 1% 1% <1% 10% 4% Administ rat ive 8% 27% 12% 43% 1% 1% 1% 7% Const ruct ion 7% 13% 13% 7% 33% 13% 13% Educat ion <1% 19% 8% 15% 20% 6% <1% 6% 2% 22% Ent er t ainment 7% 22% 10% 7% 12% 2% 2% 32% 5% Finance <1% 27% 7% 3% 5% 4% 22% 26% <1% 6% Heal t hcare 9% 3% 15% 46% 12% 3% <1% 2% <1% 10% Informat ion <1% 41% 1% 1% 1% 31% <1% 9% 1% 16% Management 11% 6% 6% 6% 11% 44% 11% 6%
    • 28. 3 or 4 threats dominate each sector CARD SKIMMER 2014 Verizon Data Breach Investigation Report WEB APP ATTACK POS INTRUSION INSIDER MISUSE THEFT/ LOSS MISC. ERROR CRIMEWARE DENIAL OF SERVICE EVERYTHING ELSE CYBER ESPIONAGE Manufact ur ing 14% 8% 4% 2% 9% 24% 30% 9% Mining 25% 10% 5% 5% 5% 5% 40% 5% Professional <1% 9% 6% 4% 3% 3% 37% 29% 8% Publ ic Sect or <1% 24% 19% 34% 21% <1% <1% 2% Real Est at e 10% 37% 13% 20% 7% 3% 10% Ret ai l 31% 10% 4% 2% 2% 2% 6% 33% <1% 10% Trade 6% 30% 6% 6% 9% 9% 3% 3% 27% Transpor t at ion 15% 16% 7% 6% 15% 5% 3% 24% 8% Ut i l i t ies 38% 3% 1% 2% 31% 14% 7% 3%
    • 29. LAYERED DEFENSE 1. INFORMATION SECURITY POLICY 2. AWARENESS AND TRAINING 3. BACKUPS AND CONTINUITY 4. PHYSICAL SECURITY 5. AUTHENTICATION 6. ACCESS CONTROLS 7. MONITORING 8. FIREWALLS & FILTERING 9. ENCRYPTION 10. ANTI-MALWARE 11. THREAT INTELLIGENCE 12. AUDIT AND REVIEW 13. INSURANCE
    • 30. INFORMATION SECURITY POLICY • You might not think of policy as a defensive layer, but in fact, a well-rounded information security policy is critical to a layered defense • Embodies your commitment to security and guides implementation of all the other security layers • Also protects you and may clinch business deals
    • 31. AWARENESS AND TRAINING • Security policies and defensive measures are useless if your employees don’t know what threats the organization needs to defend against • Security awareness for all and security training for those who need cybersecurity skills • Security is everyone’s responsibility
    • 32. BACKUPS AND CONTINUITY • Having all of your files backed up and a copy of that backup stored in a safe place can save the day when all other defensive layers have been penetrated by the forces of evil or even sheer bad luck • Makes sure you have backup of your facilities as well as your data • And a Business Continuity Plan
    • 33. PHYSICAL SECURITY • Important layer of defense, one that too many organizations overlook • Physical security for your digital devices can be tricky if they are in semi-public places, like a store or restaurant but not impossible • There are ways to reduce theft and its impact, from security cables to surveillance cameras to software
    • 34. AUTHENTICATION • Everyone using your systems should be accurately identified, preferably via multiple factors, such as a password PLUS and one time token and/or biometric
    • 35. ACCESS CONTROLS • Once granted, access to a system needs to be controlled • All employees don’t need equal access to every piece of data • Assign access based on job function or role • Privileges for anyone who leaves the organization should be terminated immediately
    • 36. MONITORING • You cannot maintain the security of a system if you don’t monitor it • Use the logs, record the actions of users based on their authentication to the system • Don’t just turn on logging, but check the logs on a regular basis or get monitoring software that will do that for you
    • 37. FILTERING AND FIREWALLS • When your employees use the Internet via company computers you should be filtering • Firewalls can implement rules to control user activity as well as block many different types of attack on your network and devices
    • 38. ENCRYPTION • Even if someone penetrates your layered defense and finds the folder containing your most valuable secrets, a good encryption program will prevent them from reading it • Use encryption on all sensitive data, not only when it is being stored on a server, but on endpoints like laptops, and in transit, like email
    • 39. ANTI-MALWARE • Today’s anti-malware suites use a wide range of techniques to detect and block incoming code that is malicious • Deploy across all platforms, from mail and file servers to desktops, laptops, tablets, and smartphones, plus removable media like CDs and USB flash drives
    • 40. THREAT INTELLIGENCE • Need to know who is trying to steal data from you and the latest techniques that such felons employ • Stay current with the ever-shifting “threat landscape” • Use intelligence reports and services (attend webinars) • Make appropriate adjustments to security settings as threats evolve
    • 41. AUDIT AND REVIEW • Defense never rests • Not only do you need to respond to emerging threats, you also have to periodically check your current layers of defense • Hire a penetration tester to verify that everything is locked down tight • Review security strategy in light of new threats and adjust accordingly
    • 42. INSURANCE • Leverage your layered defenses with cyber insurance policy • These are becoming more widely available and can cover a range of potential problems • Better premiums for better security • Check with your business insurance agent for details
    • 43. Is that all? No! • Cybercrime is not your fault • It is committed by criminals • Government needs to do more • All the governments, in all the countries • Arrests, extraditions, sentencing • Peace and prosperity
    • 44. 4 dimensions of society’s response to cybercrime LAW KNOWLEDGE DIPLOMACY CYBERCRIME TECHNOLOGY
    • 45. We need to improve in all areas to reduce cybercrime DIPLOMACY KNOWLEDGE CYBERCRIME TECHNOLOGY LAW
    • 46. Thank you! • www.eset.com • www.WeLiveSecurity.com • @zcobb USEFUL LINKS (some are PDF) Anderson/Tyler/Savage: Cybercrime cost paper Cybercrime cost slides RAND report on cybercrime markets Verizon Data Breach Investigation Report Cybercrime webinar recording Krebs on Security With special thanks to all my fellow researchers at ESET including who work on the cybercrime problem including Pierre-Marc Bureau and Alexis Dorais-Joncas

    ×