Want to make some money? A little bitcoin on the side? In this session we’ll take you through a few of the ways that Ransomware works. Probably one of the fastest growing forms of cybercrime - we’ll explore the motivations (it’s not all about money) how a typical attack occurs , how your actions and inactions help make the problem worse and generally educate you on the ransomware-as-a-service business that could easily be coming to a server near you. Take the time to see how your CI/CD pipelines can be vulnerable and what you can do to make your application safer and your data more secure.
Some say ransomware is simply a cost of doing business - whether thats true or not ransomware is not going away any time soon This talk will help you get up to speed and started on your journey of improving your defences.
16. @spoole167
DEAR SIR/MA'AM.
YOUR ATM CARD OF $10.5MILLION DOLLARS WAS RETURNED TODAY BY OUR COURIER DELIVERY
COMPANY, AND WE ARE GOING TO CANCEL THE ATM CARD IF YOU FAILS TO ACKNOWLEDGE THIS
MESSAGE, WE SHALL ALSO ASSUME THAT WHAT OUR COURIER DELIVERY COMPANY TOLD US IS
NOTHING BUT THE TRUTH THAT YOU DON'T NEED YOUR ATM CARD OF $10.5 MILLION DOLLARS ANY
LONGER.
DO ACKNOWLEDGE THIS MESSAGE AS SOON AS POSSIBLE.
YOURS FAITHFULLY.
YOURS SINCERELY,
MR MARK WRIGHT,
DIRECTOR FOREIGN REMITTANCE
ATM CARD SWIFT PAYMENT DEPARTMENT
ZENITH BANK OF NIGERIA.
😀
17. @spoole167
Federal Bureau of Investigation (FBI)
Anti-Terrorist And Monitory Crime Division.
Federal Bureau Of Investigation.
J.Edgar.Hoover Building Washington Dc
Customers Service Hours / Monday To Saturday
Office Hours Monday To Saturday:
Dear Beneficiary,
Series of meetings have been held over the past 7 months with the secretary general of the
United Nations Organization. This ended 3 days ago. It is obvious that you have not received
your fund which is to the tune of $16.5million due to past corrupt Governmental Officials who
almost held the fund to themselves for their selfish reason and some individuals who have
taken advantage of your fund all in an attempt to swindle your fund which has led to so many
losses from your end and unnecessary delay in the receipt of your fund.for more information
do get back to us.
….
Upon receipt of payment the delivery officer will ensure that your package is sent within 24
working hours.
😀
18. @spoole167
From <your boss>
I’ve spoken to the XYZ company CEO and they will send us the goods if we
pay $3M immediately. Details below.
I’m off to the golf course – no distractions please.
20. @spoole167
Many Ransomware attacked are specifically targeted at
certain types of organisation
0 2 4 6 8 10 12 14 16 18 20
Government
Education
Services
Healthcare
Technology
Manufacturing
Retail
Utilities
Finance
Other
% Attacks
Attacks
21. @spoole167
Many are specifically targeted at a single company or
organisation
With personalized attacks you invest more and make it compelling.
Your victims views on Facebook about their boss, how busy they are,
important deals coming up. It all helps to craft that million dollar attack…
27. @spoole167
While copying critical data out,
disguised as normal traffic
Sometimes hidden in other
payloads, protocols
Sometimes as responses to
‘legitimate’ requests
Almost always via botnets
29. @spoole167
Many motives
• Data kidnapping? - pay up or or we release the data to other bad guys
• Blackmail? - we have evidence of what you did
• Revenge? - Cripple your systems. Cause you pain
• Competitor actions? wipe you out. steal your secrets
• Something much worse? Weaponized attacks: it’s not personal, its just
practice.
Mostly money of course
31. @spoole167
Organized Cybercrime is the most profitable type of
crime
Cybercrime was estimated to be worth 445 Billion Dollars a Year
United Nations Office on Drugs and Crime (UNODC) estimated globally the illicit
drug trade was worth 435 Billion Dollars
• Guess which one has the least risk to the criminal?
• Guess which is growing the fastest?
• Guess which one is the hardest to prosecute?
• Guess which one is predicted to reach 2100 Billion Dollars by 2019
• Guess which one is predicted to reach 6000 Billion Dollars by 2021
35. @spoole167
Overall it’s much worse than predicted …
As a developer your world is going to change rapidly
as we begin to tackle this problem
@spoole167
38. @spoole167
Cyber Attacks are rising in number and sophistication
Nation states are preparing for the next war – and that all about software
The aim is to infiltrate infrastructure and essential services…
sonatype.com/devsignup
41. @spoole167
On that note
• Cybercrime is already almost impossible to prosecute
• Anonymous Cryptocurrencies make it almost impossible to track the
money
A big motive is – you’re don’t think your going to get caught!
44. @spoole167
Whatever your motive..
It’s easy to buy an attack
monthly subscriptions. One-time fees, percentage of
every ransom payout
Supply chain ransomware attacks are climbing fast
50. Now they make their own
Typosquatting
A lookalike
domain,
dependency with
one or two wrong
or different
characters
Open source
repo attacks
Build Tool
attacks
Attempts to get
malware or
weaknesses
added into
dependency
source via social
or tools
Attempts to get
malware into the
tools that are
used to produce
dependencies
Dependency
confusion
Attempts to get a
Different version
added into a binary
repository
Often “latest”
@spoole167
57. @spoole167
Ransomware is a crime
• It’s not just the money
• It’s the consequence of being out of action
• for a week, 10 days to a month
• of sending patients to other hospitals
• It’s the cost of recovery – you can expect that
you’ll need to work hard to get back to the status
Q.
• Data recovery is never 100%
58. @spoole167
It’s a very personal crime
• It’s the recriminations afterwards. The finger
pointing, the guilty feelings
• Ransomware makes people feel powerless,
angry. Stupid.
• Then there’s the feeling of being invaded, of
not trusting your security systems
59. @spoole167
Guess what – Ransomware can be a smoke screen for
something else.
• It’s not only about stealing data. it’s about
adding data in. Of secretly modifying data.
• How do you know that the data you just
paid to get back is really your data?