SlideShare a Scribd company logo

ihegc012

Maksym Schipka
Maksym Schipka

The online shadow economy refers to the criminal black market on the internet. It is worth over $105 billion globally and involves tens of thousands of specialized participants. Malware authors can produce new, unique malware every 45 seconds to stay ahead of detection methods. The shadow economy operates like a legitimate economy, with various criminal roles specialized in activities like malware creation, distribution, identity theft, and money laundering.

1 of 4
Download to read offline
WHITE PAPER: The Online Shadow Economy: A Billion Dollar Market For Malware Authors The Online Shadow Economy: A Billion Dollar Market For Malware Authors Maksym Schipka, Senior Architect of Development WHITE PAPER Introduction Malware, meaning computer viruses, trojans and spyware, is about money. The teenagers who wrote viruses have grown up and now they’re trying to make money. The shadow Internet economy is worth over $105 billion. Online crime is bigger than the global drugs trade. There is a sophisticated online black market with tens of thousands of participants. Collectively, online criminals are using the techniques of the free market to subvert and corrupt legitimate online business. Dot.com entrepreneurs of crime Maksym Schipka, Senior Architect at MessageLabs, has been spending a lot of time exploring this criminal underworld. He has been looking at Russian websites, chat forums and exchanges because he understands the language and because they are the most active. However, there are similar online markets in other countries. In the shadow economy, people boast of making $10,000 a day and while this may be bravado, people are making good money in the shadow economy. With little chance of being caught and so much money at stake, it is little wonder that “a huge number of people are involved,” according to Schipka. Division of labor The big surprise is the level of specialization and the sophistication of the market. Picture a mall: some shops sell clothes, some sell food, others sell books and so on. Each shop is specialized and dedicated to one type of product. For each type of product, there are several shops competing to offer better prices and better service. This is what the shadow economy is like. Let’s look at one online crime and see how it breaks down into a series of specialized trades. First, malware writers create new viruses, spyware, and trojans to infect computers. For as little as $250 you can buy a custom written malware and for an extra $25 a month you can subscribe to updates that will ensure your malware evades detection. The vast majority of malware authors do not distribute it themselves. In fact, they make great play of offering their software “for educational purposes only” in the hope that this offers some immunity from prosecution. A malware middleman buys malware from a programmer and uses the services of a botnet owner to spread it. A botnet is a remotely-controlled network of computers that have been infected by a virus. Typically, they are poorly protected computers belonging to innocent people around the world. You may have a bot running on your PC now and not know it. These computers give botnet owners the computing horsepower and network connectivity to spam out millions of emails or send out hundreds of thousands of trojan attacks or host a malicious website. Once the malware has spread, the middleman can sit back and start to collect stolen information and identities. The middleman sells the stolen identities to make money. A full identity sells for around $5. This includes full name and address, a passport or driving licence scan, credit card numbers and bank account details. Credit card numbers sell for 2-5% of the remaining credit balance on the cards in question. Identity thieves offer their customers a high level of service. For example, you can buy identities sorted by country, industry, role; and credit cards sorted by remaining balance. There is another category of middleman who specializes in turning stolen credit card identities into cash. He will buy credit card information and then use a “drop service.” A drop is someone who receives goods purchased with a stolen credit card. Some are criminal fences; others are unwitting dupes doing it for cash. A middleman buys goods from online shops – typically cameras and portable computers – and then ships them to drops. The drops, in turn, post them on or sell them immediately for cash. This is how a stolen credit card is laundered. Scammers scammed They say there’s no honor among thieves. This is also true of the shadow economy. Fraud and rip-offs are so common that a system of guarantors and escrow accounts has emerged. For example, a drop service provider might offer a guarantee to an identity thief that they will be paid their cut of the sale of any goods, even if individual fences don’t pay up. Similarly, guarantors will provide an escrow service. For example, a buyer will transfer payment to the guarantor and the seller will transmit the virus code or the credit card numbers. If the goods
check out the funds are released. Typically, these guarantors take 2-3% of the transaction value for their services. The emergence of these services shows a developing sophistication in the market, driven by economics more than technology or the demands of organized crime. It also shows there are participants who value their long-term reputation. These are worrying signs. Continuous improvement Another sign of growing sophistication is the continuous improvement in the quality of products on sale in the shadow economy. Malware writers work hard to test their products against anti-virus software. They offer guarantees that a given virus or trojan will not be detected using current anti- virus programs. If vendors update their software, then the malware author will supply a new version. Conventional anti-virus programs rely on “signatures” to detect malware. A signature is similar to a DNA fragment that identies the virus and separates it from legitimate data. Anti-virus programs scan email attachments and other les to check that they contain no known signatures. As new malware comes to light, anti-virus vendors issue signature updates. However, they can only nd a new signature after a new virus is in the wild and is released on the Internet. Worse, malware authors can also download the signatures and test their creations against the latest updates. Schipka’s research suggests that malware authors can produce new, unique malware every 45 seconds in order to keep it undetected. This is where the MessageLabs service is so valuable. As malware developers get more sophisticated, they nd it easier to stay one step ahead of signature-based detection. MessageLabs uses signatures, but also has a second line of defense: its proprietary Skeptic™ engine. This heuristic scanner can detect malware without signatures. Moreover, the bad guys can’t buy it and use it to test their malware. The only people who have access to Skeptic are MessageLabs and the only people who benet from it are MessageLabs customers. Ultimately, says Schipka, “The only thing you can rely on is very good, well-managed heuristic detection.” The free market and the future of online crime The shadow economy has all the attributes of a traditional economy – division of labor, price competition, marketing and so on – accelerated to Internet speed and carried out online. Adam Smith, the pioneering political economist, in his Wealth of Nations, foresaw that the division of labor could increase productivity and quality. Similarly, competition drives down prices and tends to drive innovation. While it is interesting to observe these classical economic principles at work, they hold a terrible warning: malware is going to get more common and more virulent. Companies that rely on the Internet and email, need the best protection they can get. WHITE PAPER: The Online Shadow Economy: A Billion Dollar Market For Malware Authors There is a sophisticated online black market with tens of thousands of participants. Malware authors can produce new, unique malware every 45 seconds in order to keep it undetected. 2 Division of labor in the shadow economy
3
Americas AMERICAS HEADQUARTERS 512 Seventh Avenue 6th Floor New York, NY 10018 USA T +1 646 519 8100 F +1 646 452 6570 CENTRAL REGION 7760 France Avenue South Suite 1100 Bloomington, MN 55435 USA T +1 952 830 1000 F +1 952 831 8118 Asia Pacic HONG KONG 1601 Tower II 89 Queensway Admiralty Hong Kong T +852 2111 3650 F +852 2111 9061 AUSTRALIA Level 14 90 Arthur Street North Sydney NSW 2060 Australia T +61 2 9409 4360 F +61 2 9955 5458 SINGAPORE Level 14 Prudential Tower 30 Cecil Street Singapore 049712 T +65 6232 2855 F +65 6232 2300 ©2007 MessageLabs Inc. All Rights Reserved. MessageLabs and the MessageLabs logo are registered trademarks and Be certain is atrademark of MessageLabs Ltd. and its affi liates in the United States and/or other countries. Other products, brands, registered trademarks and trademarks are property of their respective owners/companies. WP_OSE1007 WHITE PAPER: The Online Shadow Economy: A Billion Dollar Market For Malware Authors Europe HEADQUARTERS 1270 Lansdowne Court Gloucester Business Park Gloucester, GL3 4AB United Kingdom T +44 (0) 1452 627 627 F +44 (0) 1452 627 628 LONDON 3rd Floor 1 Great Portland Street London, W1W 8PZ United Kingdom T +44 (0) 207 291 1960 F +44 (0) 207 291 1937 NETHERLANDS Teleport Towers Kingsfordweg 151 1043 GR Amsterdam Netherlands T +31 (0) 20 491 9600 F +31 (0) 20 491 7354 BELGIUM / LUXEMBOURG Culliganlaan 1B B-1831 Diegem Belgium T +32 (0) 2 403 12 61 F +32 (0) 2 403 12 12 DACH Feringastraße 9 85774 Unterföhring Munich Germany T +49 (0) 89 189 43 990 F +49 (0) 89 189 43 999 www.messagelabs.com info@messagelabs.com © MessageLabs 2007

Recommended

RSA Monthly Online Fraud Report - June 2013
RSA Monthly Online Fraud Report - June 2013RSA Monthly Online Fraud Report - June 2013
RSA Monthly Online Fraud Report - June 2013EMC
 
RSA Online Fraud Report - August 2014
RSA Online Fraud Report - August 2014RSA Online Fraud Report - August 2014
RSA Online Fraud Report - August 2014EMC
 
IC3 2019 Internet Crime Report
IC3 2019 Internet Crime ReportIC3 2019 Internet Crime Report
IC3 2019 Internet Crime Report- Mark - Fullbright
 
Ransomware-as-a-Service: The business of distributing cyber attacks
Ransomware-as-a-Service: The business of distributing cyber attacksRansomware-as-a-Service: The business of distributing cyber attacks
Ransomware-as-a-Service: The business of distributing cyber attacksΔρ. Γιώργος K. Κασάπης
 
2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial CrimesRaj Goel
 
Cataleya-Security-Feature_SAWC_April2016page-20-23
Cataleya-Security-Feature_SAWC_April2016page-20-23Cataleya-Security-Feature_SAWC_April2016page-20-23
Cataleya-Security-Feature_SAWC_April2016page-20-23Jacqueline Fick
 
Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020
Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020
Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020Jeff Martinez
 
Red Flag Rules
Red Flag RulesRed Flag Rules
Red Flag Rules- Mark - Fullbright
 

Recommended

RSA Monthly Online Fraud Report - June 2013
RSA Monthly Online Fraud Report - June 2013RSA Monthly Online Fraud Report - June 2013
RSA Monthly Online Fraud Report - June 2013EMC
 
RSA Online Fraud Report - August 2014
RSA Online Fraud Report - August 2014RSA Online Fraud Report - August 2014
RSA Online Fraud Report - August 2014EMC
 
IC3 2019 Internet Crime Report
IC3 2019 Internet Crime ReportIC3 2019 Internet Crime Report
IC3 2019 Internet Crime Report- Mark - Fullbright
 
Ransomware-as-a-Service: The business of distributing cyber attacks
Ransomware-as-a-Service: The business of distributing cyber attacksRansomware-as-a-Service: The business of distributing cyber attacks
Ransomware-as-a-Service: The business of distributing cyber attacksΔρ. Γιώργος K. Κασάπης
 
2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial CrimesRaj Goel
 
Cataleya-Security-Feature_SAWC_April2016page-20-23
Cataleya-Security-Feature_SAWC_April2016page-20-23Cataleya-Security-Feature_SAWC_April2016page-20-23
Cataleya-Security-Feature_SAWC_April2016page-20-23Jacqueline Fick
 
Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020
Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020
Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020Jeff Martinez
 
Red Flag Rules
Red Flag RulesRed Flag Rules
Red Flag Rules- Mark - Fullbright
 
Ransomware
RansomwareRansomware
RansomwareG Prachi
 
2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)- Mark - Fullbright
 
Unearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet FraudUnearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet FraudInternet Law Center
 
10 of the Top Data Breaches of the Decade
10 of the Top Data Breaches of the Decade10 of the Top Data Breaches of the Decade
10 of the Top Data Breaches of the Decadestudentinternetdeals33
 
Little book of cyber scams
Little book of cyber scamsLittle book of cyber scams
Little book of cyber scamsEddie Hirst MSc MSyl
 
Cybersecurity is a key ingredient in the digital economy
Cybersecurity is a key ingredient in the digital economyCybersecurity is a key ingredient in the digital economy
Cybersecurity is a key ingredient in the digital economyMark Albala
 
Symantec Website Security Threat Report
Symantec Website Security Threat ReportSymantec Website Security Threat Report
Symantec Website Security Threat Reportcheinyeanlim
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsOilPriceInformationService
 
Android mobile platform security and malware
Android mobile platform security and malwareAndroid mobile platform security and malware
Android mobile platform security and malwareeSAT Publishing House
 
Risk base approach for security management fujitsu-fms event 15 aug 2011
Risk base approach for security management fujitsu-fms event 15 aug 2011Risk base approach for security management fujitsu-fms event 15 aug 2011
Risk base approach for security management fujitsu-fms event 15 aug 2011IbuSrikandi
 
A LOOK INSIDE THE BRAZILIAN UNDERGROUND
A LOOK INSIDE THE BRAZILIAN UNDERGROUNDA LOOK INSIDE THE BRAZILIAN UNDERGROUND
A LOOK INSIDE THE BRAZILIAN UNDERGROUNDFelipe Prado
 
Dealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereDealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereGoutama Bachtiar
 
Cybercriminals target online banking
Cybercriminals target online bankingCybercriminals target online banking
Cybercriminals target online bankingScientia Groups
 
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the BoardroomCritical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the BoardroomStanford GSB Corporate Governance Research Initiative
 
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfDetecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfMoney 2Conf
 
Insecure mag-33
Insecure mag-33Insecure mag-33
Insecure mag-33cheinyeanlim
 
State of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in BankingState of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in BankingIJSRED
 
Report on ios piracy
Report on ios piracyReport on ios piracy
Report on ios piracyRadhika Chittoor
 
Case study joined
Case study joinedCase study joined
Case study joinedLijo George
 
What Clearswift Employees Say
What Clearswift Employees SayWhat Clearswift Employees Say
What Clearswift Employees SayMaksym Schipka
 
Working at Clearswift - Employee Benefits
Working at Clearswift - Employee BenefitsWorking at Clearswift - Employee Benefits
Working at Clearswift - Employee BenefitsMaksym Schipka
 
Lta survey draft
Lta survey draftLta survey draft
Lta survey draftAkym_4
 

More Related Content

What's hot

Ransomware
RansomwareRansomware
RansomwareG Prachi
 
2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)- Mark - Fullbright
 
Unearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet FraudUnearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet FraudInternet Law Center
 
10 of the Top Data Breaches of the Decade
10 of the Top Data Breaches of the Decade10 of the Top Data Breaches of the Decade
10 of the Top Data Breaches of the Decadestudentinternetdeals33
 
Cybersecurity is a key ingredient in the digital economy
Cybersecurity is a key ingredient in the digital economyCybersecurity is a key ingredient in the digital economy
Cybersecurity is a key ingredient in the digital economyMark Albala
 
Symantec Website Security Threat Report
Symantec Website Security Threat ReportSymantec Website Security Threat Report
Symantec Website Security Threat Reportcheinyeanlim
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsOilPriceInformationService
 
Android mobile platform security and malware
Android mobile platform security and malwareAndroid mobile platform security and malware
Android mobile platform security and malwareeSAT Publishing House
 
Risk base approach for security management fujitsu-fms event 15 aug 2011
Risk base approach for security management fujitsu-fms event 15 aug 2011Risk base approach for security management fujitsu-fms event 15 aug 2011
Risk base approach for security management fujitsu-fms event 15 aug 2011IbuSrikandi
 
A LOOK INSIDE THE BRAZILIAN UNDERGROUND
A LOOK INSIDE THE BRAZILIAN UNDERGROUNDA LOOK INSIDE THE BRAZILIAN UNDERGROUND
A LOOK INSIDE THE BRAZILIAN UNDERGROUNDFelipe Prado
 
Dealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereDealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereGoutama Bachtiar
 
Cybercriminals target online banking
Cybercriminals target online bankingCybercriminals target online banking
Cybercriminals target online bankingScientia Groups
 
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfDetecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfMoney 2Conf
 
State of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in BankingState of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in BankingIJSRED
 
Case study joined
Case study joinedCase study joined
Case study joinedLijo George
 

What's hot (19)

Ransomware
RansomwareRansomware
Ransomware
 
2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)
 
Unearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet FraudUnearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet Fraud
 
10 of the Top Data Breaches of the Decade
10 of the Top Data Breaches of the Decade10 of the Top Data Breaches of the Decade
10 of the Top Data Breaches of the Decade
 
Little book of cyber scams
Little book of cyber scamsLittle book of cyber scams
Little book of cyber scams
 
Cybersecurity is a key ingredient in the digital economy
Cybersecurity is a key ingredient in the digital economyCybersecurity is a key ingredient in the digital economy
Cybersecurity is a key ingredient in the digital economy
 
Symantec Website Security Threat Report
Symantec Website Security Threat ReportSymantec Website Security Threat Report
Symantec Website Security Threat Report
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
 
Android mobile platform security and malware
Android mobile platform security and malwareAndroid mobile platform security and malware
Android mobile platform security and malware
 
Risk base approach for security management fujitsu-fms event 15 aug 2011
Risk base approach for security management fujitsu-fms event 15 aug 2011Risk base approach for security management fujitsu-fms event 15 aug 2011
Risk base approach for security management fujitsu-fms event 15 aug 2011
 
A LOOK INSIDE THE BRAZILIAN UNDERGROUND
A LOOK INSIDE THE BRAZILIAN UNDERGROUNDA LOOK INSIDE THE BRAZILIAN UNDERGROUND
A LOOK INSIDE THE BRAZILIAN UNDERGROUND
 
Dealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereDealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking Sphere
 
Cybercriminals target online banking
Cybercriminals target online bankingCybercriminals target online banking
Cybercriminals target online banking
 
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the BoardroomCritical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the Boardroom
 
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfDetecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2Conf
 
Insecure mag-33
Insecure mag-33Insecure mag-33
Insecure mag-33
 
State of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in BankingState of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in Banking
 
Report on ios piracy
Report on ios piracyReport on ios piracy
Report on ios piracy
 
Case study joined
Case study joinedCase study joined
Case study joined
 

Viewers also liked

What Clearswift Employees Say
What Clearswift Employees SayWhat Clearswift Employees Say
What Clearswift Employees SayMaksym Schipka
 
Working at Clearswift - Employee Benefits
Working at Clearswift - Employee BenefitsWorking at Clearswift - Employee Benefits
Working at Clearswift - Employee BenefitsMaksym Schipka
 
Lta survey draft
Lta survey draftLta survey draft
Lta survey draftAkym_4
 
Lta survey draft
Lta survey draftLta survey draft
Lta survey draftAkym_4
 
Steinmetz vs aspira early college
Steinmetz vs aspira early collegeSteinmetz vs aspira early college
Steinmetz vs aspira early collegeAnTiHaT3Rs
 
Presentation1
Presentation1Presentation1
Presentation1Akym_4
 
Taft vs prosser
Taft vs prosserTaft vs prosser
Taft vs prosserbendover97
 
My favorite past time
My favorite past timeMy favorite past time
My favorite past timemcle0303
 
Steinmetz vs aspira early college
Steinmetz vs aspira early collegeSteinmetz vs aspira early college
Steinmetz vs aspira early collegeAnTiHaT3Rs
 
Диспетчерским и таксопаркам
Диспетчерским и таксопаркамДиспетчерским и таксопаркам
Диспетчерским и таксопаркамTaxivs
 
Presentasjon om reiselivs i Rauma
Presentasjon om reiselivs i RaumaPresentasjon om reiselivs i Rauma
Presentasjon om reiselivs i RaumaHilde Bakke
 
uk_infosec_190411_-_cloud_presentation
uk_infosec_190411_-_cloud_presentationuk_infosec_190411_-_cloud_presentation
uk_infosec_190411_-_cloud_presentationMaksym Schipka
 
PP No. 80 Tahun 2010 Tentang Pengenaan PPh Psl. 21 atas Penghasilan PNS, TN...
PP No. 80 Tahun 2010 Tentang Pengenaan PPh Psl. 21 atas Penghasilan PNS, TN...PP No. 80 Tahun 2010 Tentang Pengenaan PPh Psl. 21 atas Penghasilan PNS, TN...
PP No. 80 Tahun 2010 Tentang Pengenaan PPh Psl. 21 atas Penghasilan PNS, TN...Idris Kelirey
 
How to assess internal risks of a large erp implementation
How to assess internal risks of a large erp implementationHow to assess internal risks of a large erp implementation
How to assess internal risks of a large erp implementationMaxime Chambreuil
 

Viewers also liked (18)

What Clearswift Employees Say
What Clearswift Employees SayWhat Clearswift Employees Say
What Clearswift Employees Say
 
Working at Clearswift - Employee Benefits
Working at Clearswift - Employee BenefitsWorking at Clearswift - Employee Benefits
Working at Clearswift - Employee Benefits
 
Lta survey draft
Lta survey draftLta survey draft
Lta survey draft
 
Lta survey draft
Lta survey draftLta survey draft
Lta survey draft
 
Steinmetz vs aspira early college
Steinmetz vs aspira early collegeSteinmetz vs aspira early college
Steinmetz vs aspira early college
 
Presentation1
Presentation1Presentation1
Presentation1
 
Taft vs prosser
Taft vs prosserTaft vs prosser
Taft vs prosser
 
My favorite past time
My favorite past timeMy favorite past time
My favorite past time
 
Steinmetz vs aspira early college
Steinmetz vs aspira early collegeSteinmetz vs aspira early college
Steinmetz vs aspira early college
 
Диспетчерским и таксопаркам
Диспетчерским и таксопаркамДиспетчерским и таксопаркам
Диспетчерским и таксопаркам
 
Presentasjon om reiselivs i Rauma
Presentasjon om reiselivs i RaumaPresentasjon om reiselivs i Rauma
Presentasjon om reiselivs i Rauma
 
uk_infosec_190411_-_cloud_presentation
uk_infosec_190411_-_cloud_presentationuk_infosec_190411_-_cloud_presentation
uk_infosec_190411_-_cloud_presentation
 
PM Professional Development
PM Professional DevelopmentPM Professional Development
PM Professional Development
 
Estimating
EstimatingEstimating
Estimating
 
PP No. 80 Tahun 2010 Tentang Pengenaan PPh Psl. 21 atas Penghasilan PNS, TN...
PP No. 80 Tahun 2010 Tentang Pengenaan PPh Psl. 21 atas Penghasilan PNS, TN...PP No. 80 Tahun 2010 Tentang Pengenaan PPh Psl. 21 atas Penghasilan PNS, TN...
PP No. 80 Tahun 2010 Tentang Pengenaan PPh Psl. 21 atas Penghasilan PNS, TN...
 
How to assess internal risks of a large erp implementation
How to assess internal risks of a large erp implementationHow to assess internal risks of a large erp implementation
How to assess internal risks of a large erp implementation
 
Project Risk Management
Project Risk ManagementProject Risk Management
Project Risk Management
 
Earned Value Management
Earned Value ManagementEarned Value Management
Earned Value Management
 

Similar to ihegc012

The Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hackingThe Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hackingat MicroFocus Italy ❖✔
 
Business of Hacking
Business of HackingBusiness of Hacking
Business of HackingDaniel Ross
 
Driving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyDriving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyFirst Atlantic Commerce
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and SecurityMd Nishad
 
cybercrime survival guide
cybercrime survival guidecybercrime survival guide
cybercrime survival guideGary Gray, MCSE
 
ccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdfccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdfKALPITKALPIT1
 
TestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTest
TestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTest
TestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTesth9gfhypx97
 
Your money or your files
Your money or your filesYour money or your files
Your money or your filesRoel Palmaers
 
Discuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxDiscuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxbkbk37
 
Discuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxDiscuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxwrite12
 
CRC Alert November 2019 Final.pdf
CRC Alert November 2019 Final.pdfCRC Alert November 2019 Final.pdf
CRC Alert November 2019 Final.pdfssuser7464571
 
Five cyber threats to be careful in 2018
Five cyber threats to be careful in 2018Five cyber threats to be careful in 2018
Five cyber threats to be careful in 2018Ronak Jain
 
INSECURE Magazine - 33
INSECURE Magazine - 33INSECURE Magazine - 33
INSECURE Magazine - 33Felipe Prado
 
E-Commerce Security Workable Attacks Againest E-Commerce
E-Commerce Security Workable Attacks Againest E-CommerceE-Commerce Security Workable Attacks Againest E-Commerce
E-Commerce Security Workable Attacks Againest E-Commerceabe8512000
 
Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up bookDiego Souza
 
006 Diversity Essays For College Sample Graduat
006 Diversity Essays For College Sample Graduat006 Diversity Essays For College Sample Graduat
006 Diversity Essays For College Sample GraduatLori Head
 
111cyber crimes
111cyber crimes111cyber crimes
111cyber crimesrinushalu
 
87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crimehomeworkping4
 

Similar to ihegc012 (20)

The Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hackingThe Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hacking
 
Business of Hacking
Business of HackingBusiness of Hacking
Business of Hacking
 
12 c business i environment i society mba 2016
12 c business i environment i society mba 201612 c business i environment i society mba 2016
12 c business i environment i society mba 2016
 
Driving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyDriving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your Enemy
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business Ready
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
cybercrime survival guide
cybercrime survival guidecybercrime survival guide
cybercrime survival guide
 
ccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdfccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdf
 
TestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTest
TestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTest
TestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTest
 
Your money or your files
Your money or your filesYour money or your files
Your money or your files
 
Discuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxDiscuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docx
 
Discuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docxDiscuss similarities and differences between and Trojan.docx
Discuss similarities and differences between and Trojan.docx
 
CRC Alert November 2019 Final.pdf
CRC Alert November 2019 Final.pdfCRC Alert November 2019 Final.pdf
CRC Alert November 2019 Final.pdf
 
Five cyber threats to be careful in 2018
Five cyber threats to be careful in 2018Five cyber threats to be careful in 2018
Five cyber threats to be careful in 2018
 
INSECURE Magazine - 33
INSECURE Magazine - 33INSECURE Magazine - 33
INSECURE Magazine - 33
 
E-Commerce Security Workable Attacks Againest E-Commerce
E-Commerce Security Workable Attacks Againest E-CommerceE-Commerce Security Workable Attacks Againest E-Commerce
E-Commerce Security Workable Attacks Againest E-Commerce
 
Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up book
 
006 Diversity Essays For College Sample Graduat
006 Diversity Essays For College Sample Graduat006 Diversity Essays For College Sample Graduat
006 Diversity Essays For College Sample Graduat
 
111cyber crimes
111cyber crimes111cyber crimes
111cyber crimes
 
87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime
 

ihegc012

  • 1. WHITE PAPER: The Online Shadow Economy: A Billion Dollar Market For Malware Authors The Online Shadow Economy: A Billion Dollar Market For Malware Authors Maksym Schipka, Senior Architect of Development WHITE PAPER Introduction Malware, meaning computer viruses, trojans and spyware, is about money. The teenagers who wrote viruses have grown up and now they’re trying to make money. The shadow Internet economy is worth over $105 billion. Online crime is bigger than the global drugs trade. There is a sophisticated online black market with tens of thousands of participants. Collectively, online criminals are using the techniques of the free market to subvert and corrupt legitimate online business. Dot.com entrepreneurs of crime Maksym Schipka, Senior Architect at MessageLabs, has been spending a lot of time exploring this criminal underworld. He has been looking at Russian websites, chat forums and exchanges because he understands the language and because they are the most active. However, there are similar online markets in other countries. In the shadow economy, people boast of making $10,000 a day and while this may be bravado, people are making good money in the shadow economy. With little chance of being caught and so much money at stake, it is little wonder that “a huge number of people are involved,” according to Schipka. Division of labor The big surprise is the level of specialization and the sophistication of the market. Picture a mall: some shops sell clothes, some sell food, others sell books and so on. Each shop is specialized and dedicated to one type of product. For each type of product, there are several shops competing to offer better prices and better service. This is what the shadow economy is like. Let’s look at one online crime and see how it breaks down into a series of specialized trades. First, malware writers create new viruses, spyware, and trojans to infect computers. For as little as $250 you can buy a custom written malware and for an extra $25 a month you can subscribe to updates that will ensure your malware evades detection. The vast majority of malware authors do not distribute it themselves. In fact, they make great play of offering their software “for educational purposes only” in the hope that this offers some immunity from prosecution. A malware middleman buys malware from a programmer and uses the services of a botnet owner to spread it. A botnet is a remotely-controlled network of computers that have been infected by a virus. Typically, they are poorly protected computers belonging to innocent people around the world. You may have a bot running on your PC now and not know it. These computers give botnet owners the computing horsepower and network connectivity to spam out millions of emails or send out hundreds of thousands of trojan attacks or host a malicious website. Once the malware has spread, the middleman can sit back and start to collect stolen information and identities. The middleman sells the stolen identities to make money. A full identity sells for around $5. This includes full name and address, a passport or driving licence scan, credit card numbers and bank account details. Credit card numbers sell for 2-5% of the remaining credit balance on the cards in question. Identity thieves offer their customers a high level of service. For example, you can buy identities sorted by country, industry, role; and credit cards sorted by remaining balance. There is another category of middleman who specializes in turning stolen credit card identities into cash. He will buy credit card information and then use a “drop service.” A drop is someone who receives goods purchased with a stolen credit card. Some are criminal fences; others are unwitting dupes doing it for cash. A middleman buys goods from online shops – typically cameras and portable computers – and then ships them to drops. The drops, in turn, post them on or sell them immediately for cash. This is how a stolen credit card is laundered. Scammers scammed They say there’s no honor among thieves. This is also true of the shadow economy. Fraud and rip-offs are so common that a system of guarantors and escrow accounts has emerged. For example, a drop service provider might offer a guarantee to an identity thief that they will be paid their cut of the sale of any goods, even if individual fences don’t pay up. Similarly, guarantors will provide an escrow service. For example, a buyer will transfer payment to the guarantor and the seller will transmit the virus code or the credit card numbers. If the goods
  • 2. check out the funds are released. Typically, these guarantors take 2-3% of the transaction value for their services. The emergence of these services shows a developing sophistication in the market, driven by economics more than technology or the demands of organized crime. It also shows there are participants who value their long-term reputation. These are worrying signs. Continuous improvement Another sign of growing sophistication is the continuous improvement in the quality of products on sale in the shadow economy. Malware writers work hard to test their products against anti-virus software. They offer guarantees that a given virus or trojan will not be detected using current anti- virus programs. If vendors update their software, then the malware author will supply a new version. Conventional anti-virus programs rely on “signatures” to detect malware. A signature is similar to a DNA fragment that identies the virus and separates it from legitimate data. Anti-virus programs scan email attachments and other les to check that they contain no known signatures. As new malware comes to light, anti-virus vendors issue signature updates. However, they can only nd a new signature after a new virus is in the wild and is released on the Internet. Worse, malware authors can also download the signatures and test their creations against the latest updates. Schipka’s research suggests that malware authors can produce new, unique malware every 45 seconds in order to keep it undetected. This is where the MessageLabs service is so valuable. As malware developers get more sophisticated, they nd it easier to stay one step ahead of signature-based detection. MessageLabs uses signatures, but also has a second line of defense: its proprietary Skeptic™ engine. This heuristic scanner can detect malware without signatures. Moreover, the bad guys can’t buy it and use it to test their malware. The only people who have access to Skeptic are MessageLabs and the only people who benet from it are MessageLabs customers. Ultimately, says Schipka, “The only thing you can rely on is very good, well-managed heuristic detection.” The free market and the future of online crime The shadow economy has all the attributes of a traditional economy – division of labor, price competition, marketing and so on – accelerated to Internet speed and carried out online. Adam Smith, the pioneering political economist, in his Wealth of Nations, foresaw that the division of labor could increase productivity and quality. Similarly, competition drives down prices and tends to drive innovation. While it is interesting to observe these classical economic principles at work, they hold a terrible warning: malware is going to get more common and more virulent. Companies that rely on the Internet and email, need the best protection they can get. WHITE PAPER: The Online Shadow Economy: A Billion Dollar Market For Malware Authors There is a sophisticated online black market with tens of thousands of participants. Malware authors can produce new, unique malware every 45 seconds in order to keep it undetected. 2 Division of labor in the shadow economy
  • 3. 3
  • 4. Americas AMERICAS HEADQUARTERS 512 Seventh Avenue 6th Floor New York, NY 10018 USA T +1 646 519 8100 F +1 646 452 6570 CENTRAL REGION 7760 France Avenue South Suite 1100 Bloomington, MN 55435 USA T +1 952 830 1000 F +1 952 831 8118 Asia Pacic HONG KONG 1601 Tower II 89 Queensway Admiralty Hong Kong T +852 2111 3650 F +852 2111 9061 AUSTRALIA Level 14 90 Arthur Street North Sydney NSW 2060 Australia T +61 2 9409 4360 F +61 2 9955 5458 SINGAPORE Level 14 Prudential Tower 30 Cecil Street Singapore 049712 T +65 6232 2855 F +65 6232 2300 ©2007 MessageLabs Inc. All Rights Reserved. MessageLabs and the MessageLabs logo are registered trademarks and Be certain is atrademark of MessageLabs Ltd. and its affi liates in the United States and/or other countries. Other products, brands, registered trademarks and trademarks are property of their respective owners/companies. WP_OSE1007 WHITE PAPER: The Online Shadow Economy: A Billion Dollar Market For Malware Authors Europe HEADQUARTERS 1270 Lansdowne Court Gloucester Business Park Gloucester, GL3 4AB United Kingdom T +44 (0) 1452 627 627 F +44 (0) 1452 627 628 LONDON 3rd Floor 1 Great Portland Street London, W1W 8PZ United Kingdom T +44 (0) 207 291 1960 F +44 (0) 207 291 1937 NETHERLANDS Teleport Towers Kingsfordweg 151 1043 GR Amsterdam Netherlands T +31 (0) 20 491 9600 F +31 (0) 20 491 7354 BELGIUM / LUXEMBOURG Culliganlaan 1B B-1831 Diegem Belgium T +32 (0) 2 403 12 61 F +32 (0) 2 403 12 12 DACH Feringastraße 9 85774 Unterföhring Munich Germany T +49 (0) 89 189 43 990 F +49 (0) 89 189 43 999 www.messagelabs.com info@messagelabs.com © MessageLabs 2007