Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

(2017) Cybercrime, Inc. (v3.2)

151 views

Published on

This presentation shows how technology evolution has allowed syndicate criminals to become organised criminal “corporations”. How the evolution of hacking and the cyber world is putting our society at risk.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

(2017) Cybercrime, Inc. (v3.2)

  1. 1. Delivering the best in z services, software, hardware and training.Delivering the best in z services, software, hardware and training. Delivering the best in z services, skills, security and software. Cybercrime, Inc.
  2. 2. Agenda • Introductions • Criminals and criminal organisations • Cyber Crime • Cybercrime, Inc. • Hacking for Profit • Being a Hacker • Mainframe – The Crown Jewel • What Can We Do? • Before We Go • Questions and Answers… maybe…
  3. 3. Who am I? A quick introduction… RUI MIGUEL FEIO • Senior Technical Lead at RSM Partners • Based in the UK but travels all over the world • 18 years experience working with mainframes • Started with IBM as an MVS Sys Programmer • Specialist in mainframe security • Experience in other platforms
  4. 4. Introducing RSM Partners • Sole Focus is IBM Mainframe Services • IBM Business Partner • World Leading, 1,000+ Man Years Experience • Run 3 mainframes in-house • Working with large financial, retail & utility companies • One area of specialism is mainframe security: – Whole range of services, Audits, pen tests, migrations and security remediation programs • We have a reputation for deliver: – On time, On budget, Every Time
  5. 5. Criminals and Criminal Organisations
  6. 6. Criminals from the past Al Capone Pablo Escobar
  7. 7. • Some of the most well known criminal organisations, the “Old Boys”: – Cosa Nostra (Italian Mafia) – Japanese Yakuza – Chinese Triads – Russian Mafia – Nigerian mobs – Latin American cartels Criminal organisations
  8. 8. Why Crime?
  9. 9. In the modern world * https://www.emarketer.com/Article/Worldwide-Retail-Ecommerce-Sales-Will-Reach-1915-Trillion-This-Year/1014369
  10. 10. New type of criminals https://www.fbi.gov/investigate/cyber/most-wanted
  11. 11. New type of criminals https://www.fbi.gov/investigate/cyber/most-wanted
  12. 12. New type of criminals
  13. 13. Cyber Crime
  14. 14. • Highly profitable (it’s always about the money) • Low risk (anonymity and geographical location) • More efficient due to technology • Globally dispersed, with special concentration in: Why Cyber Crime? • Ukraine • China • Brazil • Russia • Indonesia • USA • Romania • Taiwan • Turkey • Bulgaria • India • Nigeria
  15. 15. • They have adapted! • Criminals and criminal organisations have adapted to the “new modern world”. • In fact, a 2014 study from the Rand Corporation says that: “80% of hackers work with or are part of an organised crime group” • The “Old Boys” have employed old strategies and traditional business models and created the “Cybercrime, Inc.”. What happened to the “Old Boys”?
  16. 16. Cybercrime, Inc.
  17. 17. • Cybercrime, Inc. is highly organised • Deeply sophisticated: – Business approach – Towards the ‘client’ • Uses typical corporate strategies: – Creative financing – Global logistics – Supply chain and workforce management – Business and market analysis – Focused on the client’s needs Business Model
  18. 18. • Some of the new ‘business’ opportunities: • Identity theft • Intellectual property theft • Trade secrets • Industrial espionage • Sensitive data theft • Online extortion • Financial crime • Data manipulation Business Opportunities
  19. 19. • Some of the tactics and methods used by Cybercrime, Inc.: – Phishing and spear phishing – Man-in-the-middle – Vulnerabilities – Spam – Botnets – Scareware, Malware and Ransomware – DoS and DDoS – … Tactics Employed
  20. 20. Typical Business Organisation CEO CFO Management Sales People CIO Management Researchers Developers Engineers QA Testers Tech Support HR Director CMO Management Distributors Affiliates
  21. 21. Cybercrime, Inc. CEO (Boss) CFO (Underboss) Management (Lieutenant) Money Mules (Soldiers & Associates) CIO (Underboss) Management (Lieutenant) Researchers (Soldiers) Developers (Soldiers) Engineers (Soldiers) QA Testers (Soldiers) Tech Support (Soldiers) HR Director (Underboss) CMO (Underboss) Management (Lieutenant) Distributors (Soldiers) Affiliates (Associates)
  22. 22. • Traditional desktops and servers • Mobile devices • Internet of Things (IoT) devices • “Cloud” systems • Supervisory Control And Data Acquisition (SCADA) devices • GPS Systems • Tracking Systems • Implanted medical devices (IMDs) • … • Targeting data and the ability to control resources Technological Targets
  23. 23. Hacking for Profit
  24. 24. • Founded by Sam Jain and Daniel Sundin • Developed scareware rogue security SW • Offices in 4 continents and HQ in Ukraine • Support centres in US, Argentina and India • Marketed products under more than 1,000 different brands and in 9 languages • From 2002 to 2008 IMI generated hundreds of millions of dollars in profit. IMI – Innovative Marketing Inc.
  25. 25. IMI – Innovative Marketing Inc.
  26. 26. Carbanak Group (aka Anunak) • First identified in early in 2015 by Kaspersky Lab • Used an Advanced Persistent Threat (APT) campaign targeting financial institutions • Estimated $1 Billion US dollars have been stolen in an attack against 100 banks and private customers • Targeted primarily Russia, United States, Germany, China and Ukraine
  27. 27. Cybercrime, Inc. is Very Profitable https://www.scmagazine.com/loss-from-cybercrime-exceeded-13b-in-2016-fbi-report/article/671047/
  28. 28. Being a Hacker
  29. 29. • Hackers are not born hackers, they are trained • Enormous amount of free educational material in the internet and in the underworld (dark web) • PC games: – Uplink – Hacker Experience – Torn City – Hacknet – Hackers (for iOS and Android) Looking for a Hacker
  30. 30. Anyone who feels attracted or enjoys: – Technology – Challenge – The thrill – Adventure – Danger – Money – Respect – Fame Who wants to be a Hacker?
  31. 31. Mainframe – The Crown Jewel
  32. 32. • The mainframe processes and stores larges volumes of data • It’s considered the most secure platform in the world that cannot be hacked • As such, it does not require big investments in security… • Unfortunately, it’s not quite so. The truth is: • The mainframe is a platform that is highly securable but not secured by default. Investment and resources are required to secure it The Mainframe
  33. 33. Hacking the Mainframe
  34. 34. • Last month, did a mainframe security audit on a financial institution who has had mainframe security issues in the past. • 4 Production mainframe systems were in scope. One should learn from one’s mistakes Classification SYS1 SYS2 SYS3 SYS4 High 42 33 40 36 Medium 28 21 24 27 Low 12 11 12 11 Total out of 89 found 82 65 76 74
  35. 35. The SWIFT Hackings
  36. 36. • One of the banks targeted by the SWIFT attacks contacted RSM Partners to help them securing the mainframe. • Their mainframe had been compromised… almost a year ago!!! • First phase was to do a mainframe security audit on 2 of their production systems. A Wake Up Call Classification Score High 34 Medium 41 Low 18 Total: 93
  37. 37. On a Pen Test at one of the top 5 US banks: • Client was convinced they had a top of the art network security system. • I decided to unplug Ethernet cable from one of the terminals and connect it to my laptop • This went without detection • I was able to run a port scan on the mainframe without detection • This was just the beginning!!... They Could Have Been Next
  38. 38. On a Pen Test at one of the top 5 US banks: • Client was convinced they had a top of the art network security system. • I decided to unplug Ethernet cable from one of the terminals and connect it to my laptop • This went without detection • I was able to run a port scan on the mainframe without detection • This was just the beginning!!... They Could Have Been Next Vulnerabilities 24 high risk 25 medium risk 2 low risk
  39. 39. 1. RACF Database is not adequately protected 2. RACF profiles in WARNING mode 3. Excessive access to APF Libraries 4. Inappropriate usage of z/OS UNIX Superuser Privilege, UID = 0 5. Dataset profiles with UACC of READ 6. MVS and JES2 commands not properly protected 7. SERVAUTH class not active or without proper profiles in place 8. Cryptographic keys and services not properly protected 9. Excessive number of personal userids with system wide privileges 10. Unix System Services security being neglected What we keep seeing
  40. 40. What Can We Do?
  41. 41. • Security must be taken seriously by everyone! – Governments, companies, and individuals need to be security conscious and security oriented • Usual security recommendations apply: – Keep security systems updated and up-to-date – Question the origin of everything – Be mindful of: • The information you share and make ’publicly’ available • Free Wifi hotspots (free can be become very expensive) What can we do?
  42. 42. • Invest in security! • Consider (as in doing!) regular: – Security audits – Penetration tests – Vulnerability analysis • Seek help for experts in the field to help to improve security • Keep informed (training, conferences, articles, books, …) • Don’t facilitate (weak passwords, use of same password, …) What can we do?
  43. 43. • There must be no at home and at the office attitude. Security awareness must always be present. • Read before you ‘click’. • Search, ask. • Security must be seen as a whole! The mainframe is part of an ecosystem of other systems and platforms. • Ultimately, if this is too much. Just switch off every electronical device and go back to pen and paper. What can we do?
  44. 44. Before We Go
  45. 45. Before we go – Remember!! • Be mindful • Be aware
  46. 46. Questions?
  47. 47. Rui Miguel Feio RSM Partners ruif@rsmpartners.com mobile: +44 (0) 7570 911459 www.rsmpartners.com Contact

×