This presentation shows how technology evolution has allowed syndicate criminals to become organised criminal “corporations”. How the evolution of hacking and the cyber world is putting our society at risk.
4. Introducing RSM Partners
• Sole Focus is IBM Mainframe Services
• IBM Business Partner
• World Leading, 1,000+ Man Years Experience
• Run 3 mainframes in-house
• Working with large financial, retail & utility companies
• One area of specialism is mainframe security:
– Whole range of services, Audits, pen tests, migrations and
security remediation programs
• We have a reputation for deliver:
– On time, On budget, Every Time
17. • Cybercrime, Inc. is highly organised
• Deeply sophisticated:
– Business approach
– Towards the ‘client’
• Uses typical corporate strategies:
– Creative financing
– Global logistics
– Supply chain and workforce management
– Business and market analysis
– Focused on the client’s needs
Business Model
22. • Traditional desktops and servers
• Mobile devices
• Internet of Things (IoT) devices
• “Cloud” systems
• Supervisory Control And Data Acquisition (SCADA) devices
• GPS Systems
• Tracking Systems
• Implanted medical devices (IMDs)
• …
• Targeting data and the ability to control resources
Technological Targets
24. • Founded by Sam Jain and Daniel Sundin
• Developed scareware rogue security SW
• Offices in 4 continents and HQ in Ukraine
• Support centres in US, Argentina and India
• Marketed products under more than 1,000
different brands and in 9 languages
• From 2002 to 2008 IMI generated hundreds
of millions of dollars in profit.
IMI – Innovative Marketing Inc.
26. Carbanak Group (aka Anunak)
• First identified in early in 2015 by Kaspersky Lab
• Used an Advanced Persistent Threat (APT)
campaign targeting financial institutions
• Estimated $1 Billion US dollars have been stolen
in an attack against 100 banks and private
customers
• Targeted primarily Russia, United States,
Germany, China and Ukraine
39. 1. RACF Database is not adequately protected
2. RACF profiles in WARNING mode
3. Excessive access to APF Libraries
4. Inappropriate usage of z/OS UNIX Superuser Privilege, UID = 0
5. Dataset profiles with UACC of READ
6. MVS and JES2 commands not properly protected
7. SERVAUTH class not active or without proper profiles in place
8. Cryptographic keys and services not properly protected
9. Excessive number of personal userids with system wide privileges
10. Unix System Services security being neglected
What we keep seeing
42. • Invest in security!
• Consider (as in doing!) regular:
– Security audits
– Penetration tests
– Vulnerability analysis
• Seek help for experts in the field to help to improve security
• Keep informed (training, conferences, articles, books, …)
• Don’t facilitate (weak passwords, use of same password, …)
What can we do?