SlideShare a Scribd company logo

Can cyber extortion happen to you? Practical tools for assessing the threat

Tony Martin-Vegue
Tony Martin-Vegue

Slides from Tony Martin-Vegue's presentation at Security BSides, Seattle: February 20, 2016. "Can cyber extortion happen to you? Practical tools for assessing the threat" Abstract: Ransom is more than just the stuff of Hollywood thrillers. Action packed extortion schemes are as old as history itself, but today’s criminals are trading in information. Extortion rackets such as the Ashley Madison and Sony Pictures Entertainment hacks are well-known cases and many security professionals have experienced ransom attempts of their own, ranging from CryptoWall and CryptoLocker malware to DDoS attacks that promise to continue until the attackers are paid. This session will take a detailed look at the different threat actors that perpetrate these attacks and how companies can assess the risk and potential impact of an incident. Participants will learn how to model threats, identify assets at risk, determine the impact and calculate risk. These methods help security professionals understand the impact of various forms of cyber ransom, determine if it is applicable to their organization and how to communicate risk effectively to management. When an organization faces a cyber ransom, quick action is needed to respond to the attackers, safeguard systems and bring systems back online. Participants will also learn how to strengthen their incident response plans and make risk-aware decisions.

Technology
1 of 34
#BSidesSeattle
ABOUT ME Tony Martin-Vegue tony.martinvegue@gmail.com www.thestandarddeviant.com @tdmv
AGENDA •What is extortion? •DDoS for ransom •Ransomware •Targeted victims (Sony, Ashley Madison) •Assessing the risk at your company
EXTORTION
LEGAL DEFINITION ”The obtaining of property from another induced by wrongful use of actual or threatened force, violence, or fear, or under color of official right.” - 18 U.S.C.A. §871 et seq.; §1951
FIRST SEXTORTION?
DDOS
Attack website with a small and short attack Simultaneous attack on others in the sector Send a ransom note demanding payment Increase DDoS attack intensity/duration OR move on ANATOMY OF AN ATTACK
WHY DOES IT WORK? ATTACKER • Attack is Very low cost per hour • Can attack multiple websites in the time allotted • Scalable – can scale up in bandwidth to make a point or scale down to save costs • The attacker knows what they are capable of (information asymmetry) DEFENDER • Costs a company on average of $40,000 an hour1 • Can be only or primary source of revenue • Reputational issues • Have no idea if attack is isolated or worst nightmare 1 Source: Incapsula DDoS Survey: http://lp.incapsula.com/rs/incapsulainc/images/eBook%20- %20DDoS%20Impact%20Survey.pdf
DD4BC Source: Recorded Future, DD4BC, Armada Collective, and the Rise of Cyber Extortion; https://www.recordedfuture.com/dd4bc-cyber-extortion/
TO PAY OR NOT TO PAY?
KNOWN PAYMENTS NITROGEN SPORTS • EU based sports betting site • Patrons pay in Bitcoin • DDoS Attacks started in September 2014 • Attackers continually asked for 2 BC • Copycats also attacked PROTON MAIL • Swiss encrypted email provider • On November 4th, 2015 they were hit with one of the largest DDoS attacks seen in Europe – 50gbps • Armada Collective demanded $6000 in ransom which was paid • A copycat attacked, hoping to get paid
DETECTION AND RESPONSE •Risk models should include DDoS for ransom •Cost/benefit analysis on DDoS protection services •Update incident response plans •Review and update crisis team members
RANSOMWARE
HOW IT WORKS Image Source: TrendMicro.com
Bad Guy
DETECTION AND RESPONSE
TO PAY OR NOT TO PAY?
TARGETED ATTACKS
ASHLEY MADISON
PAY THE RANSOM?
RISK ANALYSIS
ANATOMY OF A RISK ASSESSMENT Risk Loss Event Frequency Threat Event Frequency Vulnerability Threat Capability Control Strength Loss Magnitude Primary Loss Secondary Loss
RISK ANALYSIS •US-based credit union founded in 2008 •Has on online banking presence with several thousand customers •In 2014, was hit with one DDoS for ransom attack for 30 minutes; response costs were high but no loss of customers •Last attack, we decided to wait it out until the attackers stopped
THREAT EVENT FREQUENCY Threat Event Frequency Method Objectives Resources Limits
VULNERABILITY Vulnerability Threat Capability Control Strength The probability that an asset will be unable to resist the actions of a threat agent. Top 2% Top 16% Average Bottom 16% Bottom 2%
DERIVE RISK Loss Event Frequency 1x to .1x / year Vulnerability Threat Capability Low- Bottom 16% Control Strength Very Low – Only protects against the bottom 2% Probable Loss $40,000 / hour Risk ALE: 9k
RESIDUAL RISK Loss Event Frequency 1x to .1x / year Vulnerability Threat Capability Low- Bottom 16% Control Strength Very High – Protects against all but the top 2% Probable Loss $40,000 / hour Risk ALE: $260
FINAL THOUGHTS •Ransomware can and does happen to anyone – plan for it •Other types of extortion are rare, but model the threats and see if you are fit the target profile •Update your incident response plans & BC/DR plans •A good risk analysis can help execs make better decisions •Have a way for extortionists to contact you •Partner with law enforcement BEFORE something bad happens  do this Monday
QUESTIONS?

Recommended

What is the financial impact of a ransomware attack?
What is the financial impact of a ransomware attack?What is the financial impact of a ransomware attack?
What is the financial impact of a ransomware attack?Globizzcon
 
Stu t18 a
Stu t18 aStu t18 a
Stu t18 aSelectedPresentations
 
Risk management
Risk managementRisk management
Risk managementcclendenen
 
Denial Of Service Attacks (1)
Denial Of Service Attacks (1)Denial Of Service Attacks (1)
Denial Of Service Attacks (1)Waheb Samaraie
 
Modern Cyber Battlefield - Application of COIN Principals to Today's Kinetic ...
Modern Cyber Battlefield - Application of COIN Principals to Today's Kinetic ...Modern Cyber Battlefield - Application of COIN Principals to Today's Kinetic ...
Modern Cyber Battlefield - Application of COIN Principals to Today's Kinetic ...crmcg2007
 
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016TierPoint
 
The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]Radware
 
Luncheon 2015-08-20 - Multi-vector DDOS Attacks Detection and Mitigation by P...
Luncheon 2015-08-20 - Multi-vector DDOS Attacks Detection and Mitigation by P...Luncheon 2015-08-20 - Multi-vector DDOS Attacks Detection and Mitigation by P...
Luncheon 2015-08-20 - Multi-vector DDOS Attacks Detection and Mitigation by P...North Texas Chapter of the ISSA
 

Recommended

What is the financial impact of a ransomware attack?
What is the financial impact of a ransomware attack?What is the financial impact of a ransomware attack?
What is the financial impact of a ransomware attack?Globizzcon
 
Stu t18 a
Stu t18 aStu t18 a
Stu t18 aSelectedPresentations
 
Risk management
Risk managementRisk management
Risk managementcclendenen
 
Denial Of Service Attacks (1)
Denial Of Service Attacks (1)Denial Of Service Attacks (1)
Denial Of Service Attacks (1)Waheb Samaraie
 
Modern Cyber Battlefield - Application of COIN Principals to Today's Kinetic ...
Modern Cyber Battlefield - Application of COIN Principals to Today's Kinetic ...Modern Cyber Battlefield - Application of COIN Principals to Today's Kinetic ...
Modern Cyber Battlefield - Application of COIN Principals to Today's Kinetic ...crmcg2007
 
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016TierPoint
 
The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]Radware
 
Luncheon 2015-08-20 - Multi-vector DDOS Attacks Detection and Mitigation by P...
Luncheon 2015-08-20 - Multi-vector DDOS Attacks Detection and Mitigation by P...Luncheon 2015-08-20 - Multi-vector DDOS Attacks Detection and Mitigation by P...
Luncheon 2015-08-20 - Multi-vector DDOS Attacks Detection and Mitigation by P...North Texas Chapter of the ISSA
 
Security
SecuritySecurity
SecurityDick Pirozzolo, APR
 
types of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptxtypes of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptxtaufiq463421
 
DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015Andrzej Bartosiewicz
 
Malware attack Social engineering attack
Malware attack Social engineering attackMalware attack Social engineering attack
Malware attack Social engineering attacktaufiq463421
 
Cyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVCyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVIftach Ian Amit
 
2012 Global Application and Network Security Report
2012 Global Application and Network Security Report2012 Global Application and Network Security Report
2012 Global Application and Network Security ReportRadware
 
Cyber Security Briefing for Beginners
Cyber Security Briefing for BeginnersCyber Security Briefing for Beginners
Cyber Security Briefing for BeginnersIstván Lőrincz
 
DDoS Hurts Everyone
DDoS Hurts EveryoneDDoS Hurts Everyone
DDoS Hurts EveryoneDNS Made Easy
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)OnRamp
 
Akamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalAkamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalCheryl Goldberg
 
InfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarInfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarRadware
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approachEC-Council
 
Web Attack Survival Guide
Web Attack Survival GuideWeb Attack Survival Guide
Web Attack Survival Guide- Mark - Fullbright
 
A Responder's Guide to DDoS Attacks: Seeing Clearly Through the Smoke
A Responder's Guide to DDoS Attacks: Seeing Clearly Through the SmokeA Responder's Guide to DDoS Attacks: Seeing Clearly Through the Smoke
A Responder's Guide to DDoS Attacks: Seeing Clearly Through the SmokeNeustar, Inc.
 
Brooks18
Brooks18Brooks18
Brooks18Chuck Brooks
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk AssessmentResolver Inc.
 
Information Security Basics.pptx
Information Security Basics.pptxInformation Security Basics.pptx
Information Security Basics.pptxRon Price
 
Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017Morakinyo Animasaun
 
Zero Trust.pptx
Zero Trust.pptxZero Trust.pptx
Zero Trust.pptxThavaselviMunusamy1
 
Protecting your business from ddos attacks
Protecting your business from ddos attacksProtecting your business from ddos attacks
Protecting your business from ddos attacksSaptha Wanniarachchi
 
Incentivizing Better Risk Decisions - Lessons from Rogue Actuaries - SIRAcon ...
Incentivizing Better Risk Decisions - Lessons from Rogue Actuaries - SIRAcon ...Incentivizing Better Risk Decisions - Lessons from Rogue Actuaries - SIRAcon ...
Incentivizing Better Risk Decisions - Lessons from Rogue Actuaries - SIRAcon ...Tony Martin-Vegue
 
How to Lie with Statistics, Information Security Edition
How to Lie with Statistics, Information Security EditionHow to Lie with Statistics, Information Security Edition
How to Lie with Statistics, Information Security EditionTony Martin-Vegue
 

More Related Content

Similar to Can cyber extortion happen to you? Practical tools for assessing the threat

types of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptxtypes of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptxtaufiq463421
 
Malware attack Social engineering attack
Malware attack Social engineering attackMalware attack Social engineering attack
Malware attack Social engineering attacktaufiq463421
 
Cyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVCyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVIftach Ian Amit
 
2012 Global Application and Network Security Report
2012 Global Application and Network Security Report2012 Global Application and Network Security Report
2012 Global Application and Network Security ReportRadware
 
Cyber Security Briefing for Beginners
Cyber Security Briefing for BeginnersCyber Security Briefing for Beginners
Cyber Security Briefing for BeginnersIstván Lőrincz
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)OnRamp
 
Akamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalAkamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalCheryl Goldberg
 
InfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarInfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarRadware
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approachEC-Council
 
A Responder's Guide to DDoS Attacks: Seeing Clearly Through the Smoke
A Responder's Guide to DDoS Attacks: Seeing Clearly Through the SmokeA Responder's Guide to DDoS Attacks: Seeing Clearly Through the Smoke
A Responder's Guide to DDoS Attacks: Seeing Clearly Through the SmokeNeustar, Inc.
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk AssessmentResolver Inc.
 
Information Security Basics.pptx
Information Security Basics.pptxInformation Security Basics.pptx
Information Security Basics.pptxRon Price
 
Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017Morakinyo Animasaun
 
Protecting your business from ddos attacks
Protecting your business from ddos attacksProtecting your business from ddos attacks
Protecting your business from ddos attacksSaptha Wanniarachchi
 

Similar to Can cyber extortion happen to you? Practical tools for assessing the threat (20)

Security
SecuritySecurity
Security
 
types of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptxtypes of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptx
 
DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015
 
Malware attack Social engineering attack
Malware attack Social engineering attackMalware attack Social engineering attack
Malware attack Social engineering attack
 
Cyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVCyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLV
 
2012 Global Application and Network Security Report
2012 Global Application and Network Security Report2012 Global Application and Network Security Report
2012 Global Application and Network Security Report
 
Cyber Security Briefing for Beginners
Cyber Security Briefing for BeginnersCyber Security Briefing for Beginners
Cyber Security Briefing for Beginners
 
DDoS Hurts Everyone
DDoS Hurts EveryoneDDoS Hurts Everyone
DDoS Hurts Everyone
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)
 
Akamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalAkamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_Final
 
InfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarInfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber War
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approach
 
Web Attack Survival Guide
Web Attack Survival GuideWeb Attack Survival Guide
Web Attack Survival Guide
 
A Responder's Guide to DDoS Attacks: Seeing Clearly Through the Smoke
A Responder's Guide to DDoS Attacks: Seeing Clearly Through the SmokeA Responder's Guide to DDoS Attacks: Seeing Clearly Through the Smoke
A Responder's Guide to DDoS Attacks: Seeing Clearly Through the Smoke
 
Brooks18
Brooks18Brooks18
Brooks18
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk Assessment
 
Information Security Basics.pptx
Information Security Basics.pptxInformation Security Basics.pptx
Information Security Basics.pptx
 
Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017
 
Zero Trust.pptx
Zero Trust.pptxZero Trust.pptx
Zero Trust.pptx
 
Protecting your business from ddos attacks
Protecting your business from ddos attacksProtecting your business from ddos attacks
Protecting your business from ddos attacks
 

More from Tony Martin-Vegue

Incentivizing Better Risk Decisions - Lessons from Rogue Actuaries - SIRAcon ...
Incentivizing Better Risk Decisions - Lessons from Rogue Actuaries - SIRAcon ...Incentivizing Better Risk Decisions - Lessons from Rogue Actuaries - SIRAcon ...
Incentivizing Better Risk Decisions - Lessons from Rogue Actuaries - SIRAcon ...Tony Martin-Vegue
 
How to Lie with Statistics, Information Security Edition
How to Lie with Statistics, Information Security EditionHow to Lie with Statistics, Information Security Edition
How to Lie with Statistics, Information Security EditionTony Martin-Vegue
 
Crowdsourced Probability Estimates: A Field Guide (FAIR Institute)
Crowdsourced Probability Estimates: A Field Guide (FAIR Institute)Crowdsourced Probability Estimates: A Field Guide (FAIR Institute)
Crowdsourced Probability Estimates: A Field Guide (FAIR Institute)Tony Martin-Vegue
 
Cybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyCybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyTony Martin-Vegue
 
Crowdsourced Probability Estimates: A Field Guide
Crowdsourced Probability Estimates: A Field GuideCrowdsourced Probability Estimates: A Field Guide
Crowdsourced Probability Estimates: A Field GuideTony Martin-Vegue
 
Ransomware & Game Theory: To Pay, or Not to Pay?
Ransomware & Game Theory: To Pay, or Not to Pay?Ransomware & Game Theory: To Pay, or Not to Pay?
Ransomware & Game Theory: To Pay, or Not to Pay?Tony Martin-Vegue
 
Should I Pay or Should I Go? Game Theory and Ransomware
Should I Pay or Should I Go? Game Theory and RansomwareShould I Pay or Should I Go? Game Theory and Ransomware
Should I Pay or Should I Go? Game Theory and RansomwareTony Martin-Vegue
 
Measuring DDoS Risk using FAIR (Factor Analysis of Information Risk
Measuring DDoS Risk using FAIR (Factor Analysis of Information RiskMeasuring DDoS Risk using FAIR (Factor Analysis of Information Risk
Measuring DDoS Risk using FAIR (Factor Analysis of Information RiskTony Martin-Vegue
 
How to Lie with Statistics, Information Security Edition
How to Lie with Statistics, Information Security EditionHow to Lie with Statistics, Information Security Edition
How to Lie with Statistics, Information Security EditionTony Martin-Vegue
 
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingHow to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingTony Martin-Vegue
 

More from Tony Martin-Vegue (10)

Incentivizing Better Risk Decisions - Lessons from Rogue Actuaries - SIRAcon ...
Incentivizing Better Risk Decisions - Lessons from Rogue Actuaries - SIRAcon ...Incentivizing Better Risk Decisions - Lessons from Rogue Actuaries - SIRAcon ...
Incentivizing Better Risk Decisions - Lessons from Rogue Actuaries - SIRAcon ...
 
How to Lie with Statistics, Information Security Edition
How to Lie with Statistics, Information Security EditionHow to Lie with Statistics, Information Security Edition
How to Lie with Statistics, Information Security Edition
 
Crowdsourced Probability Estimates: A Field Guide (FAIR Institute)
Crowdsourced Probability Estimates: A Field Guide (FAIR Institute)Crowdsourced Probability Estimates: A Field Guide (FAIR Institute)
Crowdsourced Probability Estimates: A Field Guide (FAIR Institute)
 
Cybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyCybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrency
 
Crowdsourced Probability Estimates: A Field Guide
Crowdsourced Probability Estimates: A Field GuideCrowdsourced Probability Estimates: A Field Guide
Crowdsourced Probability Estimates: A Field Guide
 
Ransomware & Game Theory: To Pay, or Not to Pay?
Ransomware & Game Theory: To Pay, or Not to Pay?Ransomware & Game Theory: To Pay, or Not to Pay?
Ransomware & Game Theory: To Pay, or Not to Pay?
 
Should I Pay or Should I Go? Game Theory and Ransomware
Should I Pay or Should I Go? Game Theory and RansomwareShould I Pay or Should I Go? Game Theory and Ransomware
Should I Pay or Should I Go? Game Theory and Ransomware
 
Measuring DDoS Risk using FAIR (Factor Analysis of Information Risk
Measuring DDoS Risk using FAIR (Factor Analysis of Information RiskMeasuring DDoS Risk using FAIR (Factor Analysis of Information Risk
Measuring DDoS Risk using FAIR (Factor Analysis of Information Risk
 
How to Lie with Statistics, Information Security Edition
How to Lie with Statistics, Information Security EditionHow to Lie with Statistics, Information Security Edition
How to Lie with Statistics, Information Security Edition
 
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingHow to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
 

Recently uploaded

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 

Recently uploaded (20)

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 

Can cyber extortion happen to you? Practical tools for assessing the threat

  • 3. AGENDA •What is extortion? •DDoS for ransom •Ransomware •Targeted victims (Sony, Ashley Madison) •Assessing the risk at your company
  • 5. LEGAL DEFINITION ”The obtaining of property from another induced by wrongful use of actual or threatened force, violence, or fear, or under color of official right.” - 18 U.S.C.A. §871 et seq.; §1951
  • 8. Attack website with a small and short attack Simultaneous attack on others in the sector Send a ransom note demanding payment Increase DDoS attack intensity/duration OR move on ANATOMY OF AN ATTACK
  • 9. WHY DOES IT WORK? ATTACKER • Attack is Very low cost per hour • Can attack multiple websites in the time allotted • Scalable – can scale up in bandwidth to make a point or scale down to save costs • The attacker knows what they are capable of (information asymmetry) DEFENDER • Costs a company on average of $40,000 an hour1 • Can be only or primary source of revenue • Reputational issues • Have no idea if attack is isolated or worst nightmare 1 Source: Incapsula DDoS Survey: http://lp.incapsula.com/rs/incapsulainc/images/eBook%20- %20DDoS%20Impact%20Survey.pdf
  • 10. DD4BC Source: Recorded Future, DD4BC, Armada Collective, and the Rise of Cyber Extortion; https://www.recordedfuture.com/dd4bc-cyber-extortion/
  • 11. TO PAY OR NOT TO PAY?
  • 12. KNOWN PAYMENTS NITROGEN SPORTS • EU based sports betting site • Patrons pay in Bitcoin • DDoS Attacks started in September 2014 • Attackers continually asked for 2 BC • Copycats also attacked PROTON MAIL • Swiss encrypted email provider • On November 4th, 2015 they were hit with one of the largest DDoS attacks seen in Europe – 50gbps • Armada Collective demanded $6000 in ransom which was paid • A copycat attacked, hoping to get paid
  • 13. DETECTION AND RESPONSE •Risk models should include DDoS for ransom •Cost/benefit analysis on DDoS protection services •Update incident response plans •Review and update crisis team members
  • 15. HOW IT WORKS Image Source: TrendMicro.com
  • 16.
  • 17.
  • 19.
  • 21. TO PAY OR NOT TO PAY?
  • 23.
  • 27. ANATOMY OF A RISK ASSESSMENT Risk Loss Event Frequency Threat Event Frequency Vulnerability Threat Capability Control Strength Loss Magnitude Primary Loss Secondary Loss
  • 28. RISK ANALYSIS •US-based credit union founded in 2008 •Has on online banking presence with several thousand customers •In 2014, was hit with one DDoS for ransom attack for 30 minutes; response costs were high but no loss of customers •Last attack, we decided to wait it out until the attackers stopped
  • 30. VULNERABILITY Vulnerability Threat Capability Control Strength The probability that an asset will be unable to resist the actions of a threat agent. Top 2% Top 16% Average Bottom 16% Bottom 2%
  • 31. DERIVE RISK Loss Event Frequency 1x to .1x / year Vulnerability Threat Capability Low- Bottom 16% Control Strength Very Low – Only protects against the bottom 2% Probable Loss $40,000 / hour Risk ALE: 9k
  • 32. RESIDUAL RISK Loss Event Frequency 1x to .1x / year Vulnerability Threat Capability Low- Bottom 16% Control Strength Very High – Protects against all but the top 2% Probable Loss $40,000 / hour Risk ALE: $260
  • 33. FINAL THOUGHTS •Ransomware can and does happen to anyone – plan for it •Other types of extortion are rare, but model the threats and see if you are fit the target profile •Update your incident response plans & BC/DR plans •A good risk analysis can help execs make better decisions •Have a way for extortionists to contact you •Partner with law enforcement BEFORE something bad happens  do this Monday