Thinking Like They Do: An Inside Look At Cybercriminal Operations

•Download as PPTX, PDF•

0 likes•1,074 views

Thinkinl Like They Do: An Inside Look at Cybercriminal Operations Slides of my #IACAC15 talk on understanding and mitigating spamming botnets

Thinking Like They Do:
An Inside Look at Cybercriminal Operations
Gianluca Stringhini
University College London

Cybercrime is a growing problem
An Inside Look at Cybercriminal Operations 2

Cybercrime is a growing problem
An Inside Look at Cybercriminal Operations 3

Cybercrime is a growing problem
An Inside Look at Cybercriminal Operations 4
Source: Levchenko et al. 2011

Spammer
Anatomy of a spam operation
An Inside Look at Cybercriminal Operations 5
Harvester
Botmaster

How can we effectively disrupt
spamming botnets?
We need to get a better understanding of these
cybercriminal operations
Over the last years we have been studying spamming
botnets by
• Observing the actors involved
• Getting an inside look into a real botnet
An Inside Look at Cybercriminal Operations 6

Fingerprinting a spam operation
An Inside Look at Cybercriminal Operations 7
The actors in the underground market are
linked by long-lasting trust relations
More details in “The Harvester, the Botmaster, and the Spammer: On the Relations
Between the Different Actors in the Spam Landscape” from AsiaCCS 2014

Spammers buy bots in different
countries – Lethic
An Inside Look at Cybercriminal Operations 8

Spammers buy bots in different
countries - Cutwail
An Inside Look at Cybercriminal Operations 9

An inside look into a
real spamming botnet
An Inside Look at Cybercriminal Operations 10

The Cutwail takedown
In 2010 we participated in an attempted takedown –
we tried to disrupt the botnet by seizing the C&C
servers
We obtained access to 24 C&C servers
• 30% of the botnet
• Each server rent by a different spammer
• Detailed statistics on the spammers’ campaigns
An Inside Look at Cybercriminal Operations 11

Some Statistics
The logs of the C&C servers contained information about
• 9 spammers who rented one or more C&Cs
• More than 2M bot IP addresses
• More than 500B spam emails sent
An Inside Look at Cybercriminal Operations 12
The performance of spam operations varies a
lot: the most successful spammer sent 7B emails
per day, the least successful only 5.5M
More details in “The Underground Economy of Spam: A Botmaster’s Perspective
of Coordinating Large-Scale Spam Campaigns” from LEET 2011

Botnets need to be efficient
engineering systems
An Inside Look at Cybercriminal Operations 13
Additional constraints:
• Infected computers are usually on bad Internet connections
• Adversarial actions can severely disrupt the botnet (victims cleaning up infected
computers, law enforcement seizing control servers)

If we identify the elements
that make a botnet work
well, we can develop better
mitigation techniques
An Inside Look at Cybercriminal Operations 14

Spammers split an email list among
many bots – we can use this to find
additional bots!
An Inside Look at Cybercriminal Operations 15
More details in “BotMagnifier: Detecting Spambots on the Internet” from USENIX 2011

What makes a spam operation
successful?
Good “housekeeping”
• Clean up email lists for non-existing addresses
• Limit bots to 5,000 at most
Bots have bad Internet connections
Instruct bots to retry sending emails multiple times
Interesting fact: the geographic location of bots does not
influence the performance of the botnet!
An Inside Look at Cybercriminal Operations 16
More details in “The Tricks of the Trade: What Makes Spam Campaigns
Successful?” from IWCC 2014

Possible mitigations
Tamper with spammers cleaning up email lists
[Stringhini et al., USENIX 2012]
Exhausting the C&C’s bandwidth by connecting fake bots
[Work in progress]
Use network errors for spam detection
[Kakavelakis et al., LISA 2011]
An Inside Look at Cybercriminal Operations 17

Conclusions
Cybercrime is a worldwide phenomenon, and we need
effective countermeasures to fight it
Botnets can be modeled as a distributed systems, and
mitigations can be designed to make such distributed
system perform poorly
Other types of cybercriminal operations require different
techniques
• Identity theft
• Ransomware
• Financial fraud
An Inside Look at Cybercriminal Operations 18

Questions?
g.stringhini@ucl.ac.uk
@gianluca_string

Cyber crime is criminal activity done using computers and the Internet. This includes anything from downloading illegal music files to stealing millions of dollars from online bank accounts. Cyber crime also includes non-monetary offenses, such as creating and distributing viruses on other computers or posting confidential business information on the Internet. Debarati Halder and Dr. K. Jaishankar (2011) defines Cybercrimes as: "Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm to the victim directly or indirectly, using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS)". Such crimes may threaten a nation’s security and financial health. Issues surrounding these types of crimes have become high-profile, particularly those surrounding cracking, copyright infringement, child pornography, and child grooming. Spam, Phishing, Threats, Malware, Viruses, Data Breaches, Identity theft.... Cyber crime

Combatting cyberterrorism

kelvingg

Cyber terrorismAltacit Global

Cyber Terrorism

loverakk187

CYBER TERRORISM

Tejesh Dhaypule

Spam is a profitable business for cybercriminals, with the revenue of a spam campaign that can be in the order of millions of dollars. For this reason, a wealth of research has been performed on understanding how spamming botnets operate, as well as what the economic model behind spam looks like. Running a spamming botnet is a complex task: the spammer needs to manage the infected machines, the spam content being sent, and the email addresses to be targeted, among the rest. In this paper, we try to understand which factors influence the spam delivery process and what characteristics make a spam campaign successful. To this end, we analyzed the data stored on a number of command and control servers of a large spamming botnet, together with the guidelines and suggestions that the botnet creators provide to spammers to improve the performance of their botnet.

How To Protect Your Website From Bot Attacks

London School of Cyber Security

What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...

Jeremiah Onaolapo

Understanding the Botnet Phenomenon

Dr. Amarjeet Singh

Internet threats have increased manifold with the arrival of botnets. Many organizations worldwide and the social networks have been affected by botnets. Numerous researches have been carried to understand the concept of bots, C&C channels, botnet and botmasters. These botnets have been able to update itself regularly which makes them very difficult to be detected. The purpose of this paper is to understand the of behavior of botnets and its affect on the virtual world. The paper has also analyzed the types of botnets, lifecycle and elements of botnets.

cyber crime technology

Binu p jayan

As computer forensic investigators we are asked to take an image of .pdf

annammalassociates

As computer forensic investigators we are asked to take an image of a hard dr ive, preserve it for evidentiary integrity and then perform a detailed analys is on what we found. Sometimes the obvious isn’t so obvious anymore. When the guilt or innocence of a person, their reputation, their standing in the community, their jobs, their liveli hood, civil action (which translates to money) and possibly jail time hang in the balanc e it is important to perform a detailed an accurate assessment that looks at all possibl e scenarios. There is the common scenario where the bad guys are using zombies or bots (small computer programs residing on a computer and controlled by someone else) to ext ort money from others. According to Symantec, the city of Winsford in Cheshire is the world’s second biggest hotspot for zombies, followed by Seoul in Korea. The anit-virus company estimates that nearly a third of between one and two million computers worldwide infected with the bot software are now located in the UK. In a Sept 19 2005 article in TechWorld entitled “Zombies take hold of London”, the article detail s how zombie computers have become a weapon of choice for spammers and phishers as well a s attackers looking to swamp a victim’s server with a distributed denial of servi ce attack. Take BetCBSports.com. In an Information Week article they tell of how the y received an email one day which said, “You have 3 choices. You can make a deal with us now before the attacks start. You can make a deal with us whey you are under attack. You can ig nore us and plan on losing your Internet business”. This type of distributed denial of service attack (DDos) is becoming increasingly popular against businesses that rel y completely on the internet for their source of revenue. Typically the amount of money asked for is relatively small in comparison with the lost revenues the company could expect a s a result of being down. More times than not the extortion fee is paid. For those that don’t pay, it is an endless battle of bandwidth. The more bots the extortionist control, the more bandwidth they can pump into the DDos attack. The more bandwidth they throw at the site, the more bandwidth you need to combat them. Solution As computer forensic investigators we are asked to take an image of a hard dr ive, preserve it for evidentiary integrity and then perform a detailed analys is on what we found. Sometimes the obvious isn’t so obvious anymore. When the guilt or innocence of a person, their reputation, their standing in the community, their jobs, their liveli hood, civil action (which translates to money) and possibly jail time hang in the balanc e it is important to perform a detailed an accurate assessment that looks at all possibl e scenarios. There is the common scenario where the bad guys are using zombies or bots (small computer programs residing on a computer and controlled by someone else) to ext ort money from others. According to Symantec, the city of Winsford i.

A Survey of Botnet Detection Techniques

ijsrd.com

Botnets are emerging as the most serious threat against cyber-security as they provide a distributed platform for several illegal activities such as launching distributed denial of service attacks against critical targets, malware dissemination, phishing, and click fraud. The defining characteristic of botnets is the use of command and control channels through which they can be updated and directed. Recently, botnet detection has been an interesting research topic related to cyber-threat and cyber-crime prevention. This paper is a survey of botnet and botnet detection. The survey clarifies botnet phenomenon and discusses botnet detection techniques. This survey classifies botnet detection techniques into four classes: signature-based, anomaly-based, DNS-based, and mining-base.

CYBERCRIME AND THE JUDICIAL SERVICE .docx

MARRY7

CYBERCRIME AND THE JUDICIAL SERVICE 1 CYBERCRIME AND THE JUDICIAL SERVICE 2 Cybercrime and the Judicial Service Outline 1. Introduction: Defining cybercrime and providing some background information about it. · The introduction and innovation of the internet greatly transformed the world positively and negatively. · Positively, the internet improved communication, created a mechanism for automation, reduced labor costs and positively influence people’s standards of living through information. · Negatively, the internet paired a way for cultural exchanged and resulted to cybercrimes and cyber fraud. · By definition, cyber-crime refers to criminal act that occurs over the internet and via illegal and unethical use of both the internet and the computer. 2. Thesis statement: Currently, the criminal justice system should enact tough cybercrime laws and punishment because cases of cyber fraud have been tremendously rising. 3. Body: Discuss in-depth about cyber-crime, cyber fraud and how they occur. Cover issues like: · Cyber-crime communities as factors contributing to high instances of cyber frauds · Cyber-crime markets as factors contributing to high instances of cyber frauds · Cyber Fraud and give past examples of banks being hacked, corporate networks being compromised, distributed denial of service attacks, identity theft, etc. · How the criminal Justice responds to cyber-crimes. Analyze the current cyber-crime laws, penalties, jail sentences. · For instance: The criminal justice system response to cybercrime is the approach and advancement of the field of computerized legal sciences, which has its roots in information recuperation routines. · That is, computerized legal sciences has advanced into a field of intricate, controlled methodology that consider close constant examination prompting precise criticism. · Such examination permits people in criminal justice to track the progressions and key issues that are relevant to great examination of cybercrime. · Provide amendments on how to carb the rising rates of cybercrime. 4. Conclusion: A general Summary about the paper. · This is summary of the whole paper, restating the thesis statement. · It is true that cases of cybercrime has been on the rise. · For instance, cases of identity theft, attempted hacking of banks, unexplained losses of finances in customer bank accounts are common examples. These have been promoted by cyber-crime communities and cybercrime markets. · However, the judicial system is actively enacting and enforcing stout laws to prevent and reduced such high rates of cyber-crime. Reference List Curtis, G. (2011). The Law of Cyber-crimes and their Investigations. Boca Raton: CRC Press. Howard, R. (2009). Cyber Fraud: Tactics, Techniques and Procedures. Boca Raton: CR ...

Tracing Back The Botmaster

IJERA Editor

Nowadays, cyber-attacks from botnets are increasing at a faster rate than any other malware spread. Detecting the botmaster who commands the tasks has become more difficult. Most of the detecting methods are based on the features of any communication protocol or the history of the network traffic. In this paper, a rational approach is brought for the live detection of the botmaster in the internal network. The victim machine monitors its packets and compromises the bots in the network and finds the traces to the botmaster. This approach works independent of the structure of the botnet, and will be a better option for online detection of the botmaster.

It act and cyber crime

Dheeraj Dani

Cyber crime

Mahabubur Rahman

Guarding Against Large-Scale Scrabble In Social Network

Editor IJCATR

Generally, the botnet is one of the most dangerous threats in the network. It has number attackers in the network. The attacker consists of DDOS attack, remote attack, etc., Bots perform perform repetitive tasks automatically or on a schedule over the internet, tasks that would be too mundane or time-consuming for an actual person. But the botnets have stealthy behavior as they are very difficult to identify. These botnets have to be identified and the internet have to be protected. Also the the activity of botnets must be prevented to provide the users, a reliable service. The past of botnet detection has a transaction process which is not secure. A efficient stastical data classifier is required to train the botent preventions system. To provide the above features clustering based analysis is done. our approach can detect and profile various P2P applications rather than identifying a specific P2P application. Anomaly based detection technique is used to obtain this goal.

Detection of Botnets using Honeypots and P2P Botnets

CSCJournals

A “botnet” is a group of compromised computers connected to a network, which can be used for both recognition and illicit financial gain; controlled by an attacker (bot-herder). Among the counter measures proposed in the recent developments is the “Honeypot”. The attacker who would be aware of the Honeypot would take adequate steps to maintain the botnet, hence attack the Honeypot (Infected Honeypot). In this paper we propose a method to remove the infected Honeypot by Constructing a Peer-to-peer structured botnet which would detect the uninfected Honeypot and use it to detect botnets originally used by the attacker. Our simulation shows that this method is very effective and can detect the botnets that are intended to malign the network.

Cyber crime reportRonson Calvin Fernandes

The Spammer, the Botmaster, and the Researcher: On the Arms Race in Spamming ...

Gianluca Stringhini

Unsolicited bulk email, or spam, accounts for more than 90% of worldwide email traffic. The underground economy behind email spam is prosperous, and involves parties located in many parts of the world. Nowadays, most spam is sent by botnets, which are large networks of compromised computers that act under the control of a single entity, called a botmaster. Security researchers have entered an arms race with spammers and botmasters. The goal of researchers is to secure networks and prevent malicious operations from happening, while the goal of cybercriminals is to keep their business up and running. In this talk I will analyze the outcome of this arms race. On one side, I will talk about the different levels of sophistication the botmasters developed to make their network resilient to take down attempts. On the research side, I will analyze the approaches proposed to prevent machines from being infected, identifying compromised ones, and disrupting command and control structures. In particular, I will focus on the shortcomings of previous approaches, as well as open problems in the area and the areas that have not been studied yet.

Mcs2453 aniq mc101053-assignment1

Aniq Eastrarulkhair

The Dark web - Why the hidden part of the web is even more dangerous?

Pierluigi Paganini

Cyber crime and issues

Roshan Mastana

A Dynamic Botnet Detection Model based on Behavior Analysis

idescitation

Today different types of malware exist in the Internet. Among them one of the malware is known as botnet which is frequently used for many cyber attacks and crimes in the Internet. Currently botnets are the main rootcause for several illegal activities like spamming, DDoS, click fraud etc. Botnets operate under the command and control(C&C) infrastructure which makes its functioning unique. As long as the Internet exists botnet also will exist. It can be used to perpetrate many Internet crimes. So fighting against them is a challenging problem. The P2P-decentralized based botnets are more dangerous than centralized botnets. In this paper a novel approach for the detection of P2P based botnet is presented. The proposed approach for the detection of botnet in the network stream analysis has been done in three phases. The first phase begins with the identification of P2P node and the second phase deals with the clustering of the suspicious P2P node. Finally botnet detection procedure has been applied which is based on stability of bots. Experimental results show that the proposed approach detects more number of bots with high accuracy.

Cyber crime

Debayon Saha

EvilCohort: Detecting Communities of Malicious Accounts on Online Services

Gianluca Stringhini

Cybercriminals misuse accounts on online services (e.g., webmails and online social networks) to perform malicious activity, such as spreading malicious content or stealing sensitive information. In this paper, we show that accounts that are accessed by botnets are a popular choice by cybercriminals. Since botnets are composed of a finite number of infected computers, we observe that cybercriminals tend to have their bots connect to multiple online accounts to perform malicious activity. We present EVILCOHORT, a system that detects online accounts that are accessed by a common set of infected machines. EVILCOHORT only needs the mapping between an online account and an IP address to operate, and can therefore detect malicious accounts on any online service (webmail services, online social networks, storage services) regardless of the type of malicious activity that these accounts perform. Unlike previous work, our system can identify malicious accounts that are controlled by botnets but do not post any malicious content (e.g., spam) on the service. We evaluated EVILCOHORT on multiple online services of different types (a webmail service and four online social networks), and show that it accurately identifies malicious accounts.

That Ain't You: Detecting Spearphishing Through Behavioral Modelling

Gianluca Stringhini

One of the ways in which attackers steal sensitive information from corporations is by sending spearphishing emails. A typical spearphishing email appears to be sent by one of the victim's coworkers or business partners, but has instead been crafted by the attacker. A particularly insidious type of spearphishing emails are the ones that do not only claim to be written by a certain person, but are also sent by that person's email account, which has been compromised. Spearphishing emails are very dangerous for companies, because they can be the starting point to a more sophisticated attack or cause intellectual property theft, and lead to high financial losses. Currently, there are no effective systems to protect users against such threats. Existing systems leverage adaptations of anti-spam techniques. However, these techniques are often inadequate to detect spearphishing attacks. The reason is that spearphishing has very different characteristics from spam and even traditional phishing. To fight the spearphishing threat, we propose a change of focus in the techniques that we use for detecting malicious emails: instead of looking for features that are indicative of attack emails, we look for emails that claim to have been written by a certain person within a company, but were actually authored by an attacker. We do this by modelling the email-sending behavior of users over time, and comparing any subsequent email sent by their accounts against this model. Our approach can block advanced email attacks that traditional protection systems are unable to detect, and is an important step towards detecting advanced spearphishing attacks.

Similar to Thinking Like They Do: An Inside Look At Cybercriminal Operations

The Tricks of the Trade: What Makes Spam Campaigns Successful?

Gianluca Stringhini

How To Protect Your Website From Bot Attacks

London School of Cyber Security

What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...

Jeremiah Onaolapo

Understanding the Botnet Phenomenon

Dr. Amarjeet Singh

cyber crime technology

Binu p jayan

As computer forensic investigators we are asked to take an image of .pdf

annammalassociates

A Survey of Botnet Detection Techniques

ijsrd.com

CYBERCRIME AND THE JUDICIAL SERVICE .docx

MARRY7

Tracing Back The Botmaster

IJERA Editor

It act and cyber crime

Dheeraj Dani

Cyber crime

Mahabubur Rahman

Guarding Against Large-Scale Scrabble In Social Network

Editor IJCATR

Detection of Botnets using Honeypots and P2P Botnets

CSCJournals

Cyber crime reportRonson Calvin Fernandes

The Spammer, the Botmaster, and the Researcher: On the Arms Race in Spamming ...

Gianluca Stringhini

Mcs2453 aniq mc101053-assignment1

Aniq Eastrarulkhair

The Dark web - Why the hidden part of the web is even more dangerous?

Pierluigi Paganini

Cyber crime and issues

Roshan Mastana

A Dynamic Botnet Detection Model based on Behavior Analysis

idescitation

Cyber crime

Debayon Saha

Similar to Thinking Like They Do: An Inside Look At Cybercriminal Operations (20)

The Tricks of the Trade: What Makes Spam Campaigns Successful?

How To Protect Your Website From Bot Attacks

What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...

Understanding the Botnet Phenomenon

cyber crime technology

As computer forensic investigators we are asked to take an image of .pdf

A Survey of Botnet Detection Techniques

CYBERCRIME AND THE JUDICIAL SERVICE .docx

Tracing Back The Botmaster

It act and cyber crime

Cyber crime

Guarding Against Large-Scale Scrabble In Social Network

Detection of Botnets using Honeypots and P2P Botnets

Cyber crime report

The Spammer, the Botmaster, and the Researcher: On the Arms Race in Spamming ...

Mcs2453 aniq mc101053-assignment1

The Dark web - Why the hidden part of the web is even more dangerous?

Cyber crime and issues

A Dynamic Botnet Detection Model based on Behavior Analysis

Cyber crime

More from Gianluca Stringhini

EvilCohort: Detecting Communities of Malicious Accounts on Online Services

Gianluca Stringhini

That Ain't You: Detecting Spearphishing Through Behavioral Modelling

Gianluca Stringhini

The Harvester, the Botmaster, and the Spammer: On the Relations Between the D...Gianluca Stringhini

Shady Paths: Leveraging Surfing Crowds to Detect Malicious Web Pages

Gianluca Stringhini

Follow the Green: Growth and Dynamics on Twitter Follower Markets

Gianluca Stringhini

The users of microblogging services, such as Twitter, use the count of followers of an account as a measure of its reputation or influence. For those unwilling or unable to attract followers naturally, a growing industry of “Twitter follower markets” provides followers for sale. Some markets use fake accounts to boost the follower count of their customers, while others rely on a pyramid scheme to turn non-paying customers into followers for each other, and into followers for paying customers. In this paper, we present a detailed study of Twitter Followers Markets, and we show that it is possible to detect users that purchased followers on Twitter.

Detecting Spammers on Social NetworksGianluca Stringhini

BotMagnifier: Locating Spambots on the Internet

Gianluca Stringhini

More from Gianluca Stringhini (7)

EvilCohort: Detecting Communities of Malicious Accounts on Online Services

That Ain't You: Detecting Spearphishing Through Behavioral Modelling

The Harvester, the Botmaster, and the Spammer: On the Relations Between the D...

Shady Paths: Leveraging Surfing Crowds to Detect Malicious Web Pages

Follow the Green: Growth and Dynamics on Twitter Follower Markets

Detecting Spammers on Social Networks

BotMagnifier: Locating Spambots on the Internet

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 6

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI. UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities. Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes. What will you get from this session? 1. Insights into integrating generative AI. 2. Understanding how this integration enhances test automation within the UiPath platform 3. Practical demonstrations 4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath Topics covered: What is generative AI Test Automation with generative AI and Open AI. UiPath integration with generative AI Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

Alex Pruden

This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second). Paper: https://eprint.iacr.org/2023/1886

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...

Neo4j

Dr. Sean Tan, Head of Data Science, Changi Airport Group Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.

Free Complete Python - A step towards Data Science

RinaMondal9

UiPath Test Automation using UiPath Test Suite series, part 5

DianaGray10

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

Communications Mining Series - Zero to Hero - Session 1

DianaGray10

This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered: • Communication Mining Overview • Why is it important? • How can it help today’s business and the benefits • Phases in Communication Mining • Demo on Platform overview • Q/A

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

nkrafacyberclub

Video Streaming: Then, Now, and in the Future

Alpen-Adria-Universität

In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.

Essentials of Automations: The Art of Triggers and Actions in FME

Safe Software

In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation. We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios. Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

Removing Uninteresting Bytes in Software Fuzzing

Aftab Hussain

Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process. In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds. - These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Neo4j

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

Vladimir Iglovikov, Ph.D.

Presented by Vladimir Iglovikov: - https://www.linkedin.com/in/iglovikov/ - https://x.com/viglovikov - https://www.instagram.com/ternaus/ This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation. Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners. This case study covers various aspects, including: People: The contributors and community that have supported Albumentations. Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions. Challenges: The hurdles in monetizing open-source projects and measuring user engagement. Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration. Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community. Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations. Mental Health: Maintaining balance and not feeling pressured by user demands. Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth. Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects. Explore more about Albumentations and join the community at: GitHub: https://github.com/albumentations-team/albumentations Website: https://albumentations.ai/ LinkedIn: https://www.linkedin.com/company/100504475 Twitter: https://x.com/albumentations

GridMate - End to end testing is a critical piece to ensure quality and avoid...

ThomasParaiso2

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Neo4j

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 6

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...

Free Complete Python - A step towards Data Science

UiPath Test Automation using UiPath Test Suite series, part 5

Securing your Kubernetes cluster_ a step-by-step guide to success !

GraphRAG is All You need? LLM & Knowledge Graph

Monitoring Java Application Security with JDK Tools and JFR Events

Communications Mining Series - Zero to Hero - Session 1

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

Video Streaming: Then, Now, and in the Future

Essentials of Automations: The Art of Triggers and Actions in FME

The Art of the Pitch: WordPress Relationships and Sales

Removing Uninteresting Bytes in Software Fuzzing

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

GridMate - End to end testing is a critical piece to ensure quality and avoid...

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Thinking Like They Do: An Inside Look At Cybercriminal Operations

1. Thinking Like They Do: An Inside Look at Cybercriminal Operations Gianluca Stringhini University College London

2. Cybercrime is a growing problem An Inside Look at Cybercriminal Operations 2

3. Cybercrime is a growing problem An Inside Look at Cybercriminal Operations 3

4. Cybercrime is a growing problem An Inside Look at Cybercriminal Operations 4 Source: Levchenko et al. 2011

5. Spammer Anatomy of a spam operation An Inside Look at Cybercriminal Operations 5 Harvester Botmaster

6. How can we effectively disrupt spamming botnets? We need to get a better understanding of these cybercriminal operations Over the last years we have been studying spamming botnets by • Observing the actors involved • Getting an inside look into a real botnet An Inside Look at Cybercriminal Operations 6

7. Fingerprinting a spam operation An Inside Look at Cybercriminal Operations 7 The actors in the underground market are linked by long-lasting trust relations More details in “The Harvester, the Botmaster, and the Spammer: On the Relations Between the Different Actors in the Spam Landscape” from AsiaCCS 2014

8. Spammers buy bots in different countries – Lethic An Inside Look at Cybercriminal Operations 8

9. Spammers buy bots in different countries - Cutwail An Inside Look at Cybercriminal Operations 9

10. An inside look into a real spamming botnet An Inside Look at Cybercriminal Operations 10

11. The Cutwail takedown In 2010 we participated in an attempted takedown – we tried to disrupt the botnet by seizing the C&C servers We obtained access to 24 C&C servers • 30% of the botnet • Each server rent by a different spammer • Detailed statistics on the spammers’ campaigns An Inside Look at Cybercriminal Operations 11

12. Some Statistics The logs of the C&C servers contained information about • 9 spammers who rented one or more C&Cs • More than 2M bot IP addresses • More than 500B spam emails sent An Inside Look at Cybercriminal Operations 12 The performance of spam operations varies a lot: the most successful spammer sent 7B emails per day, the least successful only 5.5M More details in “The Underground Economy of Spam: A Botmaster’s Perspective of Coordinating Large-Scale Spam Campaigns” from LEET 2011

13. Botnets need to be efficient engineering systems An Inside Look at Cybercriminal Operations 13 Additional constraints: • Infected computers are usually on bad Internet connections • Adversarial actions can severely disrupt the botnet (victims cleaning up infected computers, law enforcement seizing control servers)

14. If we identify the elements that make a botnet work well, we can develop better mitigation techniques An Inside Look at Cybercriminal Operations 14

15. Spammers split an email list among many bots – we can use this to find additional bots! An Inside Look at Cybercriminal Operations 15 More details in “BotMagnifier: Detecting Spambots on the Internet” from USENIX 2011

16. What makes a spam operation successful? Good “housekeeping” • Clean up email lists for non-existing addresses • Limit bots to 5,000 at most Bots have bad Internet connections Instruct bots to retry sending emails multiple times Interesting fact: the geographic location of bots does not influence the performance of the botnet! An Inside Look at Cybercriminal Operations 16 More details in “The Tricks of the Trade: What Makes Spam Campaigns Successful?” from IWCC 2014

17. Possible mitigations Tamper with spammers cleaning up email lists [Stringhini et al., USENIX 2012] Exhausting the C&C’s bandwidth by connecting fake bots [Work in progress] Use network errors for spam detection [Kakavelakis et al., LISA 2011] An Inside Look at Cybercriminal Operations 17

18. Conclusions Cybercrime is a worldwide phenomenon, and we need effective countermeasures to fight it Botnets can be modeled as a distributed systems, and mitigations can be designed to make such distributed system perform poorly Other types of cybercriminal operations require different techniques • Identity theft • Ransomware • Financial fraud An Inside Look at Cybercriminal Operations 18

19. Questions? g.stringhini@ucl.ac.uk @gianluca_string

Thinking Like They Do: An Inside Look At Cybercriminal Operations

Recommended

Recommended

More Related Content

Similar to Thinking Like They Do: An Inside Look At Cybercriminal Operations

Similar to Thinking Like They Do: An Inside Look At Cybercriminal Operations (20)

More from Gianluca Stringhini

More from Gianluca Stringhini (7)

Recently uploaded

Recently uploaded (20)

Thinking Like They Do: An Inside Look At Cybercriminal Operations