Cybercrime and Cybersecurity Governance: A Kenyan Perspective
The Future of Hacking
1. The Future of
Hacking
A Review of the Economics, Motivations,
Tools, and Techniques of Cyber
Adversaries
5/7/2016 1Richard S. Smith
2. Agenda
• Battlefield Assessment
• Hacking Economics
• Components of a Hack
• Hacker Traits
• Social Motivators
• Delivery and Transport
• Likely Targets
• Attack Tools
• Hacking R&D
5/7/2016Richard S. Smith 2
3. Battlefield Assessment
• Statista reports over 781 breaches
occurred in 2015 and 169 million sensitive
records were exposed; a 97% increase
from last year
• Ponemon’s 2015 Cost of Data Breach
Report, data breaches cost Financial
companies $259 per user; second highest
average cost per breach by industry
• PwC’s, Global State of Information Security
Survey 2015 reports the cost of global
information security budgets decreased
four percent when compared with 2013;
security spending is stalled at four percent
or less for the past five years
5/14/2016Richard S. Smith 3
4. Hacking Economics
Corporate costs of prevention are increasing
while Hacker cost are decreasing.
• Total cost to hackers for a successful
attack decreased due to:
o Less time to execute successful attacks
o Improvement in hacker tools ($1,300 for sophisticated tools)
o Decrease in the cost of computing power.
• Conversely, annualized cost of breaches
last year was $7.7M with a broad range
$.3M to $65M
• Financial Services and Energy breach
costs are 67% greater (on average) than
other industries
5/14/2016Richard S. Smith 4
5. Components of a Hack
• People
• Motivators
• Transport
• Targets
• Tools or Methods
5/7/2016Richard S. Smith 5
= PMT3
7. Social Motivators
5/14/2016Richard S. Smith 7
Casual Hacking
Fun and Thrill
Curiosity and
Anonymity
Notoriety
Hacktivism or
Moral Compass
Sabotage or
Retaliatory
Property
Destruction
Cyber
Terrorism
Financial Gain
Ransom
Corporate
Espionage
Intelligence
Gathering
51%
29%
19%
1%
8. Delivery and Transport
Delivery Vehicle
• Spear-phishing email
• Phone call (social engineering
and voicemail hacks)
• Reconnaissance or Scanning
for unpatched devices in
target network
Transport Method
• Cell phone
• Internet Cafes
• Home Network (utilize multiple
hops for anonymity)
5/14/2016Richard S. Smith 8
10. Attack Tools (Methods)
5/14/2016Richard S. Smith 10
Attack Methods Probability Severity
Expected
Loss
Malicious Code Moderate High High
Denial of Service Moderate Moderate Moderate
Phishing and Social Engineering Moderate Moderate Moderate
Web-based attacks Moderate Moderate Moderate
Malware High Low Low
Virus, worms, trojans High Low Low
Stolen devices Moderate Low Low
Botnets Moderate Low Low
Malicious insiders Low Low Low
11. Hacking R&D
1. Bitcoin: Criminals will exponentially increase the use of
Bitcoin to collect funds from criminal actions or as
payment for new hacker tools
2. Social Media and Cloud Services: New attack vectors
and platforms will emerge
3. Multi-vector DDoS Attacks: Use of Stressers/Booters will
surpass traditional botnet attacks
4. Internet of Things: Increasing attacks on IoT devices
(ATMs, planes, cars, smart home devices) will consume
the news
5. Mobile attacks: Hackers will increasingly focus on
malware affecting mobile devices and payment
methods
6. Ransomware: Encryption will increasingly be used as a
weapon against its victims
5/14/2016Richard S. Smith 11
12. Malicious Code
• Sophisticated malware borne
from legacy malware
specifically aimed at stealing
banking credentials
• Ransomware encrypts victim’s
files and demands payment for
decryption keys—all while using
Bitcoin to transact payment
• ATM-focused cyber attacks
that do not require skimmers,
but utilize malicious code that
can be loaded directly to the
terminal
5/14/2016Richard S. Smith 12
Hacking R&D
13. Distributed Denial of
Service
• Stresser/booter-based botnets are the
source of a vast majority of DDoS attacks
• DDoS tools rely heavily upon reflection
techniques to generate massive
amounts of traffic
• 56% of all DDoS attacks repeat targets
• China is the top country sourcing DDoS
attacks and the gamer industry is the
most frequent target
5/14/2016Richard S. Smith 13
Hacking R&D
14. Phishing and Social
Engineering
5/14/2016Richard S. Smith 14
• In 2015, 90% of all phishing attacks were targeted at
Financial Services
• Spear-phishing remains the attack method of choice for
APT actors
• Gmail is used heavily as a drop point once usernames
and passwords are stolen from a target
• Social media is used to market and distribute phishing
kits and related goods and services
Hacking R&D
15. Web-based Attacks
• Tor, Darknet, and Bitcoin are used in concert to
market and distribute exploits, like zero-days
• Increase in zero-day web-based tools available on
the Darknet black market
• Hacker Toolkits provide configuration options to use
different exploits
• Ransomeware campaigns use zero-day attacks for
high-probability attacks that hit a large number of
users simultaneously
5/14/2016Richard S. Smith 15
Hacking R&D
16. Tech for Slowing Down
Advanced Attackers
• Security intelligence or SIEM systems provide a
significant ROI
• Deploying encryption technologies (storage,
middle-tier, and database)
• Advanced perimeter controls such as UTM, NGFW,
IPS with reputation feeds
• Hiring expert security staff, including a CISO
• Training your workforce to recognize attacks,
especially spear-phishing
• Apply controls to systems based on the risk and
sensitivity of the data
5/14/2016Richard S. Smith 16
17. Questions?
“I'm a really good hacker, but
I'm not a sensible person.”
–Richard D. James (Aphex Twin) British
electronic musician and composer
5/14/2016Richard S. Smith 17
18. Sources
• Ward, Peter. "The Future of Hacking: Your Planes, Trains and Automobiles
Aren't Safe." Newsweek. N.p., 07 July 2015. Web. 23 Apr. 2016.
• Press. "Thycotic Black Hat 2014." Thycotic Black Hat 2014 Hacker Survey
Executive Report (2014): n. pag. Thycotic. Aug. 2014. Web. 23 Apr. 2016.
• Kovaks, Eduard. "Ransomware: A Formidable Enterprise Threat |
SecurityWeek.Com." Ransomware: A Formidable Enterprise Threat |
SecurityWeek.Com. SecurityWeek, 30 Oct. 2015. Web. 23 Apr. 2016.
• Hassell, Jonathan. "You've Been Hit with Ransomware. Now What?" CIO. CIO,
21 Apr. 2016. Web. 24 Apr. 2016.
• Page, Jeremy. "4 Different Types of Attacks – Understanding the “Insider
Threat”." 4 Different Types of Attacks. CloudTweaks, 19 Jan. 2015. Web. 25 Apr.
2016.
5/14/2016Richard S. Smith 18