Professional Documents
Culture Documents
2
Agenda
Context
The Expanding Internet
Cyber Crime Scale
Today’s Threats
Malware
Preventing Business Account Takeover
Avoid Being a Victim
3
Context
• The internet is incredibly convenient – banking and shopping with a few clicks
of the mouse.
• Personal Banking
• 63 million Americans bank online1
• $3,500 average balance in “transaction accounts”2
• ~ $221 Billion managed online
• Shopping
• $1.042 Billion spent online the day after Thanksgiving 20123
• $1.465 Billion spent online the Monday after Thanksgiving 20123
4
The Expanding Internet
THE SUPERHIGHWAY, pre-2000 2012
1 3
2
2 Lanes 4 4,000
On/Off
3 Millions (1,000,000) Hundreds of Millions (800,000,000)
Ramps
5
Cyber Crime Scale
1
(347M) (431M)
6
Changing Cyber Threats
Insiders
• Often undetected for up to 32 months
• Culprits are employees- typically managers – with 5 years + experience
• Usually low-tech, relying on access privileges
Hacktivists
• Responsible for 58% of all data stolen in 2011
• Targets include CIA, FBI, Visa, MasterCard, Sony (breached 21 times in 2011), Amazon
Organized crime
• Cybercrime is maturing as a business, with marketing, support, advertising,
R&D, and economies of scale
Nation-states
• Since 2010, nation-state linked malware IDs increased from 1 to 8; 5 in 2012
• Gauss Malware targets financial services in the Middle East; steals credentials
• Technically sophisticated malware for espionage, data breaches, even sabotage
7
Changing Threats: Insiders
• Almost 1 in 10 who reported fraud suffered losses of more than $5 million.
• 56% of respondents said the most serious fraud was an ‘inside job’.
PWC Global Economic Crime Survey November 2011
0 20 40 60 80 100
% of reported frauds
9
Changing Threats: Organized Crime
• Traditional organized crime is TRADITIONAL INDICATOR ONLINE PARALLEL
making inroads and extending
Extortion techniques • Threats to close down systems by malware
operations into digital markets attacks
• Use of compromising browser records for
blackmail
• Young hacker stereotype
turns out not to be the case - Control of gambling • Development of new ‘offshore’ income streams
43% of organized digital crime
associates are over 35 – more • Sales of illegal drugs
than those who are under 25 Control of drug markets • Development of fake Viagra and other pseudo
(29%) drug markets / spamming
10
Changing Threats: Nation-state Threats
• Double-threat from highly advanced
and specialized malware & 0
Advanced Persistent Threats
Rise of Malware Linked to Nation-States
• Targets specific nations through
government & civil organizations, L Intelligence gathering L~SHAMOON
commerce & infrastructure: ~ Sabotage LGAUSS
– Gauss focused on financial
institutions LIXESHE ?
– Flame targeted companies and LFLAME MINIFLAME
institutions in the Middle East ~WIPER
• Highly sophisticated and complex:
~ STUXNET LMADHI
– Stuxnet probably required 10 man-
years of development; Flame 20
L~DUQU
times more complex 2010 2011 2012 2013
• Enables plausible deniability
– Researchers who analyze the code
can’t be sure that they’re seeing • Red lines indicate probable family link
more than what the writers want • Only circumstantial evidence for Wiper link to Stuxnet family
them to see. (it left very little forensic data)
• The status of Shamoon as nation-state malware has been
questioned – some attribute it to nationalist hackers or
cybercriminals
11
Attacks from Last Traceable Point of Origin
10-30%
3-4%
1%
0.6%
0.3%
32.5% Unknown origin
USA
• Hosted ~50% of all phishing Russia
sites in 1H 2011 • Produces 77% of all spam
• Hosted ~45% of all phishing-based • Source of many successful botnets;
keyloggers or Trojan downloaders Rustock, Grum, Cutwail , and more
China
• 55,000 malware/intrusion incidents on DoD systems in
2010; large but unspecified number blamed on China *Trustwave Breach Report 2012
• Highest level of malware infections
12
What is Malware?
• “Malware” is an umbrella term used to describe many forms of
malicious software
• Common forms of malware:
• Worms – malware that can spread by itself (most other forms spread by attaching to
a file).
• Trojans – malware that looks legitimate and tricks the user into activating it. Known to
create “backdoors” that give malicious users access to the infected system.
• Viruses – malware that replicates itself by inserting itself into and becoming a part of
a piece of legitmate software.
• Bots – malware that automates the use of system resources on the infected computer
to interact with external computers. Causes “Denial of Service (DoS) attacks.
13
The Business of Malware…
• 350 to 400 million PCs compromised
• $388 billion per year in losses resulting from cybercrime
• 431 million adults fall victim per year (69% of those
surveyed by Symantec had been victims)
A big
problem…
… getting
bigger?
*2011 PandaLabs
14
How Malware Works
0 1 3 4
Malware Malware Money Money
Service Infection Theft Collection
2
Malware Credential Money Mule
Cyber Harvest Victim Mules
Coder Organization
Theft
0 1 3
Malware Service Malware Infection Money Theft
Malware-as-a-Service Criminals Criminals leverage the victim’s
Malware programmers - trick victims into opening infected credentials to initiate funds
- sell/lend malware. attachments or visit nefarious websites transfers from the victim’s
- purchase/rent malware module from - commands bots to download malware account to mules.
other programmers (criminals lend/rent botnets)
- use testing services such as checking
detection by Anti-Virus software 2 4
- provide customers with customization, Credential harvest Money Collection
updates, and issue maintenance
The victims visit their online banking Mule organizations collect money
websites and logon per the standard from mules and laundry money.
processes.
The malware collects and transmits data
back to the criminals.
15
Malware Infection
• Phishing – “phishing” is the use of spam email designed to trick
the recipient into clicking a hyperlink or opening an attachment
• Phising emails often look official and have a clear “call to action”
• Most commonly look like email from banks, delivery services or law enforcement
agencies
• Spear Phishing
• A phising attack that is designed for a specific person. The attacker may conduct
extensive research on a specific individual to customize the attack.
• Social Networks
• Attackers using social networks take advantage of the fact that most everyone is on
another user’s “trusted” list
16
Social Engineering / Social Media
• Social engineering attacks occur by phone,
email, or even in person
Social Media Malware–
• A social engineer tricks people into giving away Automated social engineering:
• Malware can take over your social
sensitive information, even passwords media account to:
• Send phishing emails to all your
• Social engineers are ‘hacking the human contacts
• Set your “like” status to a
element’ – it’s easy and untrained employees product you’ve never heard of, or
won’t suspect to some malware-infected app
17
Man-In-The-Browser
• One of the most concerning types of malware attacks is called
“Man-In-The-Browser” (MITB).
• Typically the result of a Trojan infection, MITB permits a cybercriminal to modify
the infected machine’s browser and harvest user credentials.
• Infected browser looks like an unifected browser, many times prompting the user
for token generated passwords and / or transaction PINs.
Login screen
altered
18
Prevent Business Account Takeover
• Dual Authorization
• If offered, utilize dual authorization for ACH / wire transactions and account
administration
19
Prevent Business Account Takeover
• Dedicated Computer
• Use a dedicated computer for online financial transactions
20
How to Avoid Being a Victim
• Keep anti-virus software up to date
• AV software is not a silver bullet – only catches 40% of all documented malware!
Use AV software as one part of your entire strategy to stay safe online.
21
How to Avoid Being a Victim (Continued)
• Social Network Safety
• Minimize the amount of personal information (birth date, address, etc) you
share on social networks
“Social media is most influential new media because we consider familiar voices to be trustworthy”
22