SlideShare ist ein Scribd-Unternehmen logo

Cyber crime v3

Als PPTX, PDF herunterladen
J
Jamison Utter

Slidedeck from DtSR 206

Bildung
1 von 27
1 | © 2013 Infoblox Inc. All Rights Reserved.1 | © 2015 Infoblox Inc. All Rights Reserved. Unlocking Cyber-Crime – The New Cold War Jamison Utter | Principal Security Consultant 6/15/2016
2 | © 2013 Infoblox Inc. All Rights Reserved.2 | © 2015 Infoblox Inc. All Rights Reserved. Motive Matters No one can build his security upon the nobleness of another person.” * *Willa Cather, Alexander's Bridge
3 | © 2013 Infoblox Inc. All Rights Reserved.3 | © 2015 Infoblox Inc. All Rights Reserved. Exponential ROI 1 Year CD = 1%Money Market = 0.5% Average Stock Market = 7% Cyber Crime = 1425%
4 | © 2013 Infoblox Inc. All Rights Reserved.4 | © 2015 Infoblox Inc. All Rights Reserved. Breaking it down What’s the cost of entry? Item Total Investment Payload $3000 Infection Vector $500 Traffic Acquisition $1800 Daily Traffic $600 Total Expenses $5,900
5 | © 2013 Infoblox Inc. All Rights Reserved.5 | © 2015 Infoblox Inc. All Rights Reserved. The Payload The Challenge: - Avoid trivial signature detection The Solution: - A new hash of a crypto-variant that is identified with ‘good’ programs (by purchasing the source code with support) The Cost: - 10 Bitcoin (or about $3000 USD) This does not include source code and support!
6 | © 2013 Infoblox Inc. All Rights Reserved.6 | © 2015 Infoblox Inc. All Rights Reserved. Commodity Programming • Criminal elements are in constant reinvestment cycles expanding both footprint and technical ability. • Like real software most malware is developed in teams by technical coders specialized in the particular function. • Customer support, code support, and bug fix are now table stakes in professional malware.
7 | © 2013 Infoblox Inc. All Rights Reserved.7 | © 2015 Infoblox Inc. All Rights Reserved. Economy of Scale 0 200 400 600 800 1000 Poland Czech Republic Slovak Republic Russian Federation Hungary Romania Bulgaria Ukraine Average Monthly Income US Dollars A Semi-skilled Ukrainian Hacker can make 5x – 25x their normal income by switching to a business model that is illegal (in the US)
8 | © 2013 Infoblox Inc. All Rights Reserved.8 | © 2015 Infoblox Inc. All Rights Reserved. The Infection Vector
9 | © 2013 Infoblox Inc. All Rights Reserved.9 | © 2015 Infoblox Inc. All Rights Reserved. Traffic Acquisition Getting clicks! - Often via Phishing (pretty easy) - Sometimes scare-ware - Sometimes Ad networks - Also via Botnets (RATS)
10 | © 2013 Infoblox Inc. All Rights Reserved.10 | © 2015 Infoblox Inc. All Rights Reserved. Crime as a Service Professional Crime Software Technical Innovators Reseller/Maintainers Non-technical Opportunists / Crimeware-as-a-Service Users
11 | © 2013 Infoblox Inc. All Rights Reserved.11 | © 2015 Infoblox Inc. All Rights Reserved. Breaking it down What’s the ROI? Item Total Investment Visitors 20,000 Infection Rate 10% Payout rate 0.5% (Symantec = 3%) Ransom Amount $300 ROI (Average 30 days) $3,000/day ($90,000/month)
12 | © 2013 Infoblox Inc. All Rights Reserved.12 | © 2015 Infoblox Inc. All Rights Reserved. What is the scale of this The Black Market Georgia Iceland AlbaniaHonduras El Salvador The Black market is a 17 Billion dollar economy
13 | © 2013 Infoblox Inc. All Rights Reserved.13 | © 2015 Infoblox Inc. All Rights Reserved. The Zero Sum Game Innovation Development Deployment Capitalization Current State Where we need to be Ceiling Cat FTW!
14 | © 2013 Infoblox Inc. All Rights Reserved.14 | © 2015 Infoblox Inc. All Rights Reserved. Change the Security Paradigm “The long term goal of a security strategy cannot be to outsmart criminals, since that just breeds smarter criminals.”* *Jarnon Lanier – “Who Owns the Future”
15 | © 2013 Infoblox Inc. All Rights Reserved.15 | © 2015 Infoblox Inc. All Rights Reserved. Meeting the Challenge Collaboration Intelligence Speed
16 | © 2013 Infoblox Inc. All Rights Reserved.16 | © 2015 Infoblox Inc. All Rights Reserved. Identify Collect AnalyzeDistribute Act Collaboration Security is a system, its as alive as an organization or organism. Without cooperation and data sharing between devices, you will never triangulate and locate threats already in your network
17 | © 2013 Infoblox Inc. All Rights Reserved.17 | © 2015 Infoblox Inc. All Rights Reserved. Intelligence Securing cyberspace is shared responsibility - collecting, analyzing & disseminating cyber threat intel” - FBI
18 | © 2013 Infoblox Inc. All Rights Reserved.18 | © 2015 Infoblox Inc. All Rights Reserved. What’s missing from your Threat Intel? Risks Targets and Assets Threats (or Threat Actors) Movement Observation and Restriction
19 | © 2013 Infoblox Inc. All Rights Reserved.19 | © 2015 Infoblox Inc. All Rights Reserved. What makes “actionable” intelligence? • Early discovery, appropriate TTLs, sensible refresh rateTimely • Applies to your problems, your use casesRelevant • Reasonable precision, limited false positivesAccurate • Why a threat, what kind, and what else is it related toContextual • Pre-integrated, standard formats, Rest APIsEasy-to-Use • Consistent in quality and rate/volumeReliable
20 | © 2013 Infoblox Inc. All Rights Reserved.20 | © 2015 Infoblox Inc. All Rights Reserved. Speed We must shorten the Kill Chain, or we will always be behind the ball.
21 | © 2013 Infoblox Inc. All Rights Reserved.21 | © 2015 Infoblox Inc. All Rights Reserved. Changing Security Culture Wisdom consists in being able to distinguish among dangers and make a choice of the least harmful. — Niccolo Machiavelli, The Prince
22 | © 2013 Infoblox Inc. All Rights Reserved.22 | © 2015 Infoblox Inc. All Rights Reserved. Security is a Culture Application Development Network Design End-user Training Business Workflow
23 | © 2013 Infoblox Inc. All Rights Reserved.23 | © 2015 Infoblox Inc. All Rights Reserved. Insecure Code Characteristic I Injectable Code N Non-Repudiation Mechanisms not Present S Spoofable E Exceptions and Errors not Properly Handled C Cryptographically Weak U Unsafe/Unused Functions and Routines in Code R Reversible Code E Elevated Privileges to Run (ISC)2 InSecure Code practices
24 | © 2013 Infoblox Inc. All Rights Reserved.24 | © 2015 Infoblox Inc. All Rights Reserved. Secure Network Design Know Don’t Guess Avoid Dangling Networks Route where needed not where possible See all manage all Know when to standardize Power is important Embrace Documentation Jennifer Jabbusch CISO, Carolina Advanced Digital
25 | © 2013 Infoblox Inc. All Rights Reserved.25 | © 2015 Infoblox Inc. All Rights Reserved. Secure Environment Educate Evaluate AdjustCultivate Test
26 | © 2013 Infoblox Inc. All Rights Reserved.26 | © 2015 Infoblox Inc. All Rights Reserved. Business Workflow Leadership Performance Culture
27 | © 2013 Infoblox Inc. All Rights Reserved.27 | © 2015 Infoblox Inc. All Rights Reserved. THANK YOU @jamison_utter Jamison Utter

Empfohlen

CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnovCyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
Eric Vanderburg
 
Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)
Andrew Manoske
 
Cyber Security - Whats the Worst that Could Happen
Cyber Security - Whats the Worst that Could HappenCyber Security - Whats the Worst that Could Happen
Cyber Security - Whats the Worst that Could Happen
Rob Stevenson
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITREMITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
MITRE - ATT&CKcon
 
A CISO's Guide to Cyber Liability Insurance
A CISO's Guide to Cyber Liability InsuranceA CISO's Guide to Cyber Liability Insurance
A CISO's Guide to Cyber Liability Insurance
SecureAuth
 
Practical Defences Against A New Type of Professional Bank Fraudsters
Practical Defences Against A New Type of Professional Bank FraudstersPractical Defences Against A New Type of Professional Bank Fraudsters
Practical Defences Against A New Type of Professional Bank Fraudsters
Albert Hui
 
New Frontiers in Cyber Forensics
New Frontiers in Cyber ForensicsNew Frontiers in Cyber Forensics
New Frontiers in Cyber Forensics
Albert Hui
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)
Benjamin Ang
 

Empfohlen

CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnovCyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
Eric Vanderburg
 
Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)
Andrew Manoske
 
Cyber Security - Whats the Worst that Could Happen
Cyber Security - Whats the Worst that Could HappenCyber Security - Whats the Worst that Could Happen
Cyber Security - Whats the Worst that Could Happen
Rob Stevenson
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITREMITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
MITRE - ATT&CKcon
 
A CISO's Guide to Cyber Liability Insurance
A CISO's Guide to Cyber Liability InsuranceA CISO's Guide to Cyber Liability Insurance
A CISO's Guide to Cyber Liability Insurance
SecureAuth
 
Practical Defences Against A New Type of Professional Bank Fraudsters
Practical Defences Against A New Type of Professional Bank FraudstersPractical Defences Against A New Type of Professional Bank Fraudsters
Practical Defences Against A New Type of Professional Bank Fraudsters
Albert Hui
 
New Frontiers in Cyber Forensics
New Frontiers in Cyber ForensicsNew Frontiers in Cyber Forensics
New Frontiers in Cyber Forensics
Albert Hui
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)
Benjamin Ang
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
CrowdStrike
 
Singapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategySingapore's National Cyber Security Strategy
Singapore's National Cyber Security Strategy
Benjamin Ang
 
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Albert Hui
 
Lessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI ReportLessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI Report
Benjamin Ang
 
The Rise of California Cybercrime
The Rise of California Cybercrime The Rise of California Cybercrime
The Rise of California Cybercrime
SecureAuth
 
Nvis, inc. 03 18-2020 - final
Nvis, inc. 03 18-2020 - finalNvis, inc. 03 18-2020 - final
Nvis, inc. 03 18-2020 - final
A. Phillip Smith
 
Criminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their MethodsCriminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their Methods
HP Enterprise Italia
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Benjamin Ang
 
Voices of Vulnerability Disclosure Policy
Voices of Vulnerability Disclosure PolicyVoices of Vulnerability Disclosure Policy
Voices of Vulnerability Disclosure Policy
HackerOne
 
What retailers want you to know about data security
What retailers want you to know about data securityWhat retailers want you to know about data security
What retailers want you to know about data security
National Retail Federation
 
Cómo usar la tecnología para generar más Seguridad y desarrollo local
Cómo usar la tecnología para generar más Seguridad y desarrollo localCómo usar la tecnología para generar más Seguridad y desarrollo local
Cómo usar la tecnología para generar más Seguridad y desarrollo local
Adrian Mikeliunas
 
New developments in cyber law - Singapore and beyond
New developments in cyber law - Singapore and beyondNew developments in cyber law - Singapore and beyond
New developments in cyber law - Singapore and beyond
Benjamin Ang
 
Market Intelligence Briefing: The Civilian FY16 Federal Budget
Market Intelligence Briefing: The Civilian FY16 Federal BudgetMarket Intelligence Briefing: The Civilian FY16 Federal Budget
Market Intelligence Briefing: The Civilian FY16 Federal Budget
immixGroup
 
Practical approach to combating cyber crimes
Practical approach to combating cyber crimesPractical approach to combating cyber crimes
Practical approach to combating cyber crimes
Chinatu Uzuegbu
 
Achieving 360° view of security for complete situational awareness
Achieving 360° view of security for complete situational awarenessAchieving 360° view of security for complete situational awareness
Achieving 360° view of security for complete situational awareness
Happiest Minds Technologies
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Eric Vanderburg
 
12 Top Talks from the 2016 R-CISC Summit
12 Top Talks from the 2016 R-CISC Summit12 Top Talks from the 2016 R-CISC Summit
12 Top Talks from the 2016 R-CISC Summit
Tripwire
 
Cybercrime - Stealing in the Connected Age
Cybercrime - Stealing in the Connected AgeCybercrime - Stealing in the Connected Age
Cybercrime - Stealing in the Connected Age
dlblumen
 
Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...
Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...
Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...
REVULN
 
brochure
brochurebrochure
brochure
Ari Järvinen
 
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAMCómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Mundo Contact
 
Advanced DNS Protection
Advanced DNS ProtectionAdvanced DNS Protection
Advanced DNS Protection
Srikrupa Srivatsan
 

Weitere ähnliche Inhalte

Was ist angesagt?

The Rise of California Cybercrime
The Rise of California Cybercrime The Rise of California Cybercrime
The Rise of California Cybercrime
SecureAuth
 
Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...
Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...
Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...
REVULN
 

Was ist angesagt? (20)

CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
 
Singapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategySingapore's National Cyber Security Strategy
Singapore's National Cyber Security Strategy
 
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
 
Lessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI ReportLessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI Report
 
The Rise of California Cybercrime
The Rise of California Cybercrime The Rise of California Cybercrime
The Rise of California Cybercrime
 
Nvis, inc. 03 18-2020 - final
Nvis, inc. 03 18-2020 - finalNvis, inc. 03 18-2020 - final
Nvis, inc. 03 18-2020 - final
 
Criminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their MethodsCriminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their Methods
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
 
Voices of Vulnerability Disclosure Policy
Voices of Vulnerability Disclosure PolicyVoices of Vulnerability Disclosure Policy
Voices of Vulnerability Disclosure Policy
 
What retailers want you to know about data security
What retailers want you to know about data securityWhat retailers want you to know about data security
What retailers want you to know about data security
 
Cómo usar la tecnología para generar más Seguridad y desarrollo local
Cómo usar la tecnología para generar más Seguridad y desarrollo localCómo usar la tecnología para generar más Seguridad y desarrollo local
Cómo usar la tecnología para generar más Seguridad y desarrollo local
 
New developments in cyber law - Singapore and beyond
New developments in cyber law - Singapore and beyondNew developments in cyber law - Singapore and beyond
New developments in cyber law - Singapore and beyond
 
Market Intelligence Briefing: The Civilian FY16 Federal Budget
Market Intelligence Briefing: The Civilian FY16 Federal BudgetMarket Intelligence Briefing: The Civilian FY16 Federal Budget
Market Intelligence Briefing: The Civilian FY16 Federal Budget
 
Practical approach to combating cyber crimes
Practical approach to combating cyber crimesPractical approach to combating cyber crimes
Practical approach to combating cyber crimes
 
Achieving 360° view of security for complete situational awareness
Achieving 360° view of security for complete situational awarenessAchieving 360° view of security for complete situational awareness
Achieving 360° view of security for complete situational awareness
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
 
12 Top Talks from the 2016 R-CISC Summit
12 Top Talks from the 2016 R-CISC Summit12 Top Talks from the 2016 R-CISC Summit
12 Top Talks from the 2016 R-CISC Summit
 
Cybercrime - Stealing in the Connected Age
Cybercrime - Stealing in the Connected AgeCybercrime - Stealing in the Connected Age
Cybercrime - Stealing in the Connected Age
 
Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...
Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...
Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...
 
brochure
brochurebrochure
brochure
 

Andere mochten auch

LicensingScopeAndBoundaries
LicensingScopeAndBoundariesLicensingScopeAndBoundaries
LicensingScopeAndBoundaries
William Francis
 
Education webinar april 2012
Education webinar april 2012Education webinar april 2012
Education webinar april 2012
Infoblox
 
Wp ipam infoblox
Wp ipam infobloxWp ipam infoblox
Wp ipam infoblox
islamet
 
Network automation seminar
Network automation seminarNetwork automation seminar
Network automation seminar
patmisasi
 
Bluecoat Services
Bluecoat ServicesBluecoat Services
Bluecoat Services
ChessBall
 

Andere mochten auch (20)

Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAMCómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
 
Advanced DNS Protection
Advanced DNS ProtectionAdvanced DNS Protection
Advanced DNS Protection
 
Bmit meet theexperts_2013
Bmit meet theexperts_2013Bmit meet theexperts_2013
Bmit meet theexperts_2013
 
Workgroup Issues
Workgroup IssuesWorkgroup Issues
Workgroup Issues
 
LicensingScopeAndBoundaries
LicensingScopeAndBoundariesLicensingScopeAndBoundaries
LicensingScopeAndBoundaries
 
Education webinar april 2012
Education webinar april 2012Education webinar april 2012
Education webinar april 2012
 
Wp ipam infoblox
Wp ipam infobloxWp ipam infoblox
Wp ipam infoblox
 
Network automation seminar
Network automation seminarNetwork automation seminar
Network automation seminar
 
Long Infoblox
Long InfobloxLong Infoblox
Long Infoblox
 
Ipadd mngt
Ipadd mngtIpadd mngt
Ipadd mngt
 
2010-11 The Anatomy of a Web Attack
2010-11 The Anatomy of a Web Attack 2010-11 The Anatomy of a Web Attack
2010-11 The Anatomy of a Web Attack
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)
 
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupInfoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
 
Fatca rules explained
Fatca rules explainedFatca rules explained
Fatca rules explained
 
How to Sell Security to Your CIO
How to Sell Security to Your CIOHow to Sell Security to Your CIO
How to Sell Security to Your CIO
 
Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachThreat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a Breach
 
DNS, DHCP & IPAM with IPv6
DNS, DHCP & IPAM with IPv6DNS, DHCP & IPAM with IPv6
DNS, DHCP & IPAM with IPv6
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
 
Top 5 Reasons To Consider SolarWinds IPAM Over Infoblox
Top 5 Reasons To Consider SolarWinds IPAM Over InfobloxTop 5 Reasons To Consider SolarWinds IPAM Over Infoblox
Top 5 Reasons To Consider SolarWinds IPAM Over Infoblox
 
Bluecoat Services
Bluecoat ServicesBluecoat Services
Bluecoat Services
 

Ähnlich wie Cyber crime v3

Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, London
John Palfreyman
 
GR - Security Economics in IoT 150817- Rel.1
GR - Security Economics in IoT 150817- Rel.1GR - Security Economics in IoT 150817- Rel.1
GR - Security Economics in IoT 150817- Rel.1
Clay Melugin
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
IBM Security
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective
Omlis
 

Ähnlich wie Cyber crime v3 (20)

IT-Risks-for-Non-profits-September-18SEPT17.pptx
IT-Risks-for-Non-profits-September-18SEPT17.pptxIT-Risks-for-Non-profits-September-18SEPT17.pptx
IT-Risks-for-Non-profits-September-18SEPT17.pptx
 
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, London
 
GR - Security Economics in IoT 150817- Rel.1
GR - Security Economics in IoT 150817- Rel.1GR - Security Economics in IoT 150817- Rel.1
GR - Security Economics in IoT 150817- Rel.1
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective
 
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseWebinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of Defense
 
Addressing cyber risk managment from SME perspective
Addressing cyber risk managment from SME perspectiveAddressing cyber risk managment from SME perspective
Addressing cyber risk managment from SME perspective
 
WatchGuard Corporate Presentation.pptx
WatchGuard Corporate Presentation.pptxWatchGuard Corporate Presentation.pptx
WatchGuard Corporate Presentation.pptx
 
A Look Into Cyber Security
A Look Into Cyber SecurityA Look Into Cyber Security
A Look Into Cyber Security
 
Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Enterprise Cyber Security 2016
Enterprise Cyber Security 2016
 
2016 trustwave global security report
2016 trustwave global security report2016 trustwave global security report
2016 trustwave global security report
 
APT Monitoring and Compliance
APT Monitoring and ComplianceAPT Monitoring and Compliance
APT Monitoring and Compliance
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Man in the Browser attacks on online banking transactions
Man in the Browser attacks on online banking transactionsMan in the Browser attacks on online banking transactions
Man in the Browser attacks on online banking transactions
 
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence WebinarEnhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
 
Csa summit seguridad en el sddc
Csa summit seguridad en el sddcCsa summit seguridad en el sddc
Csa summit seguridad en el sddc
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
Cyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxCyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptx
 
LoginCat - Mini Presentation
LoginCat - Mini PresentationLoginCat - Mini Presentation
LoginCat - Mini Presentation
 

Kürzlich hochgeladen

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 

Kürzlich hochgeladen (20)

Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 

Cyber crime v3

  • 1. 1 | © 2013 Infoblox Inc. All Rights Reserved.1 | © 2015 Infoblox Inc. All Rights Reserved. Unlocking Cyber-Crime – The New Cold War Jamison Utter | Principal Security Consultant 6/15/2016
  • 2. 2 | © 2013 Infoblox Inc. All Rights Reserved.2 | © 2015 Infoblox Inc. All Rights Reserved. Motive Matters No one can build his security upon the nobleness of another person.” * *Willa Cather, Alexander's Bridge
  • 3. 3 | © 2013 Infoblox Inc. All Rights Reserved.3 | © 2015 Infoblox Inc. All Rights Reserved. Exponential ROI 1 Year CD = 1%Money Market = 0.5% Average Stock Market = 7% Cyber Crime = 1425%
  • 4. 4 | © 2013 Infoblox Inc. All Rights Reserved.4 | © 2015 Infoblox Inc. All Rights Reserved. Breaking it down What’s the cost of entry? Item Total Investment Payload $3000 Infection Vector $500 Traffic Acquisition $1800 Daily Traffic $600 Total Expenses $5,900
  • 5. 5 | © 2013 Infoblox Inc. All Rights Reserved.5 | © 2015 Infoblox Inc. All Rights Reserved. The Payload The Challenge: - Avoid trivial signature detection The Solution: - A new hash of a crypto-variant that is identified with ‘good’ programs (by purchasing the source code with support) The Cost: - 10 Bitcoin (or about $3000 USD) This does not include source code and support!
  • 6. 6 | © 2013 Infoblox Inc. All Rights Reserved.6 | © 2015 Infoblox Inc. All Rights Reserved. Commodity Programming • Criminal elements are in constant reinvestment cycles expanding both footprint and technical ability. • Like real software most malware is developed in teams by technical coders specialized in the particular function. • Customer support, code support, and bug fix are now table stakes in professional malware.
  • 7. 7 | © 2013 Infoblox Inc. All Rights Reserved.7 | © 2015 Infoblox Inc. All Rights Reserved. Economy of Scale 0 200 400 600 800 1000 Poland Czech Republic Slovak Republic Russian Federation Hungary Romania Bulgaria Ukraine Average Monthly Income US Dollars A Semi-skilled Ukrainian Hacker can make 5x – 25x their normal income by switching to a business model that is illegal (in the US)
  • 8. 8 | © 2013 Infoblox Inc. All Rights Reserved.8 | © 2015 Infoblox Inc. All Rights Reserved. The Infection Vector
  • 9. 9 | © 2013 Infoblox Inc. All Rights Reserved.9 | © 2015 Infoblox Inc. All Rights Reserved. Traffic Acquisition Getting clicks! - Often via Phishing (pretty easy) - Sometimes scare-ware - Sometimes Ad networks - Also via Botnets (RATS)
  • 10. 10 | © 2013 Infoblox Inc. All Rights Reserved.10 | © 2015 Infoblox Inc. All Rights Reserved. Crime as a Service Professional Crime Software Technical Innovators Reseller/Maintainers Non-technical Opportunists / Crimeware-as-a-Service Users
  • 11. 11 | © 2013 Infoblox Inc. All Rights Reserved.11 | © 2015 Infoblox Inc. All Rights Reserved. Breaking it down What’s the ROI? Item Total Investment Visitors 20,000 Infection Rate 10% Payout rate 0.5% (Symantec = 3%) Ransom Amount $300 ROI (Average 30 days) $3,000/day ($90,000/month)
  • 12. 12 | © 2013 Infoblox Inc. All Rights Reserved.12 | © 2015 Infoblox Inc. All Rights Reserved. What is the scale of this The Black Market Georgia Iceland AlbaniaHonduras El Salvador The Black market is a 17 Billion dollar economy
  • 13. 13 | © 2013 Infoblox Inc. All Rights Reserved.13 | © 2015 Infoblox Inc. All Rights Reserved. The Zero Sum Game Innovation Development Deployment Capitalization Current State Where we need to be Ceiling Cat FTW!
  • 14. 14 | © 2013 Infoblox Inc. All Rights Reserved.14 | © 2015 Infoblox Inc. All Rights Reserved. Change the Security Paradigm “The long term goal of a security strategy cannot be to outsmart criminals, since that just breeds smarter criminals.”* *Jarnon Lanier – “Who Owns the Future”
  • 15. 15 | © 2013 Infoblox Inc. All Rights Reserved.15 | © 2015 Infoblox Inc. All Rights Reserved. Meeting the Challenge Collaboration Intelligence Speed
  • 16. 16 | © 2013 Infoblox Inc. All Rights Reserved.16 | © 2015 Infoblox Inc. All Rights Reserved. Identify Collect AnalyzeDistribute Act Collaboration Security is a system, its as alive as an organization or organism. Without cooperation and data sharing between devices, you will never triangulate and locate threats already in your network
  • 17. 17 | © 2013 Infoblox Inc. All Rights Reserved.17 | © 2015 Infoblox Inc. All Rights Reserved. Intelligence Securing cyberspace is shared responsibility - collecting, analyzing & disseminating cyber threat intel” - FBI
  • 18. 18 | © 2013 Infoblox Inc. All Rights Reserved.18 | © 2015 Infoblox Inc. All Rights Reserved. What’s missing from your Threat Intel? Risks Targets and Assets Threats (or Threat Actors) Movement Observation and Restriction
  • 19. 19 | © 2013 Infoblox Inc. All Rights Reserved.19 | © 2015 Infoblox Inc. All Rights Reserved. What makes “actionable” intelligence? • Early discovery, appropriate TTLs, sensible refresh rateTimely • Applies to your problems, your use casesRelevant • Reasonable precision, limited false positivesAccurate • Why a threat, what kind, and what else is it related toContextual • Pre-integrated, standard formats, Rest APIsEasy-to-Use • Consistent in quality and rate/volumeReliable
  • 20. 20 | © 2013 Infoblox Inc. All Rights Reserved.20 | © 2015 Infoblox Inc. All Rights Reserved. Speed We must shorten the Kill Chain, or we will always be behind the ball.
  • 21. 21 | © 2013 Infoblox Inc. All Rights Reserved.21 | © 2015 Infoblox Inc. All Rights Reserved. Changing Security Culture Wisdom consists in being able to distinguish among dangers and make a choice of the least harmful. — Niccolo Machiavelli, The Prince
  • 22. 22 | © 2013 Infoblox Inc. All Rights Reserved.22 | © 2015 Infoblox Inc. All Rights Reserved. Security is a Culture Application Development Network Design End-user Training Business Workflow
  • 23. 23 | © 2013 Infoblox Inc. All Rights Reserved.23 | © 2015 Infoblox Inc. All Rights Reserved. Insecure Code Characteristic I Injectable Code N Non-Repudiation Mechanisms not Present S Spoofable E Exceptions and Errors not Properly Handled C Cryptographically Weak U Unsafe/Unused Functions and Routines in Code R Reversible Code E Elevated Privileges to Run (ISC)2 InSecure Code practices
  • 24. 24 | © 2013 Infoblox Inc. All Rights Reserved.24 | © 2015 Infoblox Inc. All Rights Reserved. Secure Network Design Know Don’t Guess Avoid Dangling Networks Route where needed not where possible See all manage all Know when to standardize Power is important Embrace Documentation Jennifer Jabbusch CISO, Carolina Advanced Digital
  • 25. 25 | © 2013 Infoblox Inc. All Rights Reserved.25 | © 2015 Infoblox Inc. All Rights Reserved. Secure Environment Educate Evaluate AdjustCultivate Test
  • 26. 26 | © 2013 Infoblox Inc. All Rights Reserved.26 | © 2015 Infoblox Inc. All Rights Reserved. Business Workflow Leadership Performance Culture
  • 27. 27 | © 2013 Infoblox Inc. All Rights Reserved.27 | © 2015 Infoblox Inc. All Rights Reserved. THANK YOU @jamison_utter Jamison Utter

Hinweis der Redaktion

  1. A Semi-skilled Ukrainian Hacker can make 400x their normal income by switching to a business model that is illegal (in the US)
  2. How do we get that payload on a machine? Exploit (like Flash, or Java, or Windows) Use a service to install it (via Zeus or Angler?)
  3. The cybercrime network is expanding, strengthening, and, increasingly, operating like any legitimate, sophisticated business network. Today’s cybercriminal hierarchy is like a pyramid. At the bottom are the nontechnical opportunists and “crimeware-as-a-service” users who want to make money, a statement, or both with their campaigns. In the middle are the resellers and infrastructure maintainers—the “middlemen.” At the top are the technical innovators—the major players who law enforcement seeks most, but struggles to find. Crimeware’s development and distribution is highly organized and controlled by criminal groups that have formalized and implemented business models to automate cybercrime. Just as the software industry has spawned a business model in reselling, installing, and maintaining legitimate code, the malware industry has spawned distribution and support networks to assist criminals in successful malware usage. Developers of crimeware profit from the sale or lease of the malware to third parties who then use it to perpetrate identity theft and account fraud. When individual groups of criminals coordinate their efforts, and the product is Crimeware as a Service (CAAS).
  4. Alternative transition – recommend using additional colors for multiple transition slides
  5. Securing cyberspace is shared responsibility - collecting, analyzing & disseminating cyber threat intel” - FBI
  6. Ponemon stats around timeliness expectations
  7. https://www.isc2.org/uploadedfiles/(isc)2_public_content/certification_programs/csslp/csslp-wp-5.pdf
  8. SANS STH.EndUser Security Awareness Training