Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

HaaS: Hacking as a Service

2.004 Aufrufe

Veröffentlicht am

Many organization around the world learn to appreciate the benefits of using software "As a service". But there also others who enjoy this model - Cyber Criminals. In the last years there been unprecedented development in the quality and scale of criminal cyber services. In order to perform criminal activities on the web today you don't need to be hacker - all you need is a credit card.

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

HaaS: Hacking as a Service

  1. 1. Moshe Ferber, CCSK Onlinecloudsec.com HaaS Hacking as a Service The development of Cyber services for hire
  2. 2. About myself:  Moshe Ferber, 37, lives in Modiin (+2).  Information security professional for over 15 years.  Managed the security department for NessTechnologies.  Founded Cloud7, Israel based MSSP (currently owned by Matrix).  Shareholder at Clarisite – Your customer’s eye view  Shareholder at FortyCloud – Make your public cloud private  Instructor for the See-Security CyberWarfare college.  Member of the board at MacshavaTova  Member of board at the Cloud Security Alliance, Israeli Chapter. 2
  3. 3. Our typical Cyber criminal ?
  4. 4. TODAY ALL YOU NEED IS A CREDIT CARD “Today’s cybercriminals do not necessarily require considerable technical expertise to get the job done, All they need is a credit card.” Troels Oerting Head of EC3 European Cybercrime Centre
  5. 5. Cyber crimes are changing
  6. 6. Cloud deployment models: Cyber deployment models: PaaS IaaS SaaS DIY virus
  7. 7. IaaS – hosting services Bulletproof is a service provided by some domain hosting or web hosting firms that allows their customer considerable leniency in the kinds of material they may upload and distribute. “great offers to spammers” Source: Kreb on Security “We accept any traffic” “For your spamming needs”
  8. 8. Source: McAfee cyber crime exposed “We host everything, except child porno” “We have good relationship with the government ”
  9. 9. IaaS – Botnet services Spread SPAM Targeting accounts DDOS Launch Steal intangible goods Click jacking Bitcoin Mining “Discount for regular customers” “The more you buy the less you pay” “All countries expect Russia” “24/7 friendly support”
  10. 10. 60% of Internet traffic: BOTS Taken from: http://www.incapsula.com/the-incapsula-blog/item/820-bot- traffic-report-2013
  11. 11. PaaS - Do it yourself from vulnerability to exploit Source: Forbes
  12. 12. Exploits Low = 200$ Low = 400$ High = 600$
  13. 13. QA as a service: 35 AntiVirus engines We will not share results with AV vendors 30$ Per month
  14. 14. Training services everything a cybercriminals needs to know  Manual included  Crime software recommendation  cybercrime-friendly community
  15. 15. Professional services: Source: http://resources.infosecinstitute.com/cybercrime-as-a-service/
  16. 16. The 21st century sweatshops
  17. 17. But why bother? Just buy a service
  18. 18. DOXING services http://d4tabase.com/services/7674-doxing-service.html Doxing - is the Internet-based practice of researching and publishing personally identifiable information about an individual.
  19. 19. SaaS – Spam services Taken from webroot
  20. 20. Know your customers… Source: Raj Shamni, cyber crime exposed
  21. 21. DDOS as a service Source: http://www.webroot.com/blog/2012/06/06/ddos-for-hire-services-offering-to-take- down-your-competitors-web-sites-going-mainstream/ Competitors you can not cope? Earn money while your competitors try way out “Order DDOS attack today”
  22. 22. DDOS as a service Source: http://www.webroot.com/blog/2012/06/06/ddos-for-hire-services-offering-to-take- down-your-competitors-web-sites-going-mainstream/ Our prices will pleasantly surprise you Get a discount for two sites
  23. 23. SaaS – Password cracking service Your victim details Nice introduction “where did you heard about us?” Source: Raj Shamni, cyber crime exposed
  24. 24. Malware services
  25. 25. Citadel spyware services Source: Kreb on security Shutdown mechanism when encountering Russian computer Citadel CRM Store And support ticketing system Basic Package: retails for $2,399 + a $125 monthly “rent” automatically updates to evade the last antivirus signatures- At only 15$ a month
  26. 26. Source: Fortinet 2013 Cyber Crime report Marketing is important…
  27. 27. And also reputation +9 Reputation Source: Raj Shamni, cyber crime exposed
  28. 28. And also the business model Earn Per Purchase
  29. 29. The eco-system 75% revenue share Bi-weekly payments 10% commission bonus Live chat window http://www.secureworks.com/cyber-threat-intelligence/threats/ppi/ software lifetime payout
  30. 30. And sometimes we meet business opportunities Taken from: http://www.reuters.com
  31. 31. And there are M&A… Just like any market…
  32. 32. And to wrap it up… Hit man as a Service Source: Dailymail.co.uk
  33. 33. Thank you! Moshe Ferber, CCSK moshe@onlinecloudsec.com
  34. 34. Sources  Raj Samani, Mcafee EMEA CTO.  Cyber Crime exposed, a McAfee whitepaper  Dancho Danchev – botnets networks for hire  Infosec institute – Cybercrime as a service  Fortinet 2013 Cyber Crime report  SecureWorks blog
  35. 35. Keep in Touch  Moshe Ferber  moshe@onlinecloudsec.com  www.onlinecloudsec.com  http://il.linkedin.com/in/MosheFerber Cloud Security Course Schedule can be find at: http://www.onlinecloudsec.com/course-schedule
  36. 36. List price
  37. 37. Credit card list price
  38. 38. Source: http://krebsonsecurity.com