Anzeige
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack
Anatomy of an Attack

Check these out next

RSA 2010 Francis De Souza
RSA 2010 Francis De Souza
guest8a3b501b
Ethical hacking
Ethical hacking
Nagarani Nag
Honeypot Project
Honeypot Project
Manikyala Rao
Security Lifecycle Management Process
Security Lifecycle Management Process
Bill Ross
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
Radware
Honeypot
Honeypot
Akhil Sahajan
Cyber warfare an architecture for deterrence
Cyber warfare an architecture for deterrence
Bikrant Gautam
If You Don't Like the Game, Hack the Playbook... (Zatko)
If You Don't Like the Game, Hack the Playbook... (Zatko)
Michael Scovetta
1 von 32

Anatomy of an Attack

21. Oct 2011
Technologie

Cyber Crime intro along with some perspectives on how to look at risk vs vulnerabilities

spoofyroot
Anzeige
Anzeige
Anzeige

Recomendados

Modern Lessons in Security MonitoringModern Lessons in Security Monitoring
Modern Lessons in Security MonitoringAnton Goncharov577 Aufrufe32 Folien
Isys20261 lecture 03Isys20261 lecture 03
Isys20261 lecture 03Wiliam Ferraciolli195 Aufrufe18 Folien
RSA 2012 Presentation: Information ProtectionRSA 2012 Presentation: Information Protection
RSA 2012 Presentation: Information ProtectionSymantec703 Aufrufe15 Folien
DSS ITSEC Conference 2012 - Radware - Protection from SSL DDOS AttacksDSS ITSEC Conference 2012 - Radware - Protection from SSL DDOS Attacks
DSS ITSEC Conference 2012 - Radware - Protection from SSL DDOS AttacksAndris Soroka1K Aufrufe23 Folien
Sophos a-to-z Sophos a-to-z
Sophos a-to-z Cheng Olayvar4.6K Aufrufe53 Folien
Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?
Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?Lumension820 Aufrufe31 Folien

Más contenido relacionado

Presentaciones para ti(19)

RSA 2010 Francis De SouzaRSA 2010 Francis De Souza
RSA 2010 Francis De Souza
guest8a3b501b453 Aufrufe
Ethical hackingEthical hacking
Ethical hacking
Nagarani Nag227 Aufrufe
Honeypot ProjectHoneypot Project
Honeypot Project
Manikyala Rao2K Aufrufe
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
Bill Ross4.6K Aufrufe
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
Radware6.1K Aufrufe
HoneypotHoneypot
Honeypot
Akhil Sahajan373 Aufrufe
Cyber warfare an architecture for deterrenceCyber warfare an architecture for deterrence
Cyber warfare an architecture for deterrence
Bikrant Gautam427 Aufrufe
If You Don't Like the Game, Hack the Playbook... (Zatko)If You Don't Like the Game, Hack the Playbook... (Zatko)
If You Don't Like the Game, Hack the Playbook... (Zatko)
Michael Scovetta784 Aufrufe
Threat Deception - Counter Techniques from the Defenders LeagueThreat Deception - Counter Techniques from the Defenders League
Threat Deception - Counter Techniques from the Defenders League
Avkash Kathiriya432 Aufrufe
20111214 iisf shinoda_20111214 iisf shinoda_
20111214 iisf shinoda_
Directorate of Information Security | Ditjen Aptika399 Aufrufe
Why Risk Management is ImpossibleWhy Risk Management is Impossible
Why Risk Management is Impossible
Richard Stiennon3.1K Aufrufe
MCR X Force 2011 Trend And Risk ReportMCR X Force 2011 Trend And Risk Report
MCR X Force 2011 Trend And Risk Report
mrittmayer5.2K Aufrufe
Mobile Security Mobile Security
Mobile Security
Fresh Digital Group1.5K Aufrufe
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
Michael Davis962 Aufrufe
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantages
amit kumar5.1K Aufrufe
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
Peter Wood456 Aufrufe
Public Private Partnership - Combating CyberCrime Public Private Partnership - Combating CyberCrime
Public Private Partnership - Combating CyberCrime
c0c0n - International Cyber Security and Policing Conference917 Aufrufe
Cyber Threat Intel : OverviewCyber Threat Intel : Overview
Cyber Threat Intel : Overview
Deepak Kumar (D3) 392 Aufrufe
SACON - Deception Technology (Sahir Hidayatullah)SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)
Priyanka Aash3.1K Aufrufe

Destacado(20)

Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application Vulnerabilities
Preetish Panda1.9K Aufrufe
Top 10 Web Hacks 2012Top 10 Web Hacks 2012
Top 10 Web Hacks 2012
Matt Johansen29.5K Aufrufe
Ddos dosDdos dos
Ddos dos
arichoana1.3K Aufrufe
2010-11 The Anatomy of a Web Attack 2010-11 The Anatomy of a Web Attack
2010-11 The Anatomy of a Web Attack
Raleigh ISSA3.4K Aufrufe
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographic
CMR WORLD TECH365 Aufrufe
Using the Zed Attack Proxy as a Web App testing toolUsing the Zed Attack Proxy as a Web App testing tool
Using the Zed Attack Proxy as a Web App testing tool
David Sweigert980 Aufrufe
Top Ten Web Attacks Top Ten Web Attacks
Top Ten Web Attacks
Ajay Ohri6.4K Aufrufe
Hacking Ajax & Web Services - Next Generation Web Attacks on the RiseHacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Shreeraj Shah2.7K Aufrufe
OWASP 2013 APPSEC USA ZAP HackathonOWASP 2013 APPSEC USA ZAP Hackathon
OWASP 2013 APPSEC USA ZAP Hackathon
Simon Bennetts4.2K Aufrufe
cmd injectioncmd injection
cmd injection
hackstuff3.1K Aufrufe
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
Marco Balduzzi11.5K Aufrufe
2014 ZAP Workshop 2: Contexts and Fuzzing2014 ZAP Workshop 2: Contexts and Fuzzing
2014 ZAP Workshop 2: Contexts and Fuzzing
Simon Bennetts2K Aufrufe
The Future of Web Attacks - CONFidence 2010The Future of Web Attacks - CONFidence 2010
The Future of Web Attacks - CONFidence 2010
Mario Heiderich2.9K Aufrufe
Web attacksWeb attacks
Web attacks
husnara mohammad554 Aufrufe
2014 ZAP Workshop 1: Getting Started2014 ZAP Workshop 1: Getting Started
2014 ZAP Workshop 1: Getting Started
Simon Bennetts3.6K Aufrufe
Http Parameter Pollution, a new category of web attacksHttp Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacks
Stefano Di Paola54.2K Aufrufe
OWASP 2014 AppSec EU ZAP Advanced FeaturesOWASP 2014 AppSec EU ZAP Advanced Features
OWASP 2014 AppSec EU ZAP Advanced Features
Simon Bennetts3.7K Aufrufe
IMA - Anatomy of an Attack - Presentation- 28Aug15IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15
Benjamin D. Brooks, CISSP274 Aufrufe
Anatomy of an Attack - Sophos Day Belux 2014Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014
Sophos Benelux2.3K Aufrufe
Automated Targeted Attacks: The New Age of CybercrimeAutomated Targeted Attacks: The New Age of Cybercrime
Automated Targeted Attacks: The New Age of Cybercrime
Stefan Tanase1.3K Aufrufe
Anzeige

Similar a Anatomy of an Attack(20)

2011-10 The Path to Compliance 2011-10 The Path to Compliance
2011-10 The Path to Compliance
Raleigh ISSA407 Aufrufe
Defending Behind the Mobile DeviceDefending Behind the Mobile Device
Defending Behind the Mobile Device
Tyler Shields356 Aufrufe
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12
Symantec9.6K Aufrufe
Cyber crime trends in 2013 Cyber crime trends in 2013
Cyber crime trends in 2013
The eCore Group3K Aufrufe
Declaration of malWAReDeclaration of malWARe
Declaration of malWARe
Scott Sutherland1K Aufrufe
Symantec UbiquitySymantec Ubiquity
Symantec Ubiquity
Symantec1.1K Aufrufe
Spiceworld 2011 - AppRiver breakout sessionSpiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout session
Shane Rice601 Aufrufe
Doten apt presentaiton (2)Doten apt presentaiton (2)
Doten apt presentaiton (2)
Jeff Green569 Aufrufe
Maximize Computer Security With Limited RessourcesMaximize Computer Security With Limited Ressources
Maximize Computer Security With Limited Ressources
Secunia649 Aufrufe
Final presentation of IT security projectFinal presentation of IT security project
Final presentation of IT security project
Armandas Rokas1.4K Aufrufe
Targeted Attacks: Have you found yours?Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?
Trend Micro (EMEA) Limited347 Aufrufe
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP Ireland
Tyler Shields599 Aufrufe
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotDefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
Shah Sheikh804 Aufrufe
Offensive malware usage and defenseOffensive malware usage and defense
Offensive malware usage and defense
Christiaan Beek5.1K Aufrufe
Targeted Attacks: Have you found yours?Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?
Trend Micro (EMEA) Limited491 Aufrufe
S series presentationS series presentation
S series presentation
Sergey Marunich2K Aufrufe
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
Carl B. Forkner, Ph.D.646 Aufrufe
Ethical hacking : Beginner to advancedEthical hacking : Beginner to advanced
Ethical hacking : Beginner to advanced
Kavin K57 Aufrufe
Crack the CodeCrack the Code
Crack the Code
InnoTech1.2K Aufrufe
Cyber SecurityCyber Security
Cyber Security
frcarlson477 Aufrufe

Último(20)

Information Communication and Technology (ICT’s) Application in Agriculture.pptxInformation Communication and Technology (ICT’s) Application in Agriculture.pptx
Information Communication and Technology (ICT’s) Application in Agriculture.pptx
toran6070 Aufrufe
Azure Pizza as a Service ModelAzure Pizza as a Service Model
Azure Pizza as a Service Model
Carlo Sacchi0 Aufrufe
Storage Capacity Management on Multi-tenant Kafka Cluster with Nurettin OmerogluStorage Capacity Management on Multi-tenant Kafka Cluster with Nurettin Omeroglu
Storage Capacity Management on Multi-tenant Kafka Cluster with Nurettin Omeroglu
HostedbyConfluent0 Aufrufe
Swift -cscf-v2021.pdfSwift -cscf-v2021.pdf
Swift -cscf-v2021.pdf
ssuserfccd0d10 Aufrufe
Future Tech Insights.pdfFuture Tech Insights.pdf
Future Tech Insights.pdf
JackHung290 Aufrufe
Memory Matters: Drift Detection with a Low Memory Footprint for ML Models on ...Memory Matters: Drift Detection with a Low Memory Footprint for ML Models on ...
Memory Matters: Drift Detection with a Low Memory Footprint for ML Models on ...
HostedbyConfluent0 Aufrufe
SEKISUI - RFID Journal Live - May 2023.pdfSEKISUI - RFID Journal Live - May 2023.pdf
SEKISUI - RFID Journal Live - May 2023.pdf
Rich Rogers0 Aufrufe
KPIs&Goals.pdfKPIs&Goals.pdf
KPIs&Goals.pdf
mennaHendy0 Aufrufe
Apache Flink on Kafka: Reliable Data Pipelines Everyone Can Code with Ela DemirApache Flink on Kafka: Reliable Data Pipelines Everyone Can Code with Ela Demir
Apache Flink on Kafka: Reliable Data Pipelines Everyone Can Code with Ela Demir
HostedbyConfluent0 Aufrufe
Bench, a Framework for Benchmarking Kafka Using K8s and OpenMessaging Benchma...Bench, a Framework for Benchmarking Kafka Using K8s and OpenMessaging Benchma...
Bench, a Framework for Benchmarking Kafka Using K8s and OpenMessaging Benchma...
HostedbyConfluent0 Aufrufe
Dataflows for Machine Learning Operations with Alex Rakowski & Andrei PaleyesDataflows for Machine Learning Operations with Alex Rakowski & Andrei Paleyes
Dataflows for Machine Learning Operations with Alex Rakowski & Andrei Paleyes
HostedbyConfluent0 Aufrufe
Material Requisition for 2" Autonomous Robotic Fire Suppression System for We...Material Requisition for 2" Autonomous Robotic Fire Suppression System for We...
Material Requisition for 2" Autonomous Robotic Fire Suppression System for We...
RogerJames250 Aufrufe
Unveiling the Inner Workings of Apache Kafka® with Flamegraphs with Christo L...Unveiling the Inner Workings of Apache Kafka® with Flamegraphs with Christo L...
Unveiling the Inner Workings of Apache Kafka® with Flamegraphs with Christo L...
HostedbyConfluent0 Aufrufe
Excel 2010.docxExcel 2010.docx
Excel 2010.docx
RobertoMarcelinodaSi10 Aufrufe
Plant Disease Detection.pptxPlant Disease Detection.pptx
Plant Disease Detection.pptx
vikasmittal920 Aufrufe
Generate Art with DALL·E 2 and Twilio MMS.pptxGenerate Art with DALL·E 2 and Twilio MMS.pptx
Generate Art with DALL·E 2 and Twilio MMS.pptx
Elizabeth (Lizzie) Siegle0 Aufrufe
Power futures.pptxPower futures.pptx
Power futures.pptx
ssuser17d4710 Aufrufe
Intelligent, Automatic Restarts for Unhealthy Kafka Consumers on Kubernetes w...Intelligent, Automatic Restarts for Unhealthy Kafka Consumers on Kubernetes w...
Intelligent, Automatic Restarts for Unhealthy Kafka Consumers on Kubernetes w...
HostedbyConfluent0 Aufrufe
Refactr.tech.pptxRefactr.tech.pptx
Refactr.tech.pptx
Elizabeth (Lizzie) Siegle0 Aufrufe
PIAIC.pdfPIAIC.pdf
PIAIC.pdf
IrfanAslam550 Aufrufe
Anzeige

Anatomy of an Attack

  1. Anatomy of an Attack Understanding the means and motivation of your enemies Johnathan Norman Director of Security Research Alert Logic
  2. Whoami • Director of Security Research @ Alert Logic – Manage investigations – Responsible for “0day” coverage – Vulnerability analysis and discovery • Exploit Developer • 10+ years monitoring networks • Winner of a few CTF’s – Netwars All-Star challenge
  3. Agenda Old & New Enemies Thinking like the attacker Real world example Best Practices
  4. If you know your enemies and know yourself, you will not be imperiled in a hundred battles… - Sun Tzu
  5. The Actors • Hacktivists – Anonymous, LulzSec etc… • Cyber Criminals – Impact 73% of online users1 • Government – Stuxnet anyone? 1 Norton Cyber Crime Report 2010
  6. Traditional Attacks Hacker Profile – Talented individual – Young, bored Motivation – To prove a point – Curiosity – Credibility Attack Methods – Worms targeting memory vulns in network services – Attack payload not usually customized
  7. Modern Attack Profile Hacker Profile – Organized Crime – Dedicated teams who are paid – Teams often work for criminal organizations as a career Motivation – Targeted attack for financial gain – Desire anonymity Attack Methods – Vulnerable web applications – Client side applications – Malware used to keep control
  8. Cybercrime Market The Numbers – Global computer crime market estimated to be $7B in 20102 – Russia responsible for $2.5B – Growing ~35% per year overall Interesting Trends – Increase of specialization of participants – On-Demand and Pay-Per-Use services – Developing C2C market 2Group-IB Report - 2010
  9. Roles Role Description Malware Developers Develop kits to control owned systems and steal data Rootkit Developers Develop advanced software to hide presence of malware Traditional Hackers Search for vulns, write and sell exploits to pack vendors Distributors Find ways to install malware kits on as many victims as possible Hosting Providers Hosting with few restrictions Misc Tools Developers Executable packers and obfuscators Organization Leaders Assemble teams and influence PPI prices per country
  10. Crime Pays Stolen Assets/Criminal Activity Payout Credit Card Details $5-10, expected $1-2 post PSN Bank Credentials $80-$700 Bank Transfers 10% to 40% of amount transferred Social Security Numbers $30-50 0Day Exploits $5000 - $100,000 Exploits for published vulnerabilities $5000 – $50,000 Exploit Packs $200 – $5,000 Malware Pay-Per-Install Up to $1.50 for US victims, $0.15-0.60 for other countries
  11. Agenda Old & New Enemies Thinking like the attacker Real world example Best Practices
  12. Hacking 101 • The 3 Questions – What do I have – What do I know – What is my target? • The Process – Reconnaissance – Discovery – Mapping – Exploit
  13. The World is Yours My Skills – P2P networking – Defacing websites The Plan – Get paid distributing malware
  14. How it Works – The Business Model Register With Cybercrime Group 2 Data Sold Wholesale 5 BLACK MARKET Purchase Malware Pack CYBERCRIME GROUP 1 6 Payment Made 4 Infected Users Send Data to Group DISTRIBUTOR Infect Users, P2P 3 seeding, XSS VICTIMS
  15. What do I get? Malware likely based on TDSS – First widely used x64 rootkit for Windows Vista and Windows 7 – Kernel mode rootkit – Modified binaries generated on-demand to avoid AV detection Choosing an Affiliate – Pay-Per-Install model – Reputation – Claim up to US $7000 per day – Phone support provided with personal account manager
  16. The Final Touches Binary Modification Tool Anti-Virus Bypass
  17. Delivery/Attack Surface Infection Method Difficulty Effectiveness Websites Easy Good P2P Networks Easy Medium SPAM Easy Medium Paid Ads Medium Medium Phishing Easy Poor Traditional Network Exploit Difficult Poor Blackhat SEO Medium Medium Cross Site Scripting ‐ Most sites are vulnerable ‐ Easy to find and users trust the websites SQL Injection ‐ Easy to find ‐ Very common Source: Veracode State of Software Security Report, April 2011
  18. Agenda Old & New Enemies Thinking like the attacker Real world example Best Practices
  19. Open SMB shares/ Weak Passwords Web App Vulnerability Netbios Open RDP Spear phishing
  20. Agenda Old & New Enemies Thinking like the attacker Real world example Best Practices
  21. Limit Your Exposure Lifecycle of a Threat Risk Patch is Released RISK = Vulnerabilities x Assets x Threats Risk Reduction Framework OBJECTIVE -> REDUCE RISK # of Vulnerable Limit Exposure Assets Policy Review Patch Management Vulnerability Scanning Monitor Be Aware of Known Vulnerabilities Risk Threshold Daily IDS/Log Data Review Know your network! Educate Users Awareness Training Time Management Focus on Security Exploit is Public Vulnerability Automated Passé Discovered Exploit
  22. Tools or Expert Help?
  23. Remember the Questions… • 3 Questions – What do I have – What do I know – What is my target? • Penetration testing helps
  24. Defending Users AV Isn’t Enough – Malware evolves ahead of AV signatures – 60% of malware is undetected by AV Education – At least half of the executables on P2P network infected – Don’t install software from untrusted sources – Safe browsing – Flash drives
  25. Key Takeaways 0day is rarely the average users weak point Tools are not always the solution Focus on your attack surface, not the latest news Antivirus will not save you! educate users
  26. Next Generation Mobile Devices – Full blown operating systems with IP stacks – Security posture like OS’s in the 90’s – High-speed 4G Internet connectivity – get owned faster! – Malware in Android market (50+ apps) – Users connect to the office wifi
  27. Q&A jnorman@alertlogic.com @spoofyroot http://www.alertlogic.com/blog

Hinweis der Redaktion

  1. hello!my name is JM and i am on the research team at alert logictoday we’ll be talking about how organized groups have come to dominate the computer crime scene
  2. first i’m going to cover the differences between the attackers at work today vs. what we saw 5 years agothen we’ll talk about how modern organizations are structured and how they operate,finally we’ll look at what you need to do to minimize your risk as an IT manager and also as a user with your own data to protect.
  3. this is a quote from the art of warhighly regarded, but w/comp crime landscape, optimisticthe idea is the same... in order to defend against skilled & highly motiv. attackers,your security team needs to know what they’re up against,as well as having an realistic understanding of their own capabilities and limitationsraise your hand if you have ever had your credit card number stolen?ok...who has ever exposed patient or customer information as a result of a network intrusion?haha, it’s ok no one ever wants to admit that in public... hahahathat sort of thing can seriously damage a company’s reputation, like we’re seeing now with Sony.S: everyone is familiar w/the stereotypical hacker
  4. You have 3 primary groups of actors to worry about.. This is not an exhaustive list but does account for the majority of malcious activity
  5. young student, bored, maybe problems with authoritythink it’s cool, looking for a challenge, out defacing websites of organizations they disagree withunlikematthewbroderick, none of the guys i knew who were writing dos viruses at 16 ever had a girl in their bedroomskorgo, sasser, mostly static payload built & released to run its courseS: things have changed a lot since then
  6. overwhelming majority of attacks are carried out by professional teams who do it for a livingonly goal is to control as many computers as they can to steal as much data as possiblethey can use or sell wholesalenot making noise, not defacing websitesremain undetected as long as possibletarget vulns in client appsS: it’s working really well
  7. business is booming, 7B last year, russia 1/3 and growing 35% per yearw/that growth the business models evolve like the legit IT industryppl are taking on specialized roles either to limit personal risk or maximize profit within the context of their personal situation.This is a business and like any other business the goal is to make as much money possible while spending the least amount of money
  8. MW Dev – build custom C&C software w/dev kits to embed it in 3rd party executablesppl would want to installDistributors – equiv to the corner drug dealer, lower on the food chain, not the most skilled, these are the guys in direct contact with the target systems when you find malware on a system, it was often put there by a distributor who didn’t actually write itHosting providers – liberal AUP, often only up for a short period of time before they are shutdown unless hosted in safe haven countriesS: so how much money are these guys making?
  9. Credit cards – influenced by supply/demand, Sony PSN +70M cards stolen, if majority are valid & dumped on market, would push prices way downExploit packs cover multiple vulns, price based on ageAffiliate programs – in the same way banner ads, browser toolbars affiliate programs developed in the 90’s with pay-per-view and pay-per-click models, malware install affiliate programs have sprung upSegue: I’m a young unemployed ukranian guy & i want in on the action
  10. first i’m going to cover the differences between the attackers at work today vs. what we saw 5 years agothen we’ll talk about how modern organizations are structured and how they operate,finally we’ll look at what you need to do to minimize your risk as an IT manager and also as a user with your own data to protect.
  11. Hacking is really about answering 3 questions and each time you get to a new step you repeat the process .. More on this later in our example
  12. This is a screenshot of the old Dogma Millions website. This has since been taken down but you can see from the graphics the msg they send.Work for us & you can drive your own Porsche SUV on a blue water beach with Victoria’s Secret modelsSegue: unfortunately the English language sites aren’t as creative...
  13. Payperinstall.com is a clearinghouse for pay per install groupsyou sign up with a affiliate, they provide a custom set of executables embedded with your affiliate IDfor every US machine you get the malware installed on, you get a dollar10,000 machines = $10,000
  14. PPI – lower rate, always paid per install, similar to pay-per-click banner advertisingAlternatively, programs where you simply take a cut of the revenue generated from selling the stolen data. The potential payout is higher here, but the risk of your affiliate skimming is high too.
  15. reputation is important – you can’t call the police if your affiliate doesn’t pay out or they are obviously skimming
  16. Once you have your malware packs, you have a # of choices of how to get it installed.
  17. So now that you have everything you have to find the most effective way to spread your malware.
  18. This is a high level network diagram of an actual client which is a major hospital . The data is from a recent investigation of the compromise that was completed last week.. So lets see how this compares to the previous scienario I mentioned above..
  19. Ok so now I gave you the spill on the actors.. How do you handle this situation.
  20. This is a lifecycle model for a vulnerability taken from a grad students thesis . One of the common mistakes users make is focus their defenses heavily on 0day attacks. But this diagram shows that the most commonly exploited vulnerabilities are actually patched flaws that have been in the wild for quite some time. Publicly known vulnerabilitys are your actual risk
  21. left 2 columns are publishedvulns from oldest to newest, 2003 to 2010columns on the right are examples of exploit packs and which vulns they targetMost of these vulnerably are old and have assigned CVE’s
  22. Tools are a critical part of your defense, but they are useless without expertise and guidance.Simply having a firewall and an IDS device will not do much in the face of today’s attackers if you don’t have the people in place with the expertise to interpret what the tools are telling you.
  23. Tools are a critical part of your defense, but they are useless without expertise and guidance.Simply having a firewall and an IDS device will not do much in the face of today’s attackers if you don’t have the people in place with the expertise to interpret what the tools are telling you.
  24. Education – sounds extremely basic but some people don’t knowBrowsing – browsers are complex pieces of software & they all have holes, The majority of owned desktop systems I’ve seen were used by avid IE usersI use firefox, automatic updates and a number of plugins that improve your security like NoScript and RequestPolicythese tools can defeat CSRF and some XSS attacks even though the webapps you use are vulnerable.Filtering web proxies
  25. Cell phones are big brothers wet dream. Can track users within a few meters and running full blown operating systemsIn fact Verizon just changed their TOS so they can sell your location data
Anzeige