Upload
sumant-luhar
View
234
Download
0
Embed Size (px)
Citation preview
7/29/2019 Cote Fp Aversion 3
1/33
www.secureworks.com Page 1
The Information Security Experts
Copyright 2009 SecureWorks, Inc. All rights reserved.
Cyber Threats
Mike Cote
Chairman and CEO
7/29/2019 Cote Fp Aversion 3
2/33
How many hits
does a search
for the term
'Hacker' in
Google replywith?
183,000,000
7/29/2019 Cote Fp Aversion 3
3/33
www.secureworks.com Page 3
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
Black Hat
Welcome to DEFCON, the Largest
Underground Hacking Convention in ...
Information about the largest annual
hacker convention in the US, including
past speeches, video, archives, and
updates on the next upcoming show as
well as ...
www.defcon.org/ -
2600 The Hacker Quarterly Conferences -
http://www.defcon.org/http://www.defcon.org/http://www.defcon.org/http://www.defcon.org/http://www.defcon.org/http://www.defcon.org/http://www.defcon.org/http://www.defcon.org/7/29/2019 Cote Fp Aversion 3
4/33
www.secureworks.com Page 4
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
Hackers - First Generation Lone Wolf
Chen Ing-Hau, 24, Taiwan
Arrested September 15, 2000
CIH (Chernobyl) Virus
Jeffrey Lee Parson, 18, USA
Arrested August 29, 2003
Blaster Worm ('B' variants only), DDoS
Sven Jaschan, 18, Germany
Arrested May 7, 2004
NetSky (Sasser) Worm
Kevin Mitnick
January 21, 1995Compromised, DEC, IBM, HP, Motorola, PacBell, NEC, .
7/29/2019 Cote Fp Aversion 3
5/33
www.secureworks.com Page 5
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
Cyber Criminals - Proof of Concept for making $
Jeanson James Ancheta, 24, USAArrested November 3, 2005
Rxbot zombie networks for hire (spam and DDoS)
Farid Essebar, 18, Morocco
Arrested August 25, 2005Mytob and Zotob (Bozori) Worms
Atilla Ekici, 21, Turkey
Arrested August 25, 2005
Operating Mytob and Zotob botnets
7/29/2019 Cote Fp Aversion 3
6/33
7/29/2019 Cote Fp Aversion 3
7/33www.secureworks.com Page 7
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
Cyber Crime Goes Big Time
Yaron Bolondi, 32, Israel
Arrested March 16, 2005
London branch of Japan's Sumitomo
Mitsui Bank Worked with insiders through
Aharon Abu-Hamra, a 35-year-old
Tel Aviv resident
Injected a Trojan to gathercredentials to a transfer system
Attempted to transfer 220 million
into accounts he controlled around
the world
13.9 million to his own businessaccount
7/29/2019 Cote Fp Aversion 3
8/33www.secureworks.com Page 8
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
Indicted on Aug 17, 2009
Stole 130,000,000 credit card numbers
Worked out of Miami his one flaw
Worked as an international organized cybercrime group 3 in the Ukraine
Including Maksik who earned of $11m between 2004-2006
2 in China
1 from Belarus
1 from Estonia
1 from unknown location that goes by Delperiao
Albert Gonzalez Segvec, Soupnazi, J4guar
8
7/29/2019 Cote Fp Aversion 3
9/33www.secureworks.com Page 9
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
Identity Theft Market Rates
Item PriceUS-Based Credit Card (with CVV) $1 - $6
Full identity (ssn, dob, bank account, credit card, ) $14 - $18
Online banking account with $9,900 balance $300
Compromised computer $6 - $20
Phishing Web site hosting per site $3 - $5
Verified Paypal account with balance $50 - $500
Skype Account $12World of Warcraft Account $10
7/29/2019 Cote Fp Aversion 3
10/33www.secureworks.com Page 10
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
$0
$2,000
$4,000
$6,000
$8,000
$10,000
$12,000
$0
$200,000
$400,000
$600,000
$800,000
$1,000,000
$1,200,000
Before 2000 2000 - 2003 2003 - 2005 2005 to Present
Criminal Gains
Victim Loss
Lone Ranger FriendsCriminal
Organizations
CriminalGangs
Cyber Crime Trends
7/29/2019 Cote Fp Aversion 3
11/33www.secureworks.com Page 11
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
Number of attacks monitored by SecureWorks
11
7/29/2019 Cote Fp Aversion 3
12/33www.secureworks.com Page 12
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
Criminal to CriminalC2C
Selling malware for "researchonly
Manuals, translation
Support / User forums
Language-specific
Bargains on mutation engines
and packers
Referrals to hosting companies
Generally notillegal
Operate in countries that shieldthem from civil actions
Makes it easy to enter the
cybercrime market
C2C: Malware/Phishing KitArms Suppliers
7/29/2019 Cote Fp Aversion 3
13/33www.secureworks.com Page 13
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
C2C Distribution & DeliveryForce Suppliers
7/29/2019 Cote Fp Aversion 3
14/33www.secureworks.com Page 14
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
C2C ExploitIntelligence Dealers
7/29/2019 Cote Fp Aversion 3
15/33www.secureworks.com Page 15
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
C2C: Bot ManagementTurn Key Weapons Systems
76service, Nuklus Team
Botnet Dashboards
7/29/2019 Cote Fp Aversion 3
16/33www.secureworks.comPage 16
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
Driving Factors Behind Cyber Crime
Profitable
Low risk
New services to exploit
Easy (technically)
Easy (morally you never meet the victim)
Picture provided byenergizer hacking group
90 day project take$300,000 - $500,000
7/29/2019 Cote Fp Aversion 3
17/33www.secureworks.com Page 17
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Cyberwarfare
Cyberspace is a warfighting domain.- Lt. General Robert Elder, Commander 8th Air Force
7/29/2019 Cote Fp Aversion 3
18/33www.secureworks.com Page 18
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
In 2007, the FBI reported that there were 108
countries with dedicated cyber-attackorganizations seeking industrial secrets.
http://csis.org/files/media/csis/pubs/081028_threats_working_group.pdf
18
http://csis.org/files/media/csis/pubs/081028_threats_working_group.pdfhttp://csis.org/files/media/csis/pubs/081028_threats_working_group.pdf7/29/2019 Cote Fp Aversion 3
19/33www.secureworks.com Page 19
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
Adversaries that cannot match U.S. conventional military strength
have an incentive to employ asymmetric strategies to exploit our
vulnerabilities
Institute for Security Technology Studies at Dartmouth College
The Chinese want to dominate this information space. So, they want
to develop the capability of attacking our "information advantage"while denying us this capability
Mike McConnell Director of National Intelligence
Leveling the playing field
7/29/2019 Cote Fp Aversion 3
20/33www.secureworks.com Page 20
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
Most skilled vulnerability researchers in the world
Very capable at command & control networks
Objective is to steal intellectual property
Information warfare
as a tool of war, as a way to achieve victory without war
as a means to enhance stability.
Strategy
100 Grains of Sand infiltrate as many networked systems aspossible and lie in wait for sensitive data and/or command and
control access.
China
20
7/29/2019 Cote Fp Aversion 3
21/33www.secureworks.com Page 21
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
Whitehouse email compromised Nov, 2008
21
7/29/2019 Cote Fp Aversion 3
22/33www.secureworks.com Page 22
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
The federal government reported 18,050
cybersecurity breaches in fiscal year 2008
Source: Department of Homeland Security
22
7/29/2019 Cote Fp Aversion 3
23/33
www.secureworks.com Page 23
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
Compromise reported April
2009, started as early as 2007
$300 Billion project costliest
in US DOD history
Several Terabytes of datastolen about electronic
systems
Most sensitive secrets not
compromised
Source of attacks appear to
be China
Joint Strike Fighter
23
United States is under cyber-attack
virtually all the time, every day- Robert Gates Secretary of Defense
http://www.ft.com/cms/s/0/2931c542-ac35-11dd-bf71-000077b07658.html?nclick_check=17/29/2019 Cote Fp Aversion 3
24/33
www.secureworks.com Page 24
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
Russian has been relatively silent on its
Strategy for Cyberwar
Cyber-Activism
Estonia
Lithuania
Ukraine
Cyber-War
Chechen Rebels during NordOstHostage Crisis
Georgia Conflict
Krgyzstan
Russia
24
7/29/2019 Cote Fp Aversion 3
25/33
www.secureworks.com Page 25
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
300 Lithuanian Web sites defaced with SovietSymbols by Russians after Lithuanian law banned
use of Soviet symbols
Ukrainian Presidents website hacked after
expressing interest in joining NATO
Estonia knocked offline
for moving a Soviet EraWWII war memorial
Cyber-Activism Proof of Concept
25
7/29/2019 Cote Fp Aversion 3
26/33
www.secureworks.com Page 26
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
CyberWarfare Russian Georgia Conflict - IWar
Physical and cyber warfare
operations coincided with the final
"All Clear" for Russian Air Forcebetween 0600 and 0700 on August
9,2008
Physical and cyber warfare shared
targets, media outlets and local
government communication
systems in the city of Gori
Further cyber warfare operations
against new targets in Gori
coincided with traditional physical
warfare target
7/29/2019 Cote Fp Aversion 3
27/33
www.secureworks.com Page 27
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
Russia's Cyber MilitiaDistribution of Bots
7/29/2019 Cote Fp Aversion 3
28/33
www.secureworks.com Page 28
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
StopGeorgia.ru
28
Hosted by SoftlayerinPlano Texas.
h f l S k
7/29/2019 Cote Fp Aversion 3
29/33
www.secureworks.com Page 29
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
July 4 July 9, 2009 DDOS Attacks
Approximately 20,000 attacking
hosts (at $0 cost to the attacker)
Most attacking hosts were in
South Korea
Popular Peer to Peer filesharing
network in South Korea hacked to
spread malware and enlist
machines to attack
Many government critical
infrastructure sites down for
several days
www.dhs.gov
www.dot.gov
www.faa.gov
www.ftc.gov
www.nasdaq.com
www.nsa.gov
www.nyse.com
www.state.gov
www.usps.gov
www.ustreas.gov
www.voa.gov
www.whitehouse.gov
www.defenselink.mil
Fourth of July DDoS attacks
finance.yahoo.com
travel.state.gov
www.amazon.com
www.usbank.com
www.yahoo.gov
www.marketwatch.com
www.washingtonpost.com
www.usauctionslive.gov
www.umarketwatch.com
j
7/29/2019 Cote Fp Aversion 3
30/33
www.secureworks.com Page 30
The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.
Destruction of a $1M power
generator by compromising
the control network for thegenerator
DHS Project Aurora
http://www.youtube.com/watch?v=fJyWngDco3g
Project Aurora
30
S f C b A k d h bl
7/29/2019 Cote Fp Aversion 3
31/33
www.secureworks.com Page 31
The Information Security Experts
Copyright 2009 SecureWorks, Inc. All rights reserved.
There are no international boundaries on the Internet
There are safe havens for criminals where they may operate withoutconsequence. Some havens provided in return for services or technology
Governments enlisting the services of traditional cybercrime criminals to advance
their information warfare capabilities.
Governments funding training programs for information warfare
Cost of CyberAttacks is decreasing, effectiveness is increasing.
Cyberspace is part of the battlefield of the 21st Century
State of Cyber Attacks and the problems
31
B l f Mili Mi h ?
7/29/2019 Cote Fp Aversion 3
32/33
www.secureworks.com Page 32
The Information Security Experts
Copyright 2009 SecureWorks, Inc. All rights reserved.
Release of Dams
Disruption of air traffic flow
Destruction of power substations
Disruption of First Responders and Emergency services during a
terrorist attack
Integrity in the financial system leading to lack of consumer
confidence
Disruption of law enforcement and tainting of evidence
Corruption, tainting of food supply
Balance of Military Might?
32
7/29/2019 Cote Fp Aversion 3
33/33
The Information Security Experts
Copyright 2009 SecureWorks Inc All rights reserved
Questions?