Upload
vudat
View
220
Download
2
Embed Size (px)
Citation preview
SESSION ID:SESSION ID:
#RSAC
Alex Holden
Hackers Interrupted
CCT-W05
Chief Information Security OfficerHold Security, LLC@HoldSecurity
#RSAC
Understanding Hackers
2
Why is this important?
Can this stop cyber crime?
Transcending technology
#RSAC
What is a Threat to You
5
Defamation and Reputation Loss
Stolen Secrets
Stolen Data
Availability
#RSAC
Learn to be a Hacker
6
Carding UniversityVirtual Carding Basics
Hacker University
Job After Graduation
Professor’s Insight
#RSAC
Hackers’ View of Us
7
Tessa88: Foreignersthe common folkI despise themthey are garbage to me
War of stereotypes“I’m fighting a holy war against the West… They drive their Rolls Royce's and go home to their million-dollar houses, while people here are struggling. I will never harm my fellow Slavs; but America, Europe, and the rest of the world deserve it.”
- aqua (jabberzeus)
#RSAC
Target Retail Stores Breach
8
Kartoxa POS Malware author - Rinat Shabaev was looking for a regular job programming, asking for about 12 USD per hour. After failing to find a job, he is recruited to write a virus that steals financial data from 40 million victims.
#RSACSan Francisco Municipal Transport Agency Ransomware Attach
12
What Happened?
Hacker Techniques
Who Is To Blame?
How To Defend?
#RSAC
The Russians Did It
13
Yandex Mail Messages
Russian Phone Numbers
х Language Preferences
х Access Techniques
#RSAC
Hackers Setup
14
Discovery and Attack ServerScan the Internet
Exploit
Explore
Infection Server
Extort and Communicate
#RSAC
San Francisco Light Rail Ransomware
15
Metropolitan area railroad transportation system paralyzed from Ransomware attack sourced from Iran
#RSAC
Target the Internet
16
Scans of 4.0.0.0/8 network (Layer 3)Scan of 75.0.0.0/11 network (AT&T)
Found 75.10.2xx.xxx target SFMTA Oracle Primavera Server
Exploited vulnerability
Identified a network with 8,000+ systems
Continued scanning US, Iran, and other networks.
#RSAC
Who is the Real Tessa88?
18
Hacker sells stolen credentials from major breaches. Creates instability by exposing billions of accounts, and lying about Twitter and Yahoo breached data.
#RSAC
Drugs
20
HiroshimaAlso called “Atomic Bomb” or “Atomic Blast”
Contains synthetic cannabinoid products like JWH-018
#RSAC
While in Prison
22
I see a dreamI am DROWNING
My heart beats fastI want to ESCAPETake a deep breath
This is only a dreamOnly a NIGHTMARE
I see myselfI am a bird flying so high
I wake up I am still in SHOCK
White pillowBed CAGEI am LOCKED UP
My mood is dimWorld disappeared This is my reality now
#RSAC
Malware Tech – Marcus Hutchins
24
Transformation from hacker to a security researcher
2009 – Selling password stealers and scareware
2012-2014 – Distribution and reselling of viruses and exploit kits
2014 – Emergence of a researcher alter ego
2017 – Accidental discovery of WannaCry killswitch.
#RSAC
Understanding Hackers
25
Hackers are human with faults
Hackers are ruthless
Hackers are innovative
Understanding the human side of a hacker leads to improvement of our defenses
#RSAC
Defense Techniques
26
Learn about your enemy
Tune your defenses toward the threat
Fortify against hackers NOT auditors
#RSAC
Using Knowledge to Discourage Hackers
28
Increase complexity required for an attack to make your infrastructure the most unhospitable and fruitless for an attacker.
Create HoneyPots in systems, applications, functions, and data as early identifiers for on-going attacks or exploitations.
Use Threat Intelligence as a defense technique. Understand the Dark Web. Stay ahead of the adversary by adapting your defenses to their attack techniques.