Embed Size (px)
Citation preview
2
THE UNDERGROUND ECONOMY 3.0THE NEVERENDING STORY
EDDY WILLEMSSECURITY EVANGELIST DIRECTOR EICAR – AMTSO - LSEC
Over 400.000 new malware samples each day Over 400.000.000 malware ... Invisible: Money Gain => Cybercrime!
THE PROBLEM
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 3
WHAT CYBERCRIMINALS REALLY WANT?
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 4
‘THE TOOL’ OF A CYBERCRIMINAL: BOTNETS
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 5
BOTNET, EVERYTHING WHAT THE CRIMINAL WANT
High Internet Bandwidth- Spam and Phishing- DDoS attacks- The Cloud misuse
Specific money targets (in the cloud)- Emails- Bankaccounts, Paypal, accounts with low authentication
Other money targets (on disk)- Steam accounts- Bitcoin wallets
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 6
HOW DO WE GET INFECTED: THE SECOND LAW (OF WILLEMS)
CBP = TF x HFCBP = Cybersecurity Problem
TF = Technological Factor (malware, mal.links, exploits, etc)HF = Human Factor (fear, curious, naive, money gain, etc)
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 7
PRIVATE DATA: DRIVING FACTOR OF CYBERCRIME!
Email address- Spam- Phishing- Infections
Email accounts- Fraude and misuse contacts- ID Theft- Access to other accounts (Social Media, e-commerce…)
Bank data- Illegal purchases- Online banking fraude
Targeted attacks- Every data can be (mis)used and is interesting to sell: docs(word,xls,ppt,pdf), pics, etc …
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 8
9
ESSENTIAL PLATFORM FOR CYBERCRIME
BLACKMARKET
WHY A BLACKMARKET ?
Know your enemy- Technical Trends- Marketing possibilities- New exploit codes
Information gathering- About detection- Learn about the seller or designer
Measuring the level of threat- Growth of codes- Changes in supply and prices
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 10
BLACKMARKET SYSTEM (BUYING AND/OR SELLING)
Botnet Eco-System
Services:Spam, Phishing,Botnet, Ransom, Spyware, DDoS…
Products:Exploits, Tools,(private) Data,Weapons, Drugs,Illegal ID’s …
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 11
SPECIALISED BLACK MARKETS
To do a proper attack a cybercriminal needs - Knowledge- Data - Tools
Most of them only knows parts of it Everything can be found in the underground forum
and markets if you look carefully
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 12
SOME PLACES IN THE UNDERGROUND
SilkRoad Reloaded DeepBay Pandora Agora And several WebShop…
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 13
WITH DIFFERENT RIGHTS AND PERMISSIONS
Available at Deep Web Access via TOR or I2P Some stuff is free
- Webshops- Large variety
Other stuff isn’t free- Depending on your reputation- A new buyer has to prove himself- All over encrypted email/boards
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 14
PRICING THE TOOLS: PARTS OF MALWARE FOR THE EXPERTS
RAT : Control the System
Stealer : Information gathering and copy
Crypter : tool to encrypt documents, etc automatically
Bot : Total package including several options
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 15
PRICING SERVICES: YOU DON’T NEED TO BE AN EXPERT!
Installation of malware on 1000 machines
Camouflage technique to avoid detection with Antivirus
DDoS : attack per hour/day/week
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 16
17G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015
MARKETING !!! INFOGRAPHICS
18
EVERYTHING FOR EVERY PRICE
SALES ON THE BLACKMARKET
THE PRICE OF (YOUR) PRIVATE DATA ON THE BLACKMARKET
70 $ Complete ID 50 $
Bank Account
0,000075 $
Email Address
0,0005 $
Email account
50 $
Paypal account
50 $
Credit Card
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 19
BUYING/SELLING ON THE BLACKMARKET
E-commerce Credit cards
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 20
BUYING/SELLING ON THE BLACKMARKET
E-commerce Paypal accounts
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 21
BUYING/SELLING ON THE BLACKMARKET
E-commerce Illegal documents and ID’s
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 22
BUYING/SELLING ON THE BLACKMARKET
E-commerce Weapons
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 23
BUYING/SELLING ON THE BLACKMARKET
E-commerce Drugs
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 24
FROM VIRTUAL TO REAL MONEYINJECTING THE MONEY IN THE REAL WORLDMONEY LAUNDERING
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 25
TRANSFORMING FROM VIRTUAL TO REAL MONEY
MONEY MULES:- Transferring money from one account to
another and get a fee (eg. 5% )- Let others use your account to transfer
money and earn money USE PROXY MONEY MULES
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 26
TRANSFORMING FROM VIRTUAL TO REAL MONEY
HOUSE DROPS – DROP ZONES
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 27
TRANSFORMING FROM VIRTUAL TO REAL MONEY
Credit card accounts can be credited with virtual money: withdraw money
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 28
VIRTUAL MONEY: THE NEW WAY
Over 100 virtual money ‘coins’ Used in several ways
- Depending on the marketplace - Depending on the country
Transactions can easily be done Anonymisation of the bank account holder
Virtual money is ideal to start with in these parallel worlds and market places
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 29
TRANSFORMING FROM VIRTUAL TO REAL MONEY
Distribution Network of ATM Bitcoin machines
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 30
TRANSFORMING FROM VIRTUAL TO REAL MONEY
Online gambling industry not really worried
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 31
32
HUMAN AWARENESS IS THE FIRST IMPORTANT SECURITY MEASURESECURITY PACKAGES AT EVERY OS/SYSTEM, UPDATES, BACKUPS, ETC…
TOOLS AGAINST CYBERCRIMINALS
I WAS NOT EXAGERATING ABOUT THE CARS… SOME EXAMPLES
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 33
SOMETIMES …
Original Silk Road Owner : Ross Ulbricht sentenced to life in 2015 (earned 187 Million dollars)
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 34
MOST USEFUL TOOL: ARRESTMENTS ARE SUCCESFUL
THANK YOU!QUESTIONS?
TWITTER: @EDDYWILLEMS
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 35
