Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. The Elusive Enemy - Cybercrime Duane Barraugh SecureWorks.

Published byBernice Nash Modified over 7 years ago

Similar presentations

Presentation on theme: "The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. The Elusive Enemy - Cybercrime Duane Barraugh SecureWorks."— Presentation transcript:

1 The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. The Elusive Enemy - Cybercrime Duane Barraugh SecureWorks

2 The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. 2 Browses to and downloads redirect code 3 Downloads index.html and counter.html Counter.html has AJAX code to download and run Gozi 4 Installs executable with random name in user’s directory Added to registry to run on startup Installed system drivers to hide file and registry key Downloads drop box IP address 7 User login data posted to hacker website On 1 drop box 3.3 gbytes of stolen data 5200 infected machines 10,000 accounts from over 300 organizations 81.15.146.42 Mazowieckie, Poland www.-----.com Sacramento CA 1 Compromises website and adds redirect code User logs in to web site while being recorded by Gozi 6 Hacker gets paid 9 8 Criminal logs in and purchases accounts and steals identity Target Uploads all client certificates and keys stolen from windows protected storage 5

3 The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. Malicious Software “Malware” Architecture

4 The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. Increase in Criminal-to-Criminal activity  Exploit Auction houses (WabiSabiLabi)  Forums and IRC (#Vxers, cybermafia.cc)  Distribution Service (IFRAMES.BIZ)  Botnet Rental (5Socks.net)  Licensing model (storm worm)  Identity Auctions (76service)  Social Networks (Ranking and Escrow) Criminal-to-Criminal Activity – Fourth Generation

5 The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. Identity Theft Market Rates ItemPrice US-Based Credit Card (with CVV)$1 - $6 Identity (ssn, dob, bank account, credit card, …)$14 - $18 Online banking account with $9,900 balance$300 Compromised Computer$6 - $20 Phishing Web site hosting – per site$3 - $5 Verified Paypal account with balance$50 - $500 Skype Account$12 World of Warcraft Account$10 Source: Symantec Corporation

6 The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. Attacks / Layer 1. Physical 2. Data 3. Network 4. Transport 5. Session 6. Presentation 7. Application 8. Web Web HTTP, SMTP, FTP, … SSL / TLSTCP, SIP TCP, UDP IP 802.3, 802.11, 802.1q, HDP, FDDI, Frame Relay, Token Ring, PPP, CDP 100Base-Tx, RS-232, T1, E1, 10Base-T, SONET, DSL, SDH, POTS, V.XX Rich Ubiquitous Environments Javascript Flash Silverlight Server Languages Infrastructure (.NET/J2EE) Developers Concepts Semantic Web Social Networking Applications Vendors Mashups Advertisements Protocols ‘06‘07‘08’09 est 43%57%68%80% 42%33%22%13% 10%7% 5% 4%3% 2% 0% ---- ----

7 The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. Attacks / Attacker Statistics

8 The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. Web application vulnerabilities still dominating

9 The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. Source of Attacks By Country

10 The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. Focused Attacks – BBB Attack Old approach: Wide net, shallow data collection  phishing attack against one bank, spammed en masse New approach: Narrow net, deep data collection  BBB phishing attack Targets selected by high-value/role (CxO, VP) Collected ALL data from interactive web posts –Banking data –Stock accounts –Company intranet logins –Webmail accounts (complete with email body) –Online shopping history and payment info –Online prescription refills –All websites visited

11 The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. Multi Factor Authentication Bypass Many of the proposed defenses to phishing attacks are focused on making the authentication phase more secure  On-screen keyboards  Tokens  Certificates Criminals are simply skipping the step altogether  Hijack the user's browser with malware  Wait for them to log in  Automate the web browsing interface to transfer money Win32.Grams Torpig/HiLoad Multi-phase authentication needed to verify transactions

12 The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. User Level Rootkits Malicious code injected into already running processes – no changes to the operating system ~10,000 compromised Linux / Apache servers  Serving malicious javascript and rbot malware in HTTP responses  Files are not in the filesystem, the files have been injected into the running process

13 The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. Web Search Index Poisoning

14 The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. Web Content Providers delivering malware

15 The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. Obfuscated Packed Javascript Popular use of Dean Edward's Packer being used to compress and obfuscate javascript Used legitimately by many sites Also used maliciously to evade detection Several security vendors started blocking the packer and reversed the decision because of customer complaints Now used very widely in conjunction with neosploit to deliver malicious javascript

16 www.secureworks.c om Page 1616 The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved. www.secureworks.c om SecureWorks = Proactive

17 The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. Proactive Example: Clampi Trojan and Bot designed to steal credentials from infected systems –Results in lost data, much of which is financial SecureWorks successfully protected its clients WAY back in 2007 Fast forward to 2009 –Clampi exploit hits and only SWRX clients are the only ones protected Proactive = SecureWorks Counter Threat Unit

18 The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. Clampi Protection Tips Protecting your business: The infection vector for data stealing Trojans like Clampi are typically email attachments/links, and via web sites. CTU advises businesses to isolate the workstation in which they do their online financial transactions or bill pay from the rest of the local network, visiting only those specific financial sites required to be accessed. Protecting your customers: Your customers should use a different computer to browse the Internet and receive email. They should use a dedicated computer where they only do their online banking, online bill pay, and any transactions which call for personal or financial information.

19 The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. CTU Strategy Know the client Know the enemy Make a difference – applied research Innovate in the analysis & classification of security intelligence Capitalize on our vision across the client base

20 The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. CTU Facts 30,000 malware specimens / day Monitor ~20 Botnets ~40 Vulnerabilities / business day 1,000’s Security Events of interest / day 10,000’s intelligence artifacts processed a day 2,300 clients attacked / day 1,500 attack types / day ~3,000,000 IP addresses of attackers detected / year

21 The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. Questions? info@secureworks.com

Download ppt "The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved. The Elusive Enemy - Cybercrime Duane Barraugh SecureWorks."

Similar presentations

PowerPoint presentation of first 25 pages of instructional manual Edith Fabiyi Essentials of Internet Access.

PowerPoint presentation of first 25 pages of instructional manual Edith Fabiyi Essentials of Internet Access.
HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.

Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 5 Omar Meqdadi Department of Computer Science and Software Engineering University of.

Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 5 Omar Meqdadi Department of Computer Science and Software Engineering University of.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Welcome to SpyEye Front-end interface called “CN 1” or “Main Access Panel.”

Welcome to SpyEye Front-end interface called “CN 1” or “Main Access Panel.”
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
Dan Boneh CS155 Computer Security Looking for undergrad research? Come see me!

Dan Boneh CS155 Computer Security Looking for undergrad research? Come see me!
The Elusive Enemy - Cybercrime

The Elusive Enemy - Cybercrime
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Update on the underground economy and making profit on the black market Wojciech Lapka.

CERN - IT Department CH-1211 Genève 23 Switzerland t Update on the underground economy and making profit on the black market Wojciech Lapka.
Internet basics, Browsers, application, advantages and disadvantages, architecture, WWW, URL, HTML Week 10 Mr. Mohammed Rahmath.

Internet basics, Browsers, application, advantages and disadvantages, architecture, WWW, URL, HTML Week 10 Mr. Mohammed Rahmath.
CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
First Community Bank www.fcbnm.com Prevx Safe Online Rollout & Best Practice Presentation.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.

Similar presentations

Ads by Google