1 / 24

Cybercrime: From Kudos to Profit

Cybercrime: From Kudos to Profit. Gerhard Eschelbeck, CTO Sophos. What do these businesses have in common ?. Interpol.

paytah
Download Presentation

Cybercrime: From Kudos to Profit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cybercrime:From Kudos to Profit Gerhard Eschelbeck, CTO Sophos

  2. What do these businesses have in common ?

  3. Interpol “In the past, cybercrime has been committed by individuals or small groups of individuals. However, we are now seeing an emerging trend with traditional organized crime syndicates and criminally minded technology professionals working together and pooling their resources and expertise. This approach has been very effective for the criminals involved. In 2007 and 2008 the cost of cybercrime worldwide was estimated at approximately USD 8 billion. As for corporate cyber espionage, cyber criminals have stolen intellectual property from businesses worldwide worth up to USD 1 trillion.”

  4. FBI Masses of resources, details of activity. Most wanted page!

  5. Cybercrime as a “Business”

  6. An Interconnected Economy Source: ENISA

  7. Malware central to Cybercrime “...individuals, normally working with others, with the capability to commit serious crime on a continuing basis, which includes elements of planning, control and coordination, and benefits those involved. The motivation is often, but not always, financial gain.” SOCA Organised crime

  8. Malware was „Easy“ in the Early Days The Michelangelo Virus

  9. Current threat landscape In 1 slide 

  10. Ransomware • Ransomware • Pay ransom to access locked/encrypted files Recover data?

  11. Ransomware (cont’d) Reveton: family of ransomware that locks users out of their machine GEOIP lookup – locale specific lock pages http://www.youtube.com/watch?feature=player_embedded&v=-qR3D-Jx6FQ

  12. Ransomware (cont’d) Additional tricks to socially engineer victim. Fear factor.

  13. PoS Malware - Troj/Trackr Umbrella detection name for all Point of Sale (PoS) RAM scraping malware. Includes: Alina, Dexter, VSkimmer, Kaptoxa, Chewbacca, etc. Troj/Trackr-* steals payment data from the RAM of PoS systems. Adds socially-engineered filenames, network functionality, bots, packed etc. Installed DLL version – malicious DLL is registered as a service and performs the RAM scraping.

  14. Who does Troj/Trackr- target?

  15. What about Mobile ?

  16. Mobile malware growth accelerating

  17. Anatomy of a hacked device

  18. Crimeware kits ‘Monetization’ : the bulk of today’s threats are automated, coordinated & professional

  19. It’s all about traffic Compromised sites used to drive traffic. 85% of all bad stuff. • Stolen FTP credentials • Use sFTP! (should be enforced) • Vulnerable software on site • Wordpress plugins • Image gallery • -> upload PHP shell/kit • Vulnerable server • Patched? • 0wned server • e.g. Darkleech

  20. Drive-by downloads “Monetization”

  21. Crimeware in Action

  22. A Global Challenge

  23. Reporting a crime YES. See NakedSecurity articles for links to advice.

  24. Questions/Discussion? GE@sophos.com

More Related