© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1 Ricardo Rivera E. Business Development Manager Security & Mobility Cisco Borderless Security
Jun 08, 2015
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1
Ricardo Rivera E.Business Development Manager
Security & Mobility
Cisco Borderless Security
2
Cisco Security Intelligence Operations
Agenda
Cisco Cybercrime ROI Matrix
Cisco ARMS Race Index
Cisco Borderless Security Vision
Q&A
3
Some numbers…
4
Some numbers…
5
Cisco Cybercrime ROI Matrix
How are criminals making the most money?
Where are they divesting?
What’s next on the threat landscape?
What are the most promising new techniques?
6
Cisco Cybercrime ROI Matrix
7
Zeus: Banking Trojan prime example
“$10 million lost in one 24-hour period.”
“…[C]riminals have used the Internet to steal more than $100 million from U.S. banks so far this year and they did it without ever having to draw a gun or pass a note to a teller…I've seen attacks where there's been $10 million lost in one 24-hour period.”
-Sean Henry, an assistant director of the FBI in charge of the bureau's cyber division.
8
Automation of Targeted & Blended Attacks
9
Why Zeus?
10
What Happened in Kentucky?
County treasurer had Zeus malware on his PCCriminals stole credentials and logged in to bank accounts from treasurer’s PC
Reconnaissance used to plan theft
Mule recruitment pretending to be Careerbuilder.com
Created mules as fictitious employees
Mules receive $9700 and sent $8700 to Ukraine via Western Union
More than 25 <$10,000 wire transfersTotal of $415k stolen
11
Screen Injection
Courtesy Silver Tail Systems
Your browser NOT on Zeus:
Your browser on Zeus:
12
Statistics
784 Zeus Botnets tracked by Zeus TrackerEstimate of 1.6M bots in Zeus botnets1130 brands targeted 960 estimated financial targets (85%)Top 5 US banks EACH targeted by over 500 Zeus botnets
12
Source: Zeus Tracker
13
Social Networking Exploits
Most important communications tool of the decade.Builds on email, IM.
Big crowds = big targets.Facebook hit 350M users in 2009.
…and criminals have automated how to best penetrate our trust networks
14
15
Targeted Social Networking Attacks
16
17
18
Bringing it all together…Koobface
Links are posted to (or sent from) hijacked social networking accounts
The link leads to a fake video site that ask the user to install a new Flash player / codec to view the video
19
Fake video site that delivers malware
20
Introducing The Cisco ARMS Race Index
21
Introducing The Cisco ARMS Race Index
Global Adversary Resource Market Share (ARMS) Index
Designed to be a barometer of the current level of computing and network resources under criminal control and means for tracking over time.
Derived from leading botnet tracking stats, stats for total PCs worldwide, home/work infection rates.
22
ARMS Race Index
23
Cisco ARMS Race Index: Dec-2009
24
Recommendations for 2010
User education and security awareness training remain top priority
Maintain defenses for “Cash Cow”threats
Evaluate security practices and investments for “Rising Star” threats
Develop security architecture for mobility and consumerization of IT
25
Cisco Security Intelligence Operations www.cisco.com/security
Cisco Security Blog blogs.cisco.com/security
For More Information
The Cisco 2009 Annual Security Report
www.cisco.com/go/securityreport
26
Cisco