www.secureworks.c om Page1 The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved. Cyber Threats Mike Cote Chairman and CEO
Dec 17, 2015
www.secureworks.com Page 1
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
Cyber ThreatsMike CoteChairman and CEO
How many hits does a search for the term 'Hacker' in Google reply with?
183,000,000
www.secureworks.com Page 3
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
• Black Hat
• Welcome to DEFCON®, the Largest Underground Hacking Convention in ...Information about the largest annual hacker convention in the US, including past speeches, video, archives, and updates on the next upcoming show as well as ...www.defcon.org/ -
2600 – The Hacker Quarterly Conferences -
www.secureworks.com Page 4
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
Hackers - First Generation – Lone Wolf
Chen Ing-Hau, 24, TaiwanArrested September 15, 2000CIH (Chernobyl) Virus
Jeffrey Lee Parson, 18, USAArrested August 29, 2003Blaster Worm ('B' variants only), DDoS
Sven Jaschan, 18, GermanyArrested May 7, 2004NetSky (Sasser) Worm
Kevin MitnickJanuary 21, 1995Compromised, DEC, IBM, HP, Motorola, PacBell, NEC, ….
www.secureworks.com Page 5
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
Cyber Criminals - “Proof of Concept” for making $
Jeanson James Ancheta, 24, USAArrested November 3, 2005Rxbot zombie networks for hire (spam and DDoS)
Farid Essebar, 18, MoroccoArrested August 25, 2005Mytob and Zotob (Bozori) Worms
Atilla Ekici, 21, TurkeyArrested August 25, 2005Operating Mytob and Zotob botnets
www.secureworks.com Page 6
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
• DDoS attacks bookmakers in October 2003
• Extortion ($3 million gross)• Nine arrested on July 20 and 21, 2004• In October 2006, three were sent to
prison• The two gang leaders and masterminds
are still at large• On the Wanted List of the Federal
Security Service (FSB) of the Russian Federation
Cyber Gangs – Online Extortion
Maria Zarubina and Timur Arutchev
www.secureworks.com Page 7
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
Cyber Crime Goes Big Time
Yaron Bolondi, 32, IsraelArrested March 16, 2005
• London branch of Japan's Sumitomo Mitsui Bank
• Worked with insiders through Aharon Abu-Hamra, a 35-year-old Tel Aviv resident
• Injected a Trojan to gather credentials to a transfer system
• Attempted to transfer £220 million into accounts he controlled around the world
• £13.9 million to his own business account
www.secureworks.com Page 8
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
• Indicted on Aug 17, 2009
• Stole 130,000,000 credit card numbers
• Worked out of Miami – his one flaw
• Worked as an international organized cybercrime group– 3 in the Ukraine
• Including Maksik who earned of $11m between 2004-2006– 2 in China– 1 from Belarus– 1 from Estonia– 1 from unknown location that goes by “Delperiao”
Albert Gonzalez – Segvec, Soupnazi, J4guar
8
www.secureworks.com Page 9
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
Identity Theft Market Rates
Item PriceUS-Based Credit Card (with CVV) $1 - $6Full identity (ssn, dob, bank account, credit card, …) $14 - $18Online banking account with $9,900 balance $300Compromised computer $6 - $20Phishing Web site hosting – per site $3 - $5Verified Paypal account with balance $50 - $500Skype Account $12World of Warcraft Account $10
www.secureworks.com Page 10
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
Lone Ranger FriendsCriminal
OrganizationsCriminalGangs
Cyber Crime Trends
www.secureworks.com Page 11
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
Number of attacks monitored by SecureWorks
11
www.secureworks.com Page 12
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
• Criminal to Criminal – C2C
• Selling malware for "research only“
• Manuals, translation• Support / User forums• Language-specific• Bargains on mutation engines
and packers• Referrals to hosting companies• Generally not illegal• Operate in countries that shield
them from civil actions• Makes it easy to enter the
cybercrime market
C2C: Malware/Phishing Kit – “Arms Suppliers”
www.secureworks.com Page 13
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
C2C – Distribution & Delivery – “Force Suppliers”
www.secureworks.com Page 14
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
C2C – Exploit – “Intelligence Dealers”
www.secureworks.com Page 15
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
C2C: Bot Management– “Turn Key Weapons Systems”
• 76service, Nuklus Team• Botnet Dashboards
www.secureworks.com Page 16
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
Driving Factors Behind Cyber Crime
• Profitable• Low risk• New services to exploit• Easy (technically)• Easy (morally – you never meet the victim)
Picture provided by“energizer” hacking group 90 day project take$300,000 - $500,000
www.secureworks.com Page 17
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Cyberwarfare
“Cyberspace is a warfighting domain.” - Lt. General Robert Elder, Commander 8th Air Force
www.secureworks.com Page 18
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
In 2007, the FBI reported that there were 108 countries with dedicated cyber-attack
organizations seeking industrial secrets. http://csis.org/files/media/csis/pubs/081028_threats_working_group.pdf
18
www.secureworks.com Page 19
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
• Adversaries that cannot match U.S. conventional military strength have an incentive to employ asymmetric strategies to exploit our vulnerabilities– Institute for Security Technology Studies at Dartmouth College
• The Chinese want to dominate this information space. So, they want to develop the capability of attacking our "information advantage" while denying us this capability– Mike McConnell – Director of National Intelligence
Leveling the playing field
www.secureworks.com Page 20
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
• Most skilled vulnerability researchers in the world• Very capable at command & control networks• Objective is to steal intellectual property
• Information warfare– as a tool of war, – as a way to achieve victory without war– as a means to enhance stability.
• Strategy– “100 Grains of Sand” – infiltrate as many networked systems as
possible and lie in wait for sensitive data and/or command and control access.
China
20
www.secureworks.com Page 21
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
Whitehouse email compromised – Nov, 2008
21
www.secureworks.com Page 22
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
The federal government reported 18,050 cybersecurity breaches in fiscal year 2008
Source: Department of Homeland Security
22
www.secureworks.com Page 23
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
• Compromise reported April 2009, started as early as 2007
• $300 Billion project – costliest in US DOD history
• Several Terabytes of data stolen about electronic systems– Most sensitive secrets not
compromised
• Source of attacks appear to be China
Joint Strike Fighter
23
“United States is under cyber-attack virtually all the time, every day”- Robert Gates Secretary of Defense
www.secureworks.com Page 24
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
• Russian has been relatively silent on its Strategy for Cyberwar
• Cyber-Activism– Estonia– Lithuania– Ukraine
• Cyber-War– Chechen Rebels during NordOst
Hostage Crisis– Georgia Conflict– Krgyzstan
Russia
24
www.secureworks.com Page 25
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
• 300 Lithuanian Web sites defaced with Soviet Symbols by Russians after Lithuanian law banned use of Soviet symbols
• Ukrainian President’s website hacked after expressing interest in joining NATO
• Estonia knocked offline for moving a Soviet Era WWII war memorial
Cyber-Activism – Proof of Concept
25
www.secureworks.com Page 26
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
CyberWarfare – Russian Georgia Conflict - IWar
• Physical and cyber warfare operations coincided with the final "All Clear" for Russian Air Force between 0600 and 0700 on August 9,2008
• Physical and cyber warfare shared targets, media outlets and local government communication systems in the city of Gori
• Further cyber warfare operations against new targets in Gori coincided with traditional physical warfare target
www.secureworks.com Page 27
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
Russia's Cyber Militia – Distribution of “Bots”
www.secureworks.com Page 28
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
StopGeorgia.ru
28
Hosted by Softlayer in Plano Texas.
www.secureworks.com Page 29
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
• July 4 – July 9, 2009 DDOS Attacks
• Approximately 20,000 attacking hosts (at $0 cost to the attacker)
• Most attacking hosts were in South Korea
• Popular Peer to Peer filesharing network in South Korea hacked to spread malware and enlist machines to attack
• Many government critical infrastructure sites down for several days
www.dhs.govwww.dot.gov www.faa.govwww.ftc.govwww.nasdaq.comwww.nsa.govwww.nyse.comwww.state.govwww.usps.govwww.ustreas.govwww.voa.govwww.whitehouse.gov www.defenselink.mil
Fourth of July DDoS attacks
finance.yahoo.comtravel.state.govwww.amazon.comwww.usbank.comwww.yahoo.govwww.marketwatch.comwww.washingtonpost.comwww.usauctionslive.govwww.umarketwatch.com
www.secureworks.com Page 30
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
• Destruction of a $1M power generator by compromising the control network for the generator
• DHS Project Aurora
• http://www.youtube.com/watch?v=fJyWngDco3g
Project Aurora
30
www.secureworks.com Page 31
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
• There are no international boundaries on the Internet
• There are safe havens for criminals where they may operate without consequence. Some havens provided in return for services or technology
• Governments enlisting the services of traditional cybercrime criminals to advance their information warfare capabilities.
• Governments funding training programs for information warfare
• Cost of CyberAttacks is decreasing, effectiveness is increasing.
• Cyberspace is part of the battlefield of the 21st Century
State of Cyber Attacks and the problems
31
www.secureworks.com Page 32
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
• Release of Dams• Disruption of air traffic flow• Destruction of power substations• Disruption of First Responders and Emergency services during a
terrorist attack• Integrity in the financial system leading to lack of consumer
confidence• Disruption of law enforcement and tainting of evidence• Corruption, tainting of food supply
Balance of Military Might?
32
www.secureworks.com Page 33
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Questions?
33