A Behind the Scenes Look at Cybercriminals - Their Methods...
Transcript of A Behind the Scenes Look at Cybercriminals - Their Methods...
![Page 1: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/1.jpg)
A Behind the Scenes Look at Cybercriminals - Their Methods and How To Stay Ahead of Them
Kevin Haley
Dir, PM Security Response
Colin Gibbens Principal Product Manager
![Page 2: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/2.jpg)
SYMANTEC VISION 2014
2 A Behind the Scenes Look at Cybercriminals
How do you buy or sell ill gotten gains?
![Page 3: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/3.jpg)
SYMANTEC VISION 2014 A Behind the Scenes Look at Cybercriminals 3
![Page 4: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/4.jpg)
SYMANTEC VISION 2014 A Behind the Scenes Look at Cybercriminals 4
![Page 5: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/5.jpg)
SYMANTEC VISION 2014 A Behind the Scenes Look at Cybercriminals 5
![Page 6: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/6.jpg)
SYMANTEC VISION 2014 A Behind the Scenes Look at Cybercriminals 6
![Page 7: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/7.jpg)
SYMANTEC VISION 2014 A Behind the Scenes Look at Cybercriminals 7
![Page 8: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/8.jpg)
SYMANTEC VISION 2014
A Storefront
8 A Behind the Scenes Look at Cybercriminals
![Page 9: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/9.jpg)
SYMANTEC VISION 2014 A Behind the Scenes Look at Cybercriminals 9
![Page 10: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/10.jpg)
SYMANTEC VISION 2014
The Cyclosa Gang
• Write malware
• Run botnets in US and UK
• Breach companies to steal information
• Run online store – SSNDOB
– Sold
• Credit reports
• identity information
A Behind the Scenes Look at Cybercriminals 10
![Page 11: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/11.jpg)
SYMANTEC VISION 2014
The Cyclosa Gang
•DarkMessiah
• JoTalbot
• Tojava
•Armand A. Avakimyan
A Behind the Scenes Look at Cybercriminals 11
![Page 12: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/12.jpg)
SYMANTEC VISION 2014 A Behind the Scenes Look at Cybercriminals 12
![Page 13: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/13.jpg)
SYMANTEC VISION 2014
Armand A. Avakimyan
A Behind the Scenes Look at Cybercriminals 13
![Page 14: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/14.jpg)
SYMANTEC VISION 2014
Cybercriminal Timeline / 2007
2007 Joined cybercrime forum
A Behind the Scenes Look at Cybercriminals 14
![Page 15: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/15.jpg)
SYMANTEC VISION 2014 A Behind the Scenes Look at Cybercriminals 15
How do I steal people’s data through unsecured
WiFi connection?
Try Google
![Page 16: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/16.jpg)
SYMANTEC VISION 2014 A Behind the Scenes Look at Cybercriminals 16
![Page 17: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/17.jpg)
SYMANTEC VISION 2014
Cybercriminal Timeline / 2007
A Behind the Scenes Look at Cybercriminals 17
Joined cybercrime forum
Started selling stolen info
Sought out help on hijacking chat accounts
How do I steal people’s data through unsecured
WiFi connection?
Try Google
![Page 18: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/18.jpg)
SYMANTEC VISION 2014
Cybercriminal Timeline / 2008
• Exploring RATs
– Pinch Trojan
• Targeting US and UK
A Behind the Scenes Look at Cybercriminals 18
![Page 19: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/19.jpg)
SYMANTEC VISION 2014
19 A Behind the Scenes Look at Cybercriminals
Sidebar – Zero-day Vulnerabilities
![Page 20: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/20.jpg)
SYMANTEC VISION 2014
Sidebar – Zero-days
A Behind the Scenes Look at Cybercriminals 20
What do Zero-days have to do with toolkits?
13 15
9 12
14
8
14
23
0
5
10
15
20
25
30
2006 2007 2008 2009 2010 2011 2012 2013
Zero-Day Vulnerabilities, Annual Total, 2006 - 2013 Source: Symantec
![Page 21: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/21.jpg)
SYMANTEC VISION 2014
Sidebar – Toolkits
A Behind the Scenes Look at Cybercriminals 21
Zero-Day Lifecycle
![Page 22: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/22.jpg)
SYMANTEC VISION 2014
Sidebar – Toolkits
A Behind the Scenes Look at Cybercriminals 22
Zero-Day Lifecycle
4 days 312 days 30 days
![Page 23: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/23.jpg)
SYMANTEC VISION 2014
Cybercriminal Timeline / 2009
• Partners with DarkMessiah, Tojava, JoTalbot
• Malware-based SEO
• Pay-per-click fraud
• Sold hijacked chat accounts, botnets traffic, personal & financial info
A Behind the Scenes Look at Cybercriminals 23
![Page 24: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/24.jpg)
SYMANTEC VISION 2014
24 A Behind the Scenes Look at Cybercriminals
Sidebar - Cybercriminal Tradecraft
![Page 25: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/25.jpg)
SYMANTEC VISION 2014
Sidebar – Tradecraft
1546 - Vision 2014 25
What do General Petraeus and Cybercriminals have in common?
![Page 26: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/26.jpg)
SYMANTEC VISION 2014
Sidebar – Tradecraft
A Behind the Scenes Look at Cybercriminals 26
![Page 27: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/27.jpg)
SYMANTEC VISION 2014
Sidebar – Tradecraft
A Behind the Scenes Look at Cybercriminals 27
![Page 28: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/28.jpg)
SYMANTEC VISION 2014
Sidebar – Tradecraft
A Behind the Scenes Look at Cybercriminals 28
@
![Page 29: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/29.jpg)
SYMANTEC VISION 2014
Sidebar – Tradecraft
A Behind the Scenes Look at Cybercriminals 29
![Page 30: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/30.jpg)
SYMANTEC VISION 2014
Sidebar – Tradecraft
1546 - Vision 2014 30
What do General Petraeus and Cybercriminals have in common?
![Page 31: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/31.jpg)
SYMANTEC VISION 2014
Sidebar – Tradecraft
A Behind the Scenes Look at Cybercriminals 31
Draft
![Page 32: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/32.jpg)
SYMANTEC VISION 2014
Cybercriminal Timeline / 2010
A Behind the Scenes Look at Cybercriminals 32
SSNDOB Opens
Registers domain with real name
![Page 33: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/33.jpg)
SYMANTEC VISION 2014
Cybercriminal Timeline / 2010
A Behind the Scenes Look at Cybercriminals 33
![Page 34: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/34.jpg)
SYMANTEC VISION 2014
Cybercriminal Timeline / 2012
• Stocking the Store
– Breaches
• US-based credit Union
• California bank
• Georgian government agency
• Nigerian financial institution
A Behind the Scenes Look at Cybercriminals 34
![Page 35: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/35.jpg)
SYMANTEC VISION 2014
Busted?
A Behind the Scenes Look at Cybercriminals 35
![Page 36: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/36.jpg)
SYMANTEC VISION 2014
Busted?
A Behind the Scenes Look at Cybercriminals 36
![Page 37: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/37.jpg)
SYMANTEC VISION 2014
Demo
A Behind the Scenes Look at Cybercriminals 37
![Page 38: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/38.jpg)
SYMANTEC VISION 2014
Other Events of Interest
A Behind the Scenes Look at Cybercriminals 38
Cons, Frauds and Flimflam - An Examination of
Social Media and Mobile Application Scams May 14, 10 AM PT/1 PM ET
Register at: www.symantec.com/webcasts
1484 - The Evolving Threat Landscape 2014:
Postmortem and Lessons Learned from Simple
and Advanced Threats Discovered in 2013 Tuesday 4:00PM PALACE 2
![Page 39: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/39.jpg)
Thank you!
39
YOUR FEEDBACK IS VALUABLE TO US!
Please take a few minutes to fill out the short session survey available on the mobile app—the survey will be available shortly after the session ends. Watch for and complete the more extensive post-event survey that will arrive via email a few days after the conference.
To download the app, go to https://vision2014.quickmobile.com or search for Vision 2014 in the iTunes or Android stores.
Kevin Haley [email protected] @kphaley
![Page 40: A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and](https://reader034.fdocuments.in/reader034/viewer/2022043009/5f9cb2ea69fa7e569f5b5afe/html5/thumbnails/40.jpg)
Thank you!
Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Kevin Haley
@kphaley
A Behind the Scenes Look at Cybercriminals 40