Exploring the Capabilities and Economics of Cybercrime
-
Upload
cylance -
Category
Technology
-
view
367 -
download
2
Transcript of Exploring the Capabilities and Economics of Cybercrime
![Page 1: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/1.jpg)
Exploring the Capabilities and Economics of Cybercrime
Recent Trends and Highlights
JIM WALTERSENIOR RESEARCH SCIENTIST| CYLANCE
![Page 2: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/2.jpg)
INTRODUCTIONS
JIM WALTER Sr. Research Scientist w/ Cylance
Previously ran Threat Intelligence and Advanced Threat Research efforts at McAfee / Intel Security (1998-2015)
![Page 3: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/3.jpg)
OVERVIEW
Current Attacker Community / Climate
Current Campaign and TTP Highlights
Mechanics
Mitigations & Countermeasures
Conclusions
![Page 4: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/4.jpg)
StatisticsCybercrime
Average Annualized Cost = 9.5 Million
21% Increase in total cost over 2015
Global cost of Cybercrime in FY2016 = ~ 460 Billion
“Malware” dominates attack ‘types’ in 2016
Information loss/theft is now the most costly consequence of cybercrime
![Page 5: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/5.jpg)
StatisticsCybercrime
CryptoWall Alone - ~325 Million
6 Trillion by 2021??*
Cybercrime has become the 2nd most reported economic crime**
![Page 6: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/6.jpg)
Statistics
![Page 7: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/7.jpg)
Statistics
![Page 8: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/8.jpg)
Statistics
![Page 9: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/9.jpg)
Current Community / ClimateSurface Level / Skiddies / unskilled
Mid-level order-followers / unskilled / compensated by higher-ups to install and manage infrastructure and infected nodes (ex: Nigerian Pony Loader networks)
Skilled –to-highly-skilled
Exclusive for-hire operations (ex: Sality & Gazavat)
Nation States / Gov-backed
Long-term and ultra-stealth
![Page 10: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/10.jpg)
Current Community / ClimateRansomware & For-Hire Offerings
Turn-key systems / All Inclusive
![Page 11: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/11.jpg)
Current Community / ClimateRansomware & For-Hire Offerings
![Page 12: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/12.jpg)
Current Community / ClimateRansomware & For-Hire Offerings
![Page 13: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/13.jpg)
Current Community / ClimateRansomware & For-Hire Offerings
![Page 14: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/14.jpg)
Current Community / ClimateRansomware & For-Hire Offerings
![Page 15: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/15.jpg)
Current Community / ClimateRansomware & For-Hire Offerings
![Page 16: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/16.jpg)
Current Community / Climate
![Page 17: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/17.jpg)
Current Community / Climate
![Page 18: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/18.jpg)
Current Community / ClimateRansomware & For-Hire Offerings
![Page 19: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/19.jpg)
Current Community / ClimateFull Service Carding
![Page 20: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/20.jpg)
Campaigns and TTP HighlightsNigerian BEC ‘gangs’
PassCV Group
CozyBear / APT29 (PowerDuke, etc.)
![Page 21: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/21.jpg)
MechanicsNigerian BEC ‘gangs’
Spearphishing, BEC, Pony Loader, Hawkeye, Citadel, iSpy Premium
PassCV Group
Digitally Signed malware
Targets gaming companies
ZxShell, Gh0st RAT, Netwire (COTS)
CozyBear / APT29 (PowerDuke, etc.)
![Page 22: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/22.jpg)
Mechanics CozyBear / APT29 (PowerDuke, etc.)
PowerShell-based malware tools
Phish / SpearPhish
Malicious Macros in Office documents
Spikerush malware encrypted in PNG image files
![Page 23: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/23.jpg)
Mitigations and Countermeasures Take Note . .
A majority of malware is single-use or target/host specific.
A majority of malware does not end up in-the-wild or on VT or similar sharing sites/services.
![Page 24: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/24.jpg)
Mitigations and Countermeasures In 60% Of Cases, Attackers Are Able To Compromise An Organization Within Minutes.
99.9% Of The Exploited Vulnerabilities Were Compromised More Than A Year After The CVE Was Published
95% Of Malware Types Showed Up For Less Than A Month, And Four Out Of Five Didn’t Last Beyond A Week.
70–90% Of Malware Samples Are Unique To An Organization.
![Page 25: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/25.jpg)
Mitigations and CountermeasuresJust under 1500 ‘malware-related’ breaches in 2016 (opposed to physical theft, miscellaneous hacking, social engineering and more)
“Analysis of one of our larger datasets showed that 99% of malware hashes are seen for only 58 seconds or less. In fact, most malware was seen only once. This reflects how quickly hackers are modifying their code to avoid detection.”
![Page 26: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/26.jpg)
Mitigations and CountermeasuresWhat to do?
Signatures and traditional methods will never keep up.
Learn from the past and smarten your countermeasures.
AI /or Machine Learning lead to true prevention and application of updated methodology to endpoint protection.
![Page 28: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/28.jpg)
Supporting
![Page 29: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/29.jpg)
SAMSA RANSOMWARE TARGETING HOSPITALS / MEDICAL FACILITIES
Payload = Samsa / Samsam Ransomware
‘Pay up to restore functionality’
Targeting Java-based webservers (JBOSS)
Jexboss (python-based JBOSS exploit toolkit)
reGeorg – tunnel RDP via HTTP
csvde, psexec, sdelete – legit tools used to move and function internally
![Page 30: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/30.jpg)
SAMSA RANSOMWARE
![Page 31: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/31.jpg)
SAMSA RANSOMWARE
![Page 32: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/32.jpg)
SAMSA RANSOMWARE
![Page 33: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/33.jpg)
SAMSA RANSOMWARE
![Page 34: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/34.jpg)
SAMSA RANSOMWARE
![Page 35: Exploring the Capabilities and Economics of Cybercrime](https://reader035.fdocuments.in/reader035/viewer/2022062412/589dd1851a28abf45d8b633b/html5/thumbnails/35.jpg)
SAMSA RANSOMWARE