Hacking the Human OS - csa-cee-summit.eu · Hacking the Human OS The role of social engineering...

Title Line

Subtitle Line

Top of Content Box Line

Top of Footer Line

Left Margin Line Right Margin Line

Top of Footer Line


Subtitle Line

Title Line

Right Margin Line Left Margin Line

.

McAfee Confidential


Subtitle Line

Title Line

Right Margin Line

. Raj Samani

Hacking the Human OS The role of social engineering within cybercrime

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


.

McAfee Confidential

Cybercrime Research

The attack CyberCrime Exposed

• WP published in 2013 that identified the components of a cyber attack, and how any of these components can be outsourced.

Getting Paid Digital Laundry • WP published in 2013 that reviewed the proliferation of digital currencies and their role

within cybercriminal activities.

Getting away with it Jackpot! • WP analysing the role of online gaming for money laundering operations.

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


.

McAfee Confidential

Major APT campaigns

March 15, 2015 3

Dragonfly gang is

targeting Western

energy industry 07.2014

FBI, DOJ bottle

GameOver Zeus

botnet 07.2014

Operation Shady RAT: five-year hack

attack hit 14 countries 08.2011

Global Energy Industry

Hit In "Night Dragon"

Attacks 03.2011

http://www.imgbase.info/images/safe-wallpapers/digital_art/1_miscellaneous_digital_art/19338-digital_art_the_world_wallpaper_wallpaper.jpg

http://www.google.com/url?url=http://blog.ytechsupport.com/mcafee-night-dragon-vulnerability-detection-tool/&rct=j&frm=1&q=&esrc=s&sa=U&ei=jEsrVMGHDom1igLF74HwCw&ved=0CBwQ9QEwAg&usg=AFQjCNEr8Izbtc59MIsfgitGu3185z6tfQ

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


.

McAfee Confidential

What do they have in common?

Whether the intended victim is a consumer, critical infrastructure organization, or retailer

the initial infection invariably relies on the ability to coerce the user into an action

facilitating malware infection

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


.

McAfee Confidential

Social Engineering

March 15, 2015 5

Deliberate application of deceitful techniques designed to manipulate someone into divulging information or performing actions that may result in the release of that

information.

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


.

McAfee Confidential

Types of attack

Hunting is much easier to counter than Farming…

Hook/Play/Exit (Research)

Objective: - Get information and close

Objective: - To establish a source, then ‘milk’ information

Exit Pl ay (extended period)

Farming

Hunting

Hook (Research)

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


.

McAfee Confidential

Tapping into the unconscious…

6 ‘compliance tendencies’

1. Authority

2. Liking

3. Reciprocation

4. Consistency

5. Social Validation

6. Scarcity

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


.

McAfee Confidential

Name that scam

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


.

McAfee Confidential

Who/Why: Summary Modus Operandi

Hunt Farm Example Motives

Private Investigators Address/Salary/employment status of Mr X. Bid results. New pricing structures. Anything for a client.

Debt Collection/Tracing Confirm address of employee, earning capabilities or bank details

Journalists Confirm elements of story. Find story’ on organisation, its plans, ‘dirt’, financial or commercial strategies

Internal Individuals Details of prospective in-law. Helping a friend. Curiosity.

Government Agencies Where does Mr X live. What is his training record? His attendance record? Where was he on [date/time].

Organised Crime (Local) Where is witness living? ID Theft, Drug dealers

Organised Crime (Remote) ID Theft

Activists Who was involved in the tests? Are you trading with my target organisation? Who can I exert pressure on?

Academics/Researchers Can I get info for my research through the back door? How is my rival doing?

Individuals/External Where is my ex living? Is there a story I can sell? Information to aid technical hacking. Investment info.

Security Services Background info, personal info…

Commercial Orgs Commercial strategy, bid prices, info on key personnel. Insurance claim checks, Sales support info

Aggregators Anything to add to my database?

Solicitors Address of client’s ex? Salary/employment status. Indications of corporate culpability.

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


.

McAfee Confidential

Most common techniques

Hook Play

Reciprocation

Liking

Scarcity

Authority

Consistency

Social Validation

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


.

McAfee Confidential

Social engineering in action

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


.

McAfee Confidential 12

McAfee Works with Global Law Enforcement

Operation Tovar Case Study • Operation Tovar project led by the DoJ and FBI is significant in that the cost of cybercrime

has risen to the point that law enforcement is building global partnerships with law enforcement, ISPs and security industry leaders to confront it.

• Long-term, we believe there will be more and better cooperation between law enforcement agencies worldwide, as well as between the public and private sectors.

• If we can stop these types of crime rings early on, that can have a positive impact on world economies, creating a safe, stable environment for innovation and job growth.

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


.

McAfee Confidential

GameOver Zeus – Technical innovation?

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


.

McAfee Confidential

CryptoLocker

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


.

McAfee Confidential

CyberCrime Exposed Targeted Email

Organizations were

targeted, with emails

sent to individuals

within these

organizations. Such

emails were

engineered to entice

the recipient to open

the attachments which

contained exploit code

which when executed

resulted in the

computer being

compromised.

Web

After the malware is installed it will try to connect to a

site programmed within the Trojan.

These links are to image files and HTML files and used

to hide commands in an effort to bypass filters as the

images look legitimate.

RAT

The Trojan then connects to the Command And Control server to

establish a remote shell allowing the attacker to issue commands on the

compromised computer.

Once connected the Trojan checks with the remote server for specific

commands.

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


.

McAfee Confidential

The Text-Book Solution

Nail down the problem

Inconsistent Solutions

Lack of Understanding

Little

Communication

No Pressure

Poor

Information

Now

Awareness

Coherent Solutions

Widen Understanding

Discussion

Support

Metrics

Target

• Admit to the problem

• Clear boundaries

• ‘Permission to verify’

• A sense of the importance of information

• Nurture a ‘no blame’ mentality

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


.

McAfee Confidential

Q&A

Raj_Samani

Hacking the Human OS - csa-cee-summit.eu · Hacking the Human OS The role of social engineering...

Documents

Transcript of Hacking the Human OS - csa-cee-summit.eu · Hacking the Human OS The role of social engineering...