Hacking the Human OS - csa-cee-summit.eu · Hacking the Human OS The role of social engineering...
Transcript of Hacking the Human OS - csa-cee-summit.eu · Hacking the Human OS The role of social engineering...
Title Line
Subtitle Line
Top of Content Box Line
Top of Footer Line
Left Margin Line Right Margin Line
Top of Footer Line
Top of Content Box Line
Subtitle Line
Title Line
Right Margin Line Left Margin Line
.
McAfee Confidential
Top of Content Box Line
Subtitle Line
Title Line
Right Margin Line
. Raj Samani
Hacking the Human OS The role of social engineering within cybercrime
Title Line
Subtitle Line
Top of Content Box Line
Top of Footer Line
Left Margin Line Right Margin Line
Top of Footer Line
Top of Content Box Line
Subtitle Line
Title Line
Right Margin Line Left Margin Line
.
McAfee Confidential
Cybercrime Research
The attack CyberCrime Exposed
• WP published in 2013 that identified the components of a cyber attack, and how any of these components can be outsourced.
Getting Paid Digital Laundry • WP published in 2013 that reviewed the proliferation of digital currencies and their role
within cybercriminal activities.
Getting away with it Jackpot! • WP analysing the role of online gaming for money laundering operations.
Title Line
Subtitle Line
Top of Content Box Line
Top of Footer Line
Left Margin Line Right Margin Line
Top of Footer Line
Top of Content Box Line
Subtitle Line
Title Line
Right Margin Line Left Margin Line
.
McAfee Confidential
Major APT campaigns
March 15, 2015 3
Dragonfly gang is
targeting Western
energy industry 07.2014
FBI, DOJ bottle
GameOver Zeus
botnet 07.2014
Operation Shady RAT: five-year hack
attack hit 14 countries 08.2011
Global Energy Industry
Hit In "Night Dragon"
Attacks 03.2011
Title Line
Subtitle Line
Top of Content Box Line
Top of Footer Line
Left Margin Line Right Margin Line
Top of Footer Line
Top of Content Box Line
Subtitle Line
Title Line
Right Margin Line Left Margin Line
.
McAfee Confidential
What do they have in common?
Whether the intended victim is a consumer, critical infrastructure organization, or retailer
the initial infection invariably relies on the ability to coerce the user into an action
facilitating malware infection
Title Line
Subtitle Line
Top of Content Box Line
Top of Footer Line
Left Margin Line Right Margin Line
Top of Footer Line
Top of Content Box Line
Subtitle Line
Title Line
Right Margin Line Left Margin Line
.
McAfee Confidential
Social Engineering
March 15, 2015 5
Deliberate application of deceitful techniques designed to manipulate someone into divulging information or performing actions that may result in the release of that
information.
Title Line
Subtitle Line
Top of Content Box Line
Top of Footer Line
Left Margin Line Right Margin Line
Top of Footer Line
Top of Content Box Line
Subtitle Line
Title Line
Right Margin Line Left Margin Line
.
McAfee Confidential
Types of attack
Hunting is much easier to counter than Farming…
Hook/Play/Exit (Research)
Objective: - Get information and close
Objective: - To establish a source, then ‘milk’ information
Exit Pl ay (extended period)
Farming
Hunting
Hook (Research)
Title Line
Subtitle Line
Top of Content Box Line
Top of Footer Line
Left Margin Line Right Margin Line
Top of Footer Line
Top of Content Box Line
Subtitle Line
Title Line
Right Margin Line Left Margin Line
.
McAfee Confidential
Tapping into the unconscious…
6 ‘compliance tendencies’
1. Authority
2. Liking
3. Reciprocation
4. Consistency
5. Social Validation
6. Scarcity
Title Line
Subtitle Line
Top of Content Box Line
Top of Footer Line
Left Margin Line Right Margin Line
Top of Footer Line
Top of Content Box Line
Subtitle Line
Title Line
Right Margin Line Left Margin Line
.
McAfee Confidential
Name that scam
Title Line
Subtitle Line
Top of Content Box Line
Top of Footer Line
Left Margin Line Right Margin Line
Top of Footer Line
Top of Content Box Line
Subtitle Line
Title Line
Right Margin Line Left Margin Line
.
McAfee Confidential
Who/Why: Summary Modus Operandi
Hunt Farm Example Motives
Private Investigators Address/Salary/employment status of Mr X. Bid results. New pricing structures. Anything for a client.
Debt Collection/Tracing Confirm address of employee, earning capabilities or bank details
Journalists Confirm elements of story. Find story’ on organisation, its plans, ‘dirt’, financial or commercial strategies
Internal Individuals Details of prospective in-law. Helping a friend. Curiosity.
Government Agencies Where does Mr X live. What is his training record? His attendance record? Where was he on [date/time].
Organised Crime (Local) Where is witness living? ID Theft, Drug dealers
Organised Crime (Remote) ID Theft
Activists Who was involved in the tests? Are you trading with my target organisation? Who can I exert pressure on?
Academics/Researchers Can I get info for my research through the back door? How is my rival doing?
Individuals/External Where is my ex living? Is there a story I can sell? Information to aid technical hacking. Investment info.
Security Services Background info, personal info…
Commercial Orgs Commercial strategy, bid prices, info on key personnel. Insurance claim checks, Sales support info
Aggregators Anything to add to my database?
Solicitors Address of client’s ex? Salary/employment status. Indications of corporate culpability.
Title Line
Subtitle Line
Top of Content Box Line
Top of Footer Line
Left Margin Line Right Margin Line
Top of Footer Line
Top of Content Box Line
Subtitle Line
Title Line
Right Margin Line Left Margin Line
.
McAfee Confidential
Most common techniques
Hook Play
Reciprocation
Liking
Scarcity
Authority
Consistency
Social Validation
Title Line
Subtitle Line
Top of Content Box Line
Top of Footer Line
Left Margin Line Right Margin Line
Top of Footer Line
Top of Content Box Line
Subtitle Line
Title Line
Right Margin Line Left Margin Line
.
McAfee Confidential
Social engineering in action
Title Line
Subtitle Line
Top of Content Box Line
Top of Footer Line
Left Margin Line Right Margin Line
Top of Footer Line
Top of Content Box Line
Subtitle Line
Title Line
Right Margin Line Left Margin Line
.
McAfee Confidential 12
McAfee Works with Global Law Enforcement
Operation Tovar Case Study • Operation Tovar project led by the DoJ and FBI is significant in that the cost of cybercrime
has risen to the point that law enforcement is building global partnerships with law enforcement, ISPs and security industry leaders to confront it.
• Long-term, we believe there will be more and better cooperation between law enforcement agencies worldwide, as well as between the public and private sectors.
• If we can stop these types of crime rings early on, that can have a positive impact on world economies, creating a safe, stable environment for innovation and job growth.
Title Line
Subtitle Line
Top of Content Box Line
Top of Footer Line
Left Margin Line Right Margin Line
Top of Footer Line
Top of Content Box Line
Subtitle Line
Title Line
Right Margin Line Left Margin Line
.
McAfee Confidential
GameOver Zeus – Technical innovation?
Title Line
Subtitle Line
Top of Content Box Line
Top of Footer Line
Left Margin Line Right Margin Line
Top of Footer Line
Top of Content Box Line
Subtitle Line
Title Line
Right Margin Line Left Margin Line
.
McAfee Confidential
CryptoLocker
Title Line
Subtitle Line
Top of Content Box Line
Top of Footer Line
Left Margin Line Right Margin Line
Top of Footer Line
Top of Content Box Line
Subtitle Line
Title Line
Right Margin Line Left Margin Line
.
McAfee Confidential
CyberCrime Exposed Targeted Email
Organizations were
targeted, with emails
sent to individuals
within these
organizations. Such
emails were
engineered to entice
the recipient to open
the attachments which
contained exploit code
which when executed
resulted in the
computer being
compromised.
Web
After the malware is installed it will try to connect to a
site programmed within the Trojan.
These links are to image files and HTML files and used
to hide commands in an effort to bypass filters as the
images look legitimate.
RAT
The Trojan then connects to the Command And Control server to
establish a remote shell allowing the attacker to issue commands on the
compromised computer.
Once connected the Trojan checks with the remote server for specific
commands.
Title Line
Subtitle Line
Top of Content Box Line
Top of Footer Line
Left Margin Line Right Margin Line
Top of Footer Line
Top of Content Box Line
Subtitle Line
Title Line
Right Margin Line Left Margin Line
.
McAfee Confidential
The Text-Book Solution
Nail down the problem
Inconsistent Solutions
Lack of Understanding
Little
Communication
No Pressure
Poor
Information
Now
Awareness
Coherent Solutions
Widen Understanding
Discussion
Support
Metrics
Target
• Admit to the problem
• Clear boundaries
• ‘Permission to verify’
• A sense of the importance of information
• Nurture a ‘no blame’ mentality
Title Line
Subtitle Line
Top of Content Box Line
Top of Footer Line
Left Margin Line Right Margin Line
Top of Footer Line
Top of Content Box Line
Subtitle Line
Title Line
Right Margin Line Left Margin Line
.
McAfee Confidential
Q&A
Raj_Samani