vandals, burglars, thugs, spies and saboteurs · vandals, burglars, thugs, spies, and saboteurs....

Vandals, Burglars, Thugs, Spies and SaboteursThe Politics and Economics of Cyber Crime

Who is Behind the Cyber Attacks?

Not Him

Who is Behind the Cyber Attacks?

“I bucket [cyber] threats into vandals, burglars, thugs, spies, and saboteurs. The first three categories aren’t as dangerous. It’s the spies and saboteurs that we’re concerned about.

Dr. Andy OzmentCISO, Goldman Sachs

CERRID #######PAGE 5

UNCLASSIFIED

5

Cyber Threat Actors and Motivations

Vandals: Anonymous Website Attacks

Vandals: Ashley Madison Data Breach

Burglars: Phishing Scamsadhesivepaper@cpanel7.ipxcore.com

We notice Suspicious login attemptsNot personalized

http://kancelariabrylka.eu/templates/system/Amex.php

Action required:-

Burglars: Ransomware

Burglars: Saks, Lord & Taylor Breach

Thugs: North Korean Attack on Sony Pictures

Thugs: Mirai DDOS Attacks

Spies: PLA Unit 61398

• APT1 compromised: - 141 companies - 20 major industries

• Created 40 malware families

• Operated 2006 to 2014• Targeted industries that

China identified as strategic to its growth

Saboteurs: The Stuxnet Worm

• July, 2010: Stuxnet worm was discovered attacking Siemens industrial control systems

• Intended target was the centrifuges operating Iran’s nuclear enrichment program at Natanz

• Highly likely that Stuxnet was designed and deployed by a joint US/Israeli government effort

Saboteurs: Not Petya (How to Sink a Shipping Company)

VandalsHacktivists & EnthusiastsIndividuals/Small Teams

Low CapabilityIdeology Focused

BurglarsOrganized Crime

Multiple Small TeamsModerate CapabilityFinancial Focused

ThugsOrganized Crime & Nation States

Varying CapabilitiesCoercion or Financial

SpiesNation States

Economic or Political FocusHighly Professional Teams

SaboteursNation States

Military or Political FocusHighly Professional Teams

The Business of Cyber Crime

Criminal Motivation

How People Think ID Theft Works

1 2 3 4

Source: Gemini Advisory, Jan 5, 2018

How ID Theft Actually Works

321 4

Source: Gemini Advisory, Jan 5, 2018

Dark Web Bazaars

Carding Shops - McDumpals

Payment Cards Available for Sale – Nov 2018

45.80

4.60

14.20 11.30

41.60

4.30

- 5.00

10.00 15.00

20.00 25.00

30.00 35.00

40.00

45.00 50.00

USA World

Mill

ions

of C

ards

CP CNP EMV CP CNP EMV

Source: Gemini Advisory, Nov 5, 2018

What is Your Credit Card Worth?

Cards available for sale: 490,000 Average Price: $16

Source: Gemini Advisory, Nov 5, 2018

The Characteristics of Modern Cyber Crime

• 80% of cyber crime is the result of organized activity• Typically involves multiple independent groups, each

delivering a “service”• ROI for sophisticated

services is very high

The Art of Cyber Espionage and Warfare

State Motivations for Cyber Activity

An APT Attack Life Cycle

Dragonfly – The TimeLine

29

ExecutiveSpear Phishing

Jan2013

Mar Jun Sep Jan2014

Mar Jun

ICS Integrator“Watering Hole” Attacks

Trus

ted

Softw

are

Dow

nloa

d At

tack

#1

Trus

ted

Softw

are

Dow

nloa

d At

tack

#2

Trus

ted

Softw

are

Dow

nloa

d At

tack

#3

Detection Tools Released

Dragonfly - Exploiting Supplier-User Trust

Vendor Website Industrial Facility

IndustrialTechnician

CyberAttacker

2015 Ukraine Power Outages

Source: E-ISAC | Analysis of the Cyber Attack on the Ukrainian Power Grid | March 18, 2016

What Can I Do?

Passwords are like Toilet Paper

Never use it twice

The Anatomy of a Password Reuse Attack

Source: Gemini Advisory, April 1, 2018

The Anatomy of a Password Reuse Attack

Why I Don’t Care

Password Managers: One Password to Rule Them All

Password Managers: One Password to Rule Them All

Multifactor Authentication

Multifactor Authentication

Insist on Usable Security

Being secure must be easier than not being secure

Put the Pressure On

Questions