cern - it department ch-1211 genève 23 switzerland t update on the underground economy and making...
TRANSCRIPT
CERN - IT DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/it
Update on the underground economy and making profit
on the black marketWojciech Lapka
CERN
IT/GD Group Meeting, 05 February 2009
CERN IT Department
CH-1211 Genève 23
Switzerlandwww.cern.ch/
it
IT/GD Group Meeting, 05 February 2009
Presentation plan
• Main security threats in 2008• What’s for sale on black market?• Value of advertised goods• Malicious tools• Software piracy• Payment methods• Security predictions for 2009• Mitigation and protection• Conclusion
CERN IT Department
CH-1211 Genève 23
Switzerlandwww.cern.ch/
it
Main security threats in 2008
IT/GD Group Meeting, 05 February 2009
• Web infections– 75% of websites with malicious code – legitimate
sites that have been compromised.
• SPAM & phishing– Phishing attacks – Cost: $2 billion in 2008 (only
in the U.S.)– Blog & social networking
• Scareware– Cost: $3.6 billion in 2008 (only in the U.S.)
• Data breaches
CERN IT Department
CH-1211 Genève 23
Switzerlandwww.cern.ch/
it
What’s for sale on black market?
IT/GD Group Meeting, 05 February 2009
Credit
car
d inf
orm
ation
Financ
ial a
ccou
nts
Spam
and
phis
hing
infor
mat
ion
With
draw
al se
rvice
Iden
tity
thef
t inf
orm
ation
Serve
r acc
ount
s
Compr
omise
d co
mpu
ters
Web
site
acco
unts
Mali
cious
app
licat
ions
Retail
acc
ount
s0%
5%
10%
15%
20%
25%
30%
35%
Goods available for sale (% of total)
Percentage
CERN IT Department
CH-1211 Genève 23
Switzerlandwww.cern.ch/
it
Value of advertised goods
• $276 million (July 2007 – June 2008)
IT/GD Group Meeting, 05 February 2009
Credit
car
d inf
orm
ation
Iden
tity
thef
t inf
orm
ation
Serve
r acc
ount
s
Financ
ial a
ccou
nts
Spam
and
phis
hing
infor
mat
ion
Financ
ial th
eft t
ools
Compr
omise
d co
mpu
ters
Mali
cious
app
licat
ions
Web
site
acco
unts
Online
gam
ing a
ccou
nts
0%
10%
20%
30%
40%
50%
60%
Value of advertised goods (% of total)
Percentage
CERN IT Department
CH-1211 Genève 23
Switzerlandwww.cern.ch/
it
Real value of advertised goods
• Credit cards – $5.3 bilion• Bank accounts – $1.7 billion, average
balance $40,000
IT/GD Group Meeting, 05 February 2009
CERN IT Department
CH-1211 Genève 23
Switzerlandwww.cern.ch/
it
Malicious tools
• Attack tools• SPAM and phishing tools• Malicious code• Exploits
IT/GD Group Meeting, 05 February 2009
CERN IT Department
CH-1211 Genève 23
Switzerlandwww.cern.ch/
it
Attack tools
Type Average Price Price Range
Botnet $225 $150–$300
Autorooter $70 $40–$100
SQL injection tools $63 $15–$150
RFI scanner $26 $5–$100
LFI scanner $23 $15–$30
XSS scanner $20 $10–$30
IT/GD Group Meeting, 05 February 2009
CERN IT Department
CH-1211 Genève 23
Switzerlandwww.cern.ch/
it
Spam & phishing tools
Type Average Price Price Range
Scam hosting $10 $2–$80
Scam pages $10 $2–$50
Spam software $9 $3–$20
Mailers $7 <$1–$20
Email addresses (per MB) $6 <$1–$40
Scam letters $6 $1–$10
IT/GD Group Meeting, 05 February 2009
CERN IT Department
CH-1211 Genève 23
Switzerlandwww.cern.ch/
it
Malicious code
Type Average Price Price RangeBinders $27 $10–$100Packers $24 $4–$100Trojans $24 $15–$40Keystroke loggers, password stealers $23 $20–$30
IT/GD Group Meeting, 05 February 2009
CERN IT Department
CH-1211 Genève 23
Switzerlandwww.cern.ch/
it
Exploits
Type Average Price Price RangeSite-specific vulnerability (financial site) $740 $100–$2,999Remote file include exploit (500 links) $200 $150–$250Shopadmin (50 exploitable shops) $150 $100–$200Browser exploit $37 $5–$60
IT/GD Group Meeting, 05 February 2009
CERN IT Department
CH-1211 Genève 23
Switzerlandwww.cern.ch/
it
Software piracy
IT/GD Group Meeting, 05 February 2009
• Global loss for software companies: ~ $48 bilion (in 2007)
Deskt
op g
ames
Utility
app
licat
ions
Mult
imed
ia ap
plica
tions
Conso
le ga
mes
Other
Busine
ss a
pplic
ation
s
Opera
ting
syst
ems
Audio
reco
rding
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
Number of file instances (% of total)
Percentage
CERN IT Department
CH-1211 Genève 23
Switzerlandwww.cern.ch/
it
Payment systems
• Online currency accounts – 63%– Service offered worldwide– Some providers do not require proof of identity– No government regulations. No requirement to
monitor customers or transactions
• Trade of goods and services – 24%– Direct exchange between buyer and seller.
• Online payment service – 9%– Stolen credit cards– Compromised online payment accounts
• Wire transfer service – 3%
IT/GD Group Meeting, 05 February 2009
CERN IT Department
CH-1211 Genève 23
Switzerlandwww.cern.ch/
it
Security predictions for 2009
• Security Analysis Changes from Technical to Financial Prioritization
• Malware as a Service• Scareware• More legitimate website hacking• Social networking spam• Impact of financial crisis• Mobile malware• Hacking on virtual words
IT/GD Group Meeting, 05 February 2009
CERN IT Department
CH-1211 Genève 23
Switzerlandwww.cern.ch/
it
Protection and Mitigation
• Education – e.g. IT Security Podcasts:– http://www.symantec.com/about/news/podcasts/– http://www.sophos.com/security/podcasts/– http://news.cnet.com/security-bites-podcast/
• Education – Group Meeting Presentations• Keep confidential information in secure
place• Ensure security of your software (especially
Web Applications)• Apply all security patches
IT/GD Group Meeting, 05 February 2009
CERN IT Department
CH-1211 Genève 23
Switzerlandwww.cern.ch/
it
Sources
• http://www.symantec.com/business/theme.jsp?themeid=threatreport
• http://www.sophos.com/sophos/docs/eng/marketing_material/sophos-security-threat-report-jan-2009-na.pdf
• http://www.consumerreports.org/cro/electronics-computers/computers-internet/internet-and-other-services/protect-yourself-online/overview/protect-yourself-online-ov.htm
• http://securitylabs.websense.com/content/Assets/WSL_Report_Web_1h08.pdf
• http://global.bsa.org/idcglobalstudy2007/studies/summaryfindings_globalstudy07.pdf
IT/GD Group Meeting, 05 February 2009
CERN IT Department
CH-1211 Genève 23
Switzerlandwww.cern.ch/
it
Conlusion
• “Hacking isn’t a kid’s game anymore. It’s a big business”
• Internet attacks organized and designed to steal information and resources
• Security (like safety) is our responsibility!!!
IT/GD Group Meeting, 05 February 2009
CERN IT Department
CH-1211 Genève 23
Switzerlandwww.cern.ch/
it
Questions?
IT/GD Group Meeting, 05 February 2009