![Page 1: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/1.jpg)
The Economic Threat Landscape
from Cyber Criminals
Guest Lecture, HiG
Sofie Nystrøm
31. May 2013
![Page 2: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/2.jpg)
2
By 2020 global Internet users will nearly double
* Source: Microsoft
![Page 3: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/3.jpg)
4x
Internet traffic
from 2011
15bn Connected
devices become
ubiquitous
75% Data under 3rd
Party Control by
2020
40 Plus Countries
developing cyber
security policy
* Source: Microsoft
![Page 4: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/4.jpg)
Global Risks
Source: World Economic Forum, Global Risks 2012 Seventh Edition
4
![Page 5: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/5.jpg)
Where is the legislation heading? – EU and US perspective
5
Conclusion: Focus from government on cyber security
issues globally has increased.
![Page 6: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/6.jpg)
Economic Threat
6
![Page 7: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/7.jpg)
Cocktail of ”The bleeding edge” and ”simple” attacks
![Page 8: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/8.jpg)
Targeted attacks – long-term
States and organized criminals
invest large amounts of resources to
harvest information
Often targets entities with
contracts, sensitive stock
information, key personnel,
executive employees
Monitors and lurch around for
years to find the data they are
looking for
”Advanced Persistent Threat”
![Page 9: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/9.jpg)
Evolution Internet banking Trojans 2006 - 2011
Customer’s PC infected by
trojans
Easier for fraudsters to target
and exploit end-point than a
banks infrastructure and
servers
Electronic fraud (eFraud) is on
the rise
Sophisticated and complex
code
![Page 10: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/10.jpg)
DNB targeted by DDoS attack
10
![Page 11: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/11.jpg)
Attack lasted for several hours the 6th and 7th May
The attack was a SYN flood from a rented botnet
Number of packets sent exhausted the number of sessions the firewall in front of www.dnb.no could handle
resulting in a user experience of that the service was down
The botnet consisted of compromised PCs in Russia and China
Facts about the attack
11
![Page 12: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/12.jpg)
Infection Vector
12
![Page 13: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/13.jpg)
What WEB sides have infected Norwegian users
13
![Page 14: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/14.jpg)
14
![Page 15: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/15.jpg)
Trojan infrastructure overview
15
Trojan C&C
Trojan Command & Control panel
eFraud admin panel Several proxy jumps
fraudulent transaction
![Page 16: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/16.jpg)
Challenges for our customers
Malvertizing – advertising that
contains malware
Awareness around measures such
as habits of surfing is NOT a
countermeasure anymore
Depending on swift maintenance of
the endpoint of the customer
16
![Page 17: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/17.jpg)
17
![Page 18: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/18.jpg)
Super ”trojan”/malware - Advanced Persistent Threat (APT)
DDoS will continue to flourish and try to jam our important infrastructure
eFraud continues to escalate towards all groups of customers
Future
![Page 19: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/19.jpg)
More research and innovation around long-term cyber security problems
Recruitment of talented security experts will continue to be scarce
Grow public private partnerships further
Continue close collaboration with law enforcement
Establish mechanisms for efficient incident handling of serious attacks towards all
banks in Norway
Future
19
![Page 20: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/20.jpg)
15.05.2013 20
![Page 21: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/21.jpg)
Establishing a Computer Emergency Response Team (CERT)
Security incident handling, early warning og information sharing
In Norway the following CERT’s are established:
NorCERT (National CERT for critical national infrastructure)
Helse CSIRT
Justis CSIRT
Telenor CERT
Uninett CERT
And now for bank and finance
21
![Page 22: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/22.jpg)
Code more advanced as we go along and
analysis is extensive
Strict control mechanisms from the criminals
to avoid being detected
Experience more ”bleeding edge” attacks
where nobody has previously seen code and
methods
Tools to handle new threat situations are
quickly outdated
Lack of knowledge at our vendors
Large volume of customers that call their bank
and alarms
Challenges in incident handling
22
![Page 23: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/23.jpg)
So what is this all about?
23
![Page 24: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/24.jpg)
Strategic Security Foundation
”Security as a business enabler”
Incident response team and counter threat 24 x 7
Old days – eliminate vulnerabilities and monitor the
“fence”/perimeter
Today – eliminate vulnerabilities, monitor as much as
possible and find abnormal traffic or behavior
Our strategic starting point: you are compromised
![Page 25: The Economic Threat Landscape from Cyber Criminals](https://reader031.vdocument.in/reader031/viewer/2022012121/61ddb14f7c1c2f10385cb9d0/html5/thumbnails/25.jpg)
Summary
Volume of data, number of Internet users
and cyber security attacks grow hand in
hand
Attention on the economic threat is here
...but we do not have the countermeasure
we need clearly in mind
More public knowledge, attention, funding,
education and research is paramount
25