SESSION ID:

#RSAC

Alex Holden

Eastern European Black Market Economy Trends

FLE1-F02

Chief Information Security OfficerHold Security, LLC@HoldSecurity

#RSAC

Why Learn About Hackers?

2

The most dynamic and social black market

Large sharing community

Re-use or secondary market

Learn how to guard against this sector

Current trends and failures

#RSAC

History

#RSAC

History of the Russian Underground

4

Evolution of technology and thirst for knowledge

Early years – the gang wars

Dissolution of gangs and specialization – links in a chain

JabberZeus

CyberVor

#RSAC

What Drives a Hacker

5

For-profit crime

Hacktivism

Revenge

State-sponsored

#RSAC

Communications

6

Forums

Advertising

Marketing

Customer Service

#RSAC

Mass Production

7

Stealing in bulk

Lowest hanging fruit

0day

Unpatched Systems

Weak Passwords

Tools and techniques

Crime ratios

#RSAC

Competition

8

Supply and Demand

Black Market Economics

Respect and order amongst the thieves

Escrow Services

Reputation

DOXing

Destroying the competition

#RSAC

Eastern European Black Markets Today

#RSAC

Black Market Overview

10

Rare direct monetization

Long supply chain

Frequent failure

#RSAC

Education

11

Hacker University

Job After Graduation

Professor’s Insight

#RSAC

Viruses/Malware

12

Botnet flavors

What can you steal

Linguistics adaptation

Injects and Grabbers

Mobile botnets

#RSAC

Spam Operation

13

Spam supply-chain

Spear phishing

Social network abuse

Statistics

#RSAC

Re-shipping

14

Drop dynamic

Supply Chain

#RSAC

Ransomware

15

Simple and Effective

#RSAC

Brute Force Everything

16

Credentials

Services

Monetization

#RSAC

Anonymity

17

Hiding = blending in

Sophistication and ease of use

Escaping detection

WebRTC

Fonts

Local Time

Virtualization

#RSAC

Identity

18

Service authentication

Creating a new person

#RSAC

Dating

19

Praying on desperation

Dating scam – enterprise solution

#RSAC

Skimmers

20

ATM

Credit Cards

New Designs

Old tools

#RSAC

Starting Your Own Black Market Shop

21

Everything sells

Crimeware as a service

#RSAC

Defenses

#RSAC

Applying Knowledge Against the Enemy

23

Not every threat is credible

Creating an unattractive target

Scaling defenses to threats

Viruses/Malware

0day

Credentials

Misconfigurations

#RSAC

Defense

24

Honeypots

Systems

Features

Data

Threat Intelligence