el auge del cibercrimen / the rise of cyber crime
Upload: centro-de-investigacion-para-la-gestion-tecnologica-del-riesgo-cigtr
Post on 12-May-2015
177 views
DESCRIPTION
Ponencia de Richard Stiennon. Analista jefe de Investigación. IT Harvest. Presentation by Richard Stiennon. Chief Research Analyst. IT Harvest. Curso de Verano / Summer Course CIGTR/URJC 2011TRANSCRIPT
![Page 1: El auge del cibercrimen / The rise of cyber crime](https://reader033.vdocument.in/reader033/viewer/2022060108/555143d2b4c905bd1c8b4e5f/html5/thumbnails/1.jpg)
Cyber Crime Prepare for the next wave: Business Process Hacking
Richard Stiennon – Chief Research Analyst, IT-Harvest
Friday, July 1, 2011
![Page 2: El auge del cibercrimen / The rise of cyber crime](https://reader033.vdocument.in/reader033/viewer/2022060108/555143d2b4c905bd1c8b4e5f/html5/thumbnails/2.jpg)
IT-Harvest 2011
The Rise of Cybercrime
Ubiquitous Internet
New vulnerabilitiesMarket for identities
Success (profits) 30 million bots
Insider recruitmentOrganization
International cooperation (or not)
Better security
DRIVERS
INHIBITORS
Friday, July 1, 2011
![Page 3: El auge del cibercrimen / The rise of cyber crime](https://reader033.vdocument.in/reader033/viewer/2022060108/555143d2b4c905bd1c8b4e5f/html5/thumbnails/3.jpg)
IT-Harvest 2011
Historical Criminal Societies
Friday, July 1, 2011
![Page 4: El auge del cibercrimen / The rise of cyber crime](https://reader033.vdocument.in/reader033/viewer/2022060108/555143d2b4c905bd1c8b4e5f/html5/thumbnails/4.jpg)
IT-Harvest 2011
The first wave: the adware economy
E-commerce Sites
Hit StatsFake “Top Ten”BrokersWebrings
Affiliate Web SitesSoftware parasitesWormsVirusesSpamInfected DesktopsADware
Friday, July 1, 2011
![Page 5: El auge del cibercrimen / The rise of cyber crime](https://reader033.vdocument.in/reader033/viewer/2022060108/555143d2b4c905bd1c8b4e5f/html5/thumbnails/5.jpg)
IT-Harvest 2011
The Adware economy
E-commerce Sites
Hit StatsPopularity- StatsBrokersWebrings
Affiliate Web SitesSoftware parasitesWormsVirusesSpamInfected DesktopsADware
Friday, July 1, 2011
![Page 6: El auge del cibercrimen / The rise of cyber crime](https://reader033.vdocument.in/reader033/viewer/2022060108/555143d2b4c905bd1c8b4e5f/html5/thumbnails/6.jpg)
IT-Harvest 2011
IP theft as a service in Israel
Friday, July 1, 2011
![Page 7: El auge del cibercrimen / The rise of cyber crime](https://reader033.vdocument.in/reader033/viewer/2022060108/555143d2b4c905bd1c8b4e5f/html5/thumbnails/7.jpg)
IT-Harvest 2011
Physical presence targets “where the money is” - Willie Sutton• Sumitomo Mitsui Bank Branch
Friday, July 1, 2011
![Page 8: El auge del cibercrimen / The rise of cyber crime](https://reader033.vdocument.in/reader033/viewer/2022060108/555143d2b4c905bd1c8b4e5f/html5/thumbnails/8.jpg)
IT-Harvest 2011
Cyber Defense :-) Sumitomo Best Practice
Friday, July 1, 2011
![Page 9: El auge del cibercrimen / The rise of cyber crime](https://reader033.vdocument.in/reader033/viewer/2022060108/555143d2b4c905bd1c8b4e5f/html5/thumbnails/9.jpg)
IT-Harvest 2011
Stop&Shop
Friday, July 1, 2011
![Page 10: El auge del cibercrimen / The rise of cyber crime](https://reader033.vdocument.in/reader033/viewer/2022060108/555143d2b4c905bd1c8b4e5f/html5/thumbnails/10.jpg)
IT-Harvest 2011
Stop&Shop cyber defense
Friday, July 1, 2011
![Page 11: El auge del cibercrimen / The rise of cyber crime](https://reader033.vdocument.in/reader033/viewer/2022060108/555143d2b4c905bd1c8b4e5f/html5/thumbnails/11.jpg)
IT-Harvest 2011
TJX: targeting data repositoriesTJ MAXX, Marshall’s45 Million Credit cards@ $80/card=$3.6 Billion in costs!
Pringle’s can or…?
Friday, July 1, 2011
![Page 12: El auge del cibercrimen / The rise of cyber crime](https://reader033.vdocument.in/reader033/viewer/2022060108/555143d2b4c905bd1c8b4e5f/html5/thumbnails/12.jpg)
IT-Harvest 2011
Business Process Hacking• Step one: identify the business process• Step two: identify key vulnerabilities and trust
relationships Insiders Customers Partners
• Step three: steal something• Step four: monitization
12
Friday, July 1, 2011
![Page 13: El auge del cibercrimen / The rise of cyber crime](https://reader033.vdocument.in/reader033/viewer/2022060108/555143d2b4c905bd1c8b4e5f/html5/thumbnails/13.jpg)
IT-Harvest 2011
An insider’s perspective• Major railroad in US• Major computer manufacturer in US
13
Friday, July 1, 2011
![Page 14: El auge del cibercrimen / The rise of cyber crime](https://reader033.vdocument.in/reader033/viewer/2022060108/555143d2b4c905bd1c8b4e5f/html5/thumbnails/14.jpg)
IT-Harvest 2011
Pump and dump• Break in to online trading account• Sell off owner’s portfolio• Purchase penny stocks • Dump attacker’s holdings when stock price jumps• Leave account holder with worthless portfolio• Canadian attacks thwarted $11 million frozen in
Lithuanian bank.
14
Friday, July 1, 2011
![Page 15: El auge del cibercrimen / The rise of cyber crime](https://reader033.vdocument.in/reader033/viewer/2022060108/555143d2b4c905bd1c8b4e5f/html5/thumbnails/15.jpg)
IT-Harvest 2011
E-ticketing fraud• Indian railway reservations. Scalpers use software to
corner the market for tickets and resell them at a mark up.
• Concert tickets. Scammers snipe tickets when they go on sale using elaborate hacks to avoid fraud detection schemes. They resell them immediately on sites such as StubHub.com or TicketsNow.com ($1,000)
• Even better: scammers buy seats and block others from getting seats.
15
Friday, July 1, 2011
![Page 16: El auge del cibercrimen / The rise of cyber crime](https://reader033.vdocument.in/reader033/viewer/2022060108/555143d2b4c905bd1c8b4e5f/html5/thumbnails/16.jpg)
IT-Harvest 2011
Carbon credits• 2010 Phishing attack against dozens of companies • Seven out of 2,000 German companies fall for it• Carbon credits transferred to two accounts owned by
attackers• $4 million stolen
• 2011 1.6 million carbon credits stolen from the Romanian branch of Swiss cement company Holcim. $36 million.
16
Friday, July 1, 2011
![Page 17: El auge del cibercrimen / The rise of cyber crime](https://reader033.vdocument.in/reader033/viewer/2022060108/555143d2b4c905bd1c8b4e5f/html5/thumbnails/17.jpg)
IT-Harvest 2011
Vulnerable business processes• Treasury functions• Logistics• Payroll• Trading platforms for energy, natural resources, commodities,
securities• Voting platforms• Gaming sites• Foreign Exchange• “Deal rooms” • Central banks•
17
Friday, July 1, 2011
![Page 18: El auge del cibercrimen / The rise of cyber crime](https://reader033.vdocument.in/reader033/viewer/2022060108/555143d2b4c905bd1c8b4e5f/html5/thumbnails/18.jpg)
IT-Harvest 2011
Beyond theft
• Commerce relies on trust. Break that trust and commerce fails.
18
Friday, July 1, 2011