financial aspects of network security: malware and spam › en › itu-t › workshops-and... ·...
TRANSCRIPT
![Page 1: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/1.jpg)
InternationalTelecommunicationUnion
Financial Aspects of Network Financial Aspects of Network Security: Malware and SpamSecurity: Malware and Spam
ITU-T Study Group 3Geneva, Switzerland
2 April 2008
Johannes M. Bauer*, Michel van Eeten**, Tithi Chattopadhyay*
Please send comments to:ITU-D ICT Applications and Cybersecurity Division
* Michigan State University, USA, ** Delft University of Technology, Netherlands
The views expressed in this presentation are those of the author and do not necessarily reflect the opinions of the ITU or its Membership.
![Page 2: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/2.jpg)
2April 2008
Objectives of report
Malware and spam have far-reaching, direct and indirect, financial effects
Costs for individuals, organizations, nationsRevenues for legal but also illegal playersDirect costs probably 0.2-0.4% of global GDPIncluding indirect effects could be as high as 0.5-1% of global GDP
Available information is incomplete and potentially biased by stakeholder interestsThe report aims at documenting the state of knowledge of these financial aspects
![Page 3: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/3.jpg)
3April 2008
Overview
Malware and spam developmentsA framework for analyzing financial flows related to malware/spamMain empirical findingsA preliminary welfare assessmentAppendix: the malware/spam underground economy
![Page 4: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/4.jpg)
4April 2008
Malware and spam developments
![Page 5: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/5.jpg)
5April 2008
Background
Payoffs of fraudulent and criminal activity are high and have brought organized crime to malware and spamDivision of labor and specialization has increased sophistication and virulence of threats from fraudsters and criminalsSecurity decisions of some players within the ICT value net do not fully reflect social costs and benefits and only sub-optimally mitigate external threats
![Page 6: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/6.jpg)
6April 2008
Division of labor
Source: MessageLabs, 2007
Malware Writer
Guarantee Service
Spammers
Credit Card
Abuser
Malware Distributor
Reseller
IdentityCollector
eShops
Drop Site Developers
Drop Drop Drop
Uses Services
Seller MalwareSells credit cards with identities
Buys Goods
Uses Services
Forward Goods
Ships Goods
Uses Services
Sells IdentitiesUses Services
Sells Malware
Sells Malware
Buys Drop Site Template
Drop Service
BotnetOwner
![Page 7: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/7.jpg)
7April 2008
Visibility vs. malicious intent
Source: www.govcert.nlTime
![Page 8: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/8.jpg)
8April 2008
Malware attack trendsOverall increasesMonthly growth
Trojans, rootkits slowing toward end of 2007Worms, viruses, AdWareand other accelerating
As of 3/2008 (Panda)30% of computers on Internet infectedAbout 50% active
Postini reports 10% of websites as infected
0
50000
100000
150000
200000
250000
Troj
War
e
VirW
are
Mal
War
e
AdW
are
Ris
kWar
e
2006 2007
Source: Kaspersky Labs, 2008
![Page 9: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/9.jpg)
9April 2008
Spam trends
1210 1221 1178 1230
268 267204
189
0
200
400
600
800
1000
1200
1400
1600
Q3-06 Q4-06 Q1-07 Q2-07
Abusive Unaltered
Different metrics“Abusive” messages (MAAWG)MessageLabs new and old spamSymantecFairly consistent numbers (85-90% of total messages)Spamhaus Project (IP addresses)Source: MAAWG 2007
![Page 10: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/10.jpg)
10April 2008
Geography of spam
Source: Symantec, 2007, 2008
0
5
10
15
20
25
30
35
40
45
50
afric
a
asia
aust
ralia
/oce
ania
euro
pe
north
am
eric
a
sout
h am
eric
a
% Internet mail % Internet spam
2007
0
10
20
30
40
50
60
afric
a
asia
aust
ralia
/oce
ania
euro
pe
north
am
eric
a
sout
h am
eric
a
% Internet mail % Internet spam
2006
![Page 11: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/11.jpg)
11April 2008
Financial aspects of malware and spam
![Page 12: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/12.jpg)
12April 2008
Hardware, Software
Securityservice
providers
Fraudsters,Criminals
ISPs
Individualusers
Businessusers
12
13
5
3
8 9
4
10
1211
67
GovernmentSociety at large
Selected financial flows
Legal
Potentially illegal
![Page 13: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/13.jpg)
13April 2008
Direct and indirect cost
Direct cost such aslosses from fraudulent and criminal activitycost of preventative measures (e.g., security software and hardware, personnel training)cost of infrastructure adaptation (network capacity, routers, filters, …)
Indirect cost such ascost of service outagescost of law enforcementopportunity cost to society (lack of trust)
![Page 14: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/14.jpg)
14April 2008
Legal and illegal revenues
Legal business activitiesSecurity software and servicesInfrastructure equipment and bandwidth
Illegal business activitiesWriting of malicious codeRenting of botnetsProfits from pump and dump stock schemesCommission on spam-induced salesMoney laundering (illegally acquired goods)
![Page 15: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/15.jpg)
15April 2008
Main empirical findings
![Page 16: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/16.jpg)
16April 2008
Cost of malware
Worldwide direct damage in 2006: $13.2 bn (Computer Economics survey of 52 IT professionals)
Decline from $17.5 bn in 2004Effects of anti-malware efforts and shift from direct to indirect costs
U.S. Federal Bureau of Investigation estimated cost of computer crime to U.S. economy in 2005 to $67.2 bnNo estimates of indirect and of opportunity costs available
![Page 17: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/17.jpg)
17April 2008
Direct losses to U.S. business
Surveys of Computer Security Institute (CSI) members since 1996In 2007, 494 respondents of which 194 provided damage estimatesLeading categories:
financial frauddamage by viruses, worms, spywareSystem intrusion
Incomplete pictureSource: CSI, 2007
0
500
1000
1500
2000
2500
3000
3500
1999 2000 2001 2002 2003 2004 2005 2006 2007
Average cost per reporting firm (in 000 $)
![Page 18: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/18.jpg)
18April 2008
Cost of preventative measures
Percentage of IT budget spent on security (2007 CSI Report)
35% of respondents: <3% of IT budget26% or respondents: 3-5% of IT budget 27% of respondents: >5% of IT budget
2006 global revenue of security providers estimated to $7.5 bn (Gartner 2007)TU Delft/Quello Center study: 6-10% of IT budget dedicated to security
![Page 19: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/19.jpg)
19April 2008
Cost of spamGlobal cost of spam in 2007: $100 bn, of which US$ 35 U.S. (Ferris Research)
Cost of spam management to U.S. businesses in 2007: $71 bn (Nucleus Research)
Cost of click fraud in 2007: $1 bn (Click Forensics)
Cost to U.S. consumers in 2007: $7.1 bn (Consumer Reports)
![Page 20: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/20.jpg)
20April 2008
A preliminary welfare assessment
![Page 21: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/21.jpg)
21April 2008
Determining welfare effects
Complicated by the legal and illegal revenues associated with cybercrimeCosts of malware and spam
Direct costs (damages, prevention, …)Indirect costs (law enforcement, trust, …)
Economic “bads” (e.g., part of security investment), not welfare-enhancingTreatment of illegal transactions (estimated to total $105 bn)?
![Page 22: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/22.jpg)
22April 2008
Scaling overall effects
Costs of malware and spamMost reliable information at country level; how to scale to global level/Avoidance of double-countingGlobal direct costs probably in 0.2-0.4% range of global GDP ($66 tr)Direct and indirect costs could be as high as 0.5-1% of global GDP
Probably differential effects on national productivity and growth
![Page 23: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/23.jpg)
23April 2008
AppendixThe malware/spam
underground economy
![Page 24: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/24.jpg)
24April 2008
Malware/spam
Players in the underground economy includeMalware writers and distributors (trojans, spyware, keyloggers, adware, riskware, …)Spammers, botnet owners, dropsVarious middlemen
Emergence of institutional arrangements to enhance “trust” (e.g., SLAs, warranties)Steady stream of new attacks (e.g., drive-by pharming, targeted spam, MP3 spam, …)
![Page 25: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/25.jpg)
25April 2008
Interdependent value net
ISPi
ISPj ISPk
Usersi
Usersj
Usersk
App/Si
App/Sj
Hardware vendors
Software vendors
Security providers
GovernanceApp/Sk
Frau
dule
nt a
nd c
rimin
al a
ctiv
ityFraudulent and crim
inal activity
![Page 26: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/26.jpg)
26April 2008
Efficient & inefficient decisions
Instances where incentives of players are well aligned to optimize costs to society
ISPs correct security problems caused by end users as well as some generated by other ISPsFinancial service providers correct security problems of end users and software vendorsNegative reputation effects of poor security disciplines software vendors, ISPs, and other stakeholders
Instances where incentives are poorly alignedIndividual users (lack of information, skills, …)Domain name governance/administration system
![Page 27: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/27.jpg)
27April 2008
More Information: ITU Development Sector
ITU-D ICT Applications and Cybersecurity Divisionwww.itu.int/itu-d/cyb/
ITU-D Cybersecurity Activitieswww.itu.int/itu-d/cyb/cybersecurity/
Study Group Q.22/1: Report On Best Practices For A National Approach To Cybersecurity: A Management Framework For OrganizingNational Cybersecurity Efforts
www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-draft-cybersecurity-framework.pdf
National Cybersecurity/CIIP Self-Assessment Toolkitwww.itu.int/ITU-D/cyb/cybersecurity/projects/readiness.html
ITU-D Cybersecurity Work Programme to Assist Developing Countries:• www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-cybersecurity-work-
programme-developing-countries.pdfRegional Cybersecurity Forums
www.itu.int/ITU-D/cyb/events/Botnet Mitigation Toolkit
http://www.itu.int/ITU-D/cyb/cybersecurity/projects/botnet.html
![Page 28: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/28.jpg)
28April 2008
More Information: ITU Standardization Sector
ITU-T Study Group 17 – Lead Study Group on Telecommunication Security
www.itu.int/ITU-T/studygroups/com17/index.asp
Question 17/17 - Countering spam by technical means
www.itu.int/ITU-T/studygroups/com17/sg17-q17.html
Recommendations for approval on 18 April 2008:• X.1231 - Technical strategies on countering spam • X.1240 - Technologies involved in countering email spam • X.1241 - Technical framework for countering email spam
![Page 29: Financial Aspects of Network Security: Malware and Spam › en › ITU-T › Workshops-and... · Malware attack trends Overall increases Monthly growth ¾Trojans, rootkits slowing](https://reader033.vdocument.in/reader033/viewer/2022042410/5f289aaab6c45b51c62c23d4/html5/thumbnails/29.jpg)
29April 2008
International Telecommunication
Union
Helping the World Communicate