the malware monetization machine
TRANSCRIPT
SESSION ID:SESSION ID:
#RSAC
Tony Anscombe
The Malware Monetization Machine
VP and Senior Security Evangelist at Avast
The Malware Monetization MachineTony Anscombe ***********
#RSAC
Malware Inc. The Business
#RSAC
Malware Inc. The Business
30 employeesHealthcare, vacation, lunch, gym membership
Goal: grow distribution and use of software increasing LTV and ROI
2 offices located anywhere
Revenue 2015 - $25m2016 - $1bn2017 - >2x growth?
#RSAC
Malware Inc. Products and Services
Software distributionData storage and encryptionData collection and salesSupport services
#RSAC
Malware Inc. Software Distribution Q4 Recap
Q4 software distribution campaigns
Email delivery• 20m emails delivered to 12m
unique users• Open rate• Execution of the software package• Conversion rates to paying
customer
#RSAC
Malware Inc. Software Distribution Q4 Recap
Q4 software distribution campaignsHosted website downloads
• Automated - drive by download• Unique users vs actual
delivery/installation • User initiated - click jacking
• CTR - Click Through Rate 0.5%
#RSAC
Malware Inc. Q4 Data Business
Q4 data collectionMobile App distributionCollected from 3rd partiesService redirectionEmail campaigns
#RSAC
Malware Inc. Bonus Payments
Over achievement on goalsRevenue exceeded targetAll staff will receive a 110% bonusWe shutdown for the holidays early, congratulations!
#RSAC
Malware Inc. Bonus Payments
Over achievement on goalsRevenue exceeded targetAll staff will receive a 110% bonusWe shutdown for the holidays early, congratulations!January 17, 2017
Locky down as cybercrime takes a brief December holiday
#RSAC
Malware Inc. Q1 Target Markets
#RSAC
Malware Inc. Q1 Target Markets
High monetizing countries
#RSAC
Malware Inc. Q1 Initiatives
A/B testing of offer screens
#RSAC
Malware Inc. Q1 Testing Payment Methods
#RSAC
Malware Inc. Q1 Translation
12 Languages to be offered
#RSAC
Malware Inc. Q1 Time Sensitive Offers
Early purchase discounts
#RSAC
Malware Inc. Q1 Detecting Fraud
#RSAC
Malware Inc. Q1 Legacy Customers
#RSAC
Malware Inc. Q1 Software Sales
Product sales security software
#RSAC
Malware Inc. Q1 Identity Duplication
Stealing login details
#RSAC
Malware Inc. Q1 Identity Duplication
X
#RSAC
Malware Inc. Q1 Mobile
#RSAC
Malware Inc. EOL Products
Banking Trojans Premium rate SMS
#RSAC
Affiliate/Partner Sales
Victims
Affiliates
The boss
#RSAC
Malware Inc. Q1 Outsourced Engineering
Bot nets/herdersExploit writersMalware writersInfrastructure/tool providers
#RSAC
Malware Inc. The Competition
How do we combat?
#RSAC
Overall security threat is growing in complexity
Mobile threats are also accelerating
People’s Security Needs are Growing
Total malware threats, millions
(Cumulative malware threat attacks, million)
2010 2011 2012 2013 2014 2015
4765
470
183
100
326
0.35
1.01
4.26
10.6
585
2016
17.0Mobile malware threats, millions
(Cumulative malware threat attacks, million)
#RSAC
Probability of Attack - The Americas
#RSAC
Probability of Attack - The Americas
CA: 15%
US: 14%
MX: 21%
BR: 20%
PE: 27%
FR: 16%
PT: 18%
MA: 29%
SN: 28%
…
#RSAC
Probability of Attack - Most of ROW
#RSAC
Probability of Attack - Most of ROW
CZ: 27%
EG: 25%
RU: 25%
ET: 41%
KZ: 27%
SA: 14%
TZ: 23%
IN: 28%
LK: 29%
…
#RSAC
How do we combat?
Incidents per day
23.7 million
#RSAC
How do we combat?
Incidents - rolling 30
687.0 million
#RSAC
Where do threats hide?
#RSAC
Ransomware - 2016
#1 Threat150 new strains of ransomware
128,108,948 x $500 = (detections)(average ransom)
#RSAC
Ransomware - 2016
#1 Threat150 new strains of ransomware
128,108,948 x $500 =
$ 64,054,474,000
105% growth year on year
(detections)(average ransom)
#RSAC
Ransomware Hotspots
1. US
2. Brazil
3. Russia
4. UK
5. Mexico
6. Italy
7. Spain
8. Canada
9. Poland
10. Australia
11. India
#RSAC
Combatting Ransomware
Many different forms
Scareware, screen lockers, crypto lockers, Doxingware
Ransomware is detected on every protection layer, including behavioral analysis
14 ‘Free’ decryption tools available
Decryption is a last resort
Not De-cryptable;
0.565
Decryptable; 0.3785
Plausible Decryption ; 0.0565
#RSAC
Connected devices estimated to reach up to 50 billion by 2020Source: Cisco IBSG Report
Internet of Things is Exploding
Avast Confidential
#RSAC
Enslaved IoT Devices
IoT attacks more frequent:
• DDoS attack on Dyn• 900,000 Telekom routers attacked
• 2016: from more than 4.3 million routers scanned, 48% had some security vulnerability
• More than 50% of all home routers use default passwords
• 2 out of 5 people are unaware that their router has an administrative interface where they can log in to view and change their settings
• 1 out of 7 log into their router’s admin interface weekly or monthly to check for updates
#RSAC
Avast Confidential
Over 400M endpoints acting as sensors. Allow us to detect and neutralize threats fast.Largest, most sophisticated, most geographically dispersed threat detection network.World’s largest security-centric machine-learning network.
About Avast
Leveraging data analytics to improve customers online lifestyle. 8,524 virtual, 2,527 physical
and 443 AWS servers
82,600 simultaneous VPN connections
2.1m DNS requests (normal and secure) per second
3.6tr URLs processed per year
45.8m concurrent connections
Pushed 110pb of data in last three months
#RSAC
Best Practices for a Ransomware Defense:
Ensure your systems, applications and devices are fully updated and patched
Ensure you have strong layered anti-malware security solutionEducate employees not to open suspicious attachmentsDisable Microsoft Office macros by default as a policyKeep recent backup copies, disconnected and offsite
#RSAC
Summary
Anti-Malware is a passionate business
Malware is a business X