vandals, burglars, thugs, spies and saboteurs · vandals, burglars, thugs, spies, and saboteurs....
TRANSCRIPT
Vandals, Burglars, Thugs, Spies and SaboteursThe Politics and Economics of Cyber Crime
Who is Behind the Cyber Attacks?
Not Him
Who is Behind the Cyber Attacks?
“I bucket [cyber] threats into vandals, burglars, thugs, spies, and saboteurs. The first three categories aren’t as dangerous. It’s the spies and saboteurs that we’re concerned about.
Dr. Andy OzmentCISO, Goldman Sachs
CERRID #######PAGE 5
UNCLASSIFIED
5
Cyber Threat Actors and Motivations
Vandals: Anonymous Website Attacks
Vandals: Ashley Madison Data Breach
Burglars: Phishing [email protected]
We notice Suspicious login attemptsNot personalized
http://kancelariabrylka.eu/templates/system/Amex.php
Action required:-
Burglars: Ransomware
Burglars: Saks, Lord & Taylor Breach
Thugs: North Korean Attack on Sony Pictures
Thugs: Mirai DDOS Attacks
Spies: PLA Unit 61398
• APT1 compromised: - 141 companies - 20 major industries
• Created 40 malware families
• Operated 2006 to 2014• Targeted industries that
China identified as strategic to its growth
Saboteurs: The Stuxnet Worm
• July, 2010: Stuxnet worm was discovered attacking Siemens industrial control systems
• Intended target was the centrifuges operating Iran’s nuclear enrichment program at Natanz
• Highly likely that Stuxnet was designed and deployed by a joint US/Israeli government effort
Saboteurs: Not Petya (How to Sink a Shipping Company)
VandalsHacktivists & EnthusiastsIndividuals/Small Teams
Low CapabilityIdeology Focused
BurglarsOrganized Crime
Multiple Small TeamsModerate CapabilityFinancial Focused
ThugsOrganized Crime & Nation States
Varying CapabilitiesCoercion or Financial
SpiesNation States
Economic or Political FocusHighly Professional Teams
SaboteursNation States
Military or Political FocusHighly Professional Teams
The Business of Cyber Crime
Criminal Motivation
How People Think ID Theft Works
1 2 3 4
Source: Gemini Advisory, Jan 5, 2018
How ID Theft Actually Works
321 4
Source: Gemini Advisory, Jan 5, 2018
Dark Web Bazaars
Carding Shops - McDumpals
Payment Cards Available for Sale – Nov 2018
45.80
4.60
14.20 11.30
41.60
4.30
- 5.00
10.00 15.00
20.00 25.00
30.00 35.00
40.00
45.00 50.00
USA World
Mill
ions
of C
ards
CP CNP EMV CP CNP EMV
Source: Gemini Advisory, Nov 5, 2018
What is Your Credit Card Worth?
Cards available for sale: 490,000 Average Price: $16
Source: Gemini Advisory, Nov 5, 2018
The Characteristics of Modern Cyber Crime
• 80% of cyber crime is the result of organized activity• Typically involves multiple independent groups, each
delivering a “service”• ROI for sophisticated
services is very high
The Art of Cyber Espionage and Warfare
State Motivations for Cyber Activity
An APT Attack Life Cycle
Dragonfly – The TimeLine
29
ExecutiveSpear Phishing
Jan2013
Mar Jun Sep Jan2014
Mar Jun
ICS Integrator“Watering Hole” Attacks
Trus
ted
Softw
are
Dow
nloa
d At
tack
#1
Trus
ted
Softw
are
Dow
nloa
d At
tack
#2
Trus
ted
Softw
are
Dow
nloa
d At
tack
#3
Detection Tools Released
Dragonfly - Exploiting Supplier-User Trust
Vendor Website Industrial Facility
IndustrialTechnician
CyberAttacker
2015 Ukraine Power Outages
Source: E-ISAC | Analysis of the Cyber Attack on the Ukrainian Power Grid | March 18, 2016
What Can I Do?
Passwords are like Toilet Paper
Never use it twice
The Anatomy of a Password Reuse Attack
Source: Gemini Advisory, April 1, 2018
The Anatomy of a Password Reuse Attack
Why I Don’t Care
Password Managers: One Password to Rule Them All
Password Managers: One Password to Rule Them All
Multifactor Authentication
Multifactor Authentication
Insist on Usable Security
Being secure must be easier than not being secure
Put the Pressure On
Questions