whatthe%cyber%criminals%are%doing% … · some%it%security%trends%...
TRANSCRIPT
![Page 1: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/1.jpg)
What the Cyber Criminals are Doing on Your Website (Right Now)
Front Range OWASP Conference March 22, 2012
Laz
Director of Strategy, Silver Tail Systems [email protected]
TwiFer: iamlaz 1
![Page 2: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/2.jpg)
Agenda
• Introduc?ons • Some IT Security Trends/Sta?s?cs • Use Cases • Lessons Learned • Staying Ahead • Ques?ons
2
![Page 3: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/3.jpg)
Some IT Security Trends
Source: Juniper Networks Mobile Threat Center
Source: Informa?onWeek
3
![Page 4: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/4.jpg)
More….
4
Source: Verizon 2011 Data Breach Inves?ga?ons Report and BBC
![Page 5: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/5.jpg)
Some Sta?s?cs
5
Source: Verizon 2011 Data Breach Inves?ga?ons Report
![Page 6: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/6.jpg)
Some Sta?s?cs
6
Source: Verizon 2011 Data Breach Inves?ga?ons Report
![Page 7: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/7.jpg)
Iden?fying Known Issues • Iden?fying the issues through: – Pen tes?ng – Applica?on/Network/OS Scans – Internal tes?ng – Monitoring/SIEM
7
![Page 8: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/8.jpg)
What About Unknown Issues? • Some indicators that things were going bad – Always started with a phone call – Site performance degrading over ?me, which resulted in a decline of sales due to bad performance
– Increase in Customer Service phone calls • Research is ?me consuming! – How can you jus?fy pulling revenue genera?ng resources off of projects to inves?gate something?
How will this type of behavior hurt the company brand? 8
![Page 9: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/9.jpg)
These are S?ll Well Known Issues
• Man in the Middle • Man in the Browser • Man in the Mobile
9
Criminal behavior looks much different than normal behavior
![Page 10: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/10.jpg)
Some Unknown Issues
• People gaming the system to abuse marke?ng, sweepstakes, loyalty, and incen?ve programs
• Increase to fraudulent ac?vi?es due to lack of visibility into the Web session – cyber criminals are gefng more crea?ve with their approach!
• Manipula?ng the session with Mobile devices • Site scraping for content, pricing, or inventory/
architecture probing • DDoS (recon and actual agack) agacks
10
IDS/IPS/WAF and transacRon-‐based soluRons are being by-‐passed by cyber criminals
![Page 11: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/11.jpg)
People Gaming the System • Business Drivers – Online marke?ng campaigns, sweepstakes, or incen?ves to acquire new customers
• Challenges Iden?fied – Unique registra?on pagerns over ?me – Registrants signing up from all over the world – Random name generator from mul?ple IP addresses
• Research – Chea?ng Network – The Bofng Network (TBN)
11
![Page 12: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/12.jpg)
Chea?ng Network
12
![Page 13: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/13.jpg)
Chea?ng Network
13
Captcha Built In!
![Page 14: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/14.jpg)
Chea?ng Network
14
![Page 15: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/15.jpg)
Bot Network
15
![Page 16: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/16.jpg)
TBN – The Bofng Network
16
![Page 17: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/17.jpg)
Increase in Fraud/Malicious Behavior • Who’s paying for fraud? • Is this type of behavior viola?ng the Terms of Use of your
website agreement? • Tradi?onal fraudulent behavior is changing – not just hard
dollars anymore • Moving to other parts of the site to compromise the system
and/or business logic
17
Engage Fraud and Legal to Discuss the Emerging Threats
![Page 18: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/18.jpg)
Mobile Issues • Business Drivers
– We want to have a mul? channel solu?on to acquire and retain customers through the use of email updates, instant coupons, rebates, and other promo?ons to our customers
– We want to communicate with all of our customers in near-‐real?me
• Challenges Iden?fied – User login using IE 7 running Windows OS – User con?nues the session, but the session switches to Firefox on Linux
• Research – Compromised phones are accessing the Web site – Mobile emula?on programs are probing the Web site
18
![Page 19: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/19.jpg)
Slow Site Scraping for Content, Pricing, Inventory, or just Probing
• Different velocity scans hifng the Web site to find out: – How many items are in inventory – How much items cost – What type of systems/services are running to support the site
– Moving through the site to understand if there were any transla?on to other languages
• Research – Items were being held in shopping carts and never purchased – What is the rela?onship between Women’s shoes and Women’s
clothing searches and page views?
19
![Page 20: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/20.jpg)
DDoS • Repeated behavior indicated something was going to happen • Trending data allowed the team to be prepared • Prepara?on included: – Simulated DDoS tes?ng – Enhancements to the SOPs – Understanding where revenue was being generated – which countries and loca?ons were high revenue areas
20
There is no silver bullet for a DDoS aFack
![Page 21: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/21.jpg)
Lessons Learned • It’s about the data • Quan?fy your research • There are tools out there to solve this complex issue –
evaluate the solu?ons now • Disk is cheap/crea?ve with storage solu?ons to trend data
over longer periods of ?me • Research events and ?e the pagerns/trends together • Collaborate, collaborate, collaborate
21
![Page 22: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/22.jpg)
Staying Ahead – Where to Go • OWASP Mee?ngs • ISSA Mee?ngs • US Secret Service Briefings • FBI InfraGard • E-‐crime Congress • Financial Services -‐ Informa?on Sharing and Analysis Center
(FS-‐ISAC) (Finance / Financial Services) • Merchant Risk Council (MRC) (Online / Retail)
Build Your Network of Subject MaFer Experts!
22
![Page 23: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/23.jpg)
Resources • ww.chea?ngnetwork.net • www.cybercrime.gov • www.datalossdb.org • www.darkreading.com • www.e-‐crimecongress.org • www.fsisac.com • www.merchantriskcouncil.org • www.owasp.org • www.thebotnet.com
23
![Page 24: Whatthe%Cyber%Criminals%are%Doing% … · Some%IT%Security%Trends% Source:%Juniper%Networks%Mobile%ThreatCenter%%% Source:%InformaonWeek% 3](https://reader033.vdocument.in/reader033/viewer/2022060408/5f0fd4d87e708231d4461985/html5/thumbnails/24.jpg)
Ques?ons?
Thank You! Laz
Director of Strategy, Silver Tail Systems [email protected]
TwiFer: iamlaz
24