cybercrime and cyber threats - cbla - eric vanderburg
TRANSCRIPT
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Cybercrime and cyber threatsA glimpse of cybersecurity’s opponent
ERIC VANDERBURGVICE PRESIDENT, CYBERSECURITY
Cleveland Business Leaders Association
October 25, 2017
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
About UsTCDI founded in 1988
Microsoft Certified Partner since 2003
Services include:◦Digital forensics
◦ Cybersecurity
◦ eDiscovery
Minority owned enterprise
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Over 40 certifications
Published author
Licensed private investigator
Expert witness and thought leader
18 years in cybersecurity
Specializations include: Risk management
Governance and compliance
Security strategy
ERIC VANDERBURGVICE PRESIDENT, CYBERSECURITY
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Cyber threats and the criminals behind them
Techniques
Growth Factors
Organization
Regions
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Tier1: Entry-level techniques
◦Advance-Fee Fraud
◦Stranded Traveler Fraud
◦Romance Fraud
◦Ransomware
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Tier 2: Moderate techniques◦Business Email Compromise
◦ Emails masquerading as an email from an executive
◦Tax Fraud
◦ Fake tax returns
◦ False IRS demands
◦Botherding
◦Deploying and managing bots
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Tier 3: Advanced techniques◦Advanced Persistent Threats◦ Lengthy undetected access
◦ Long-term strategy
◦ Slowly acquire access to elements of the attack plan.
◦Advanced Ransomware Threats◦ Removes backups over a long period
◦ Destroys vital data when backups nolonger exist.
◦ Victims have no choice but to pay
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Human Resources◦Tech-savvy unemployment or underemployment
◦Over 200 million currently unemployed*
◦ Prototypical case: Russian tech industry in the 1990s
◦ Similar cases in many other countries since then
◦New college graduates with limited career prospects
◦ College graduates are more likely to turn to cybercrime in developing countries.
*United Nations International Labour Organization (ILO) 2017 Study
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Anonymity
Tor
Bulletproof Hosting Services
Encrypted communications
Crypto currency and mixing
services
Decentralized messaging
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Enabling Technologies◦Botnets
◦RaaS
◦Keyloggers
◦Crypters
◦Email extractors
◦Social engineering toolkits
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Deep Web Markets
Credentials
PII
Tool kits
Lease services
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Lower barriers to entry
Easy access to powerful tools
Bitcoin makes complex money laundering schemes unnecessary
Tools and techniques to maintain anonymity are prevalent
The market is large enough that competition is not a big issue
©2017 Technology Concepts & Design, Inc. All Rights Reserved.
Organized Crime
Born out of existing organized crime units
Function like corporations
Access to vast resources
Local connections and robust money laundering capabilities
Effectively combine cybercrime with traditional crime
©2017 Technology Concepts & Design, Inc. All Rights Reserved.
Disorganized Crime Small, agile groups
Members may operate as independent contractors
Some form from real life relationships
May excel at specific types of attacks or scams
Mentor new recruits
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Tactical roles
Hackers
• perform attacks
• exploit network vulnerabilities
• Exploit weaknesses in systems and apps
Fraudsters
• Phish
• Execute con games to defraud victims
Distributors
• Spread ransomware, malware, and bots
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Support roles
Programmers
• Write malicious code
• Develop exploits
Operations
• Maintain criminal systems and communication protocols
• Store data
• Host code
Traders
• List stolen items and goods on black markets
• Purchase goods and services
• Maintain relationships with upstream and downstream providers
Recruiters
• Identify and evaluate potential criminals
• Recruit money mules
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Leadership◦Direct cybercrime groups
◦Ensure that members are compensated
◦Ensure necessary resources are available
◦Maintain order
◦Sanction members who do not obey the rules
◦Make hiring decisions
◦Terminate team members
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Incident response phases
Russia
China
Eastern Europe
West Africa
United States
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Russia◦Unspoken partnership between cybercrime syndicates and the Russian security services cy-ops
◦Russian hackers must not target Russian businesses or government entities
◦Many consider Russian hackers the most sophisticated in the world
◦Many groups developed after the fall of the Soviet Union
◦Mature underground markets and resources
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
China◦Cybercrime falls into a legal grey area with many believing it is ok
◦Motivations to acquire intellectual property
◦Many money laundering and significant amount of bank fraud
◦Theft of online gaming accounts is the second largest target
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Eastern Europe◦Frequently team up with groups outside the EU to complicate law enforcement efforts
◦Many underground marketplaces for stolen goods and hacking tools
◦Robust malware development
◦Popular attacks include bitcoin theft and theft of personal information for sale on the black market
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
West Africa◦Many small groups or individuals who know each other in real life or grew up together
◦Popular career path for those with AIDS who have limited life expectancy
◦Predominantly use phishing based scams
◦Authorities rarely respond to cybercrime reports
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
United States◦Highly skilled attackers performing long-term attacks or developing malicious code
◦US residents are often recruited as money mules to launder money from attacks on US companies and citizens
◦Easy access to underground markets