![Page 1: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/1.jpg)
Emerging Internet Security Threats in 2009
Lenny ZeltserSenior Faculty Member, SANS InstituteIncident Handler, Internet Storm Center
Security Consultant, Savvis
Copyright 2006-2009 Lenny Zeltser
![Page 2: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/2.jpg)
Attackers and defenders are locked in an arms race.
![Page 3: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/3.jpg)
Financial incentives encourage R&D investment in attacks.
![Page 4: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/4.jpg)
Financial firms are at the forefront of the threat landscape... That's
where the money is.
![Page 5: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/5.jpg)
Social Engineering –The Foot in the Door
![Page 6: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/6.jpg)
“Con-artists” let victims arrive at the expected conclusion.
“I found your [domain] name for sale on the web. Can you give me a price for the name in the subject line. …
Of course, we must be sure that you are engaging a reputable appraisal company…”
![Page 7: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/7.jpg)
Attackers may gain the victim’s trust by posing as a friend.
“I am now in United Kingdom on urgent business, I was robbed at my hotel…
Sorry i did not inform you about my traveling. I need you to lend me with a sum of 1000 Dollars urgently so that i can travel back home”
![Page 8: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/8.jpg)
Scammers may employ the phone (VoIP) to lower the victim’s guard.
“Dear MasterCard customer, … we will never ask for personal account information via email or web pages… Please call us immediatelyat (615) 348-6681”
“We regret to inform you that we had to lock your account access. Call (567) 258-5114 to restore your bank account.”
![Page 9: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/9.jpg)
The line between criminal physical and virtual worlds is fading.
![Page 10: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/10.jpg)
Malware may spoof product review sites to legitimize a fake AV tool.
Source: Bleeping Computer
![Page 11: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/11.jpg)
Malicious sites may customize the message based on your location.
![Page 12: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/12.jpg)
So What?
• Your customers are being targeted.
• Your employees, too.
• Increase awareness, but assume it will fail.
• Monitor and defend accordingly.
![Page 13: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/13.jpg)
Web – The New Operating System
![Page 14: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/14.jpg)
Attackers compromise websites via SQL injection.
Cookie: ref=ef';DECLARE @S VARCHAR(4000);SET @S=CAST(0x4445434C415245204054207661726368617228323535292C404320766...
Cookie: ref=ef';DECLARE @S VARCHAR(4000);SET @S=CAST(0x4445434C415245204054207661726368617228323535292C404320766...
SQL encoded; delivered as a cookie; targeted IE zero-day
![Page 15: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/15.jpg)
Malicious sites may interact with victims’ web applications.
![Page 16: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/16.jpg)
Example: Proof-of-concept clickjacking for Twitter.
![Page 17: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/17.jpg)
Drive-by infections target browser vulnerabilities.
![Page 18: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/18.jpg)
Exploit kits automate infection campaigns.
![Page 19: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/19.jpg)
Victims are targeted via malicious and obfuscated Flash ads.
movie 'advertisement.swf' {frame 1 {
function �() {for (;;) {
for (;;) {for (;;) {
movie 'advertisement.swf' {frame 1 {
function �() {for (;;) {
for (;;) {for (;;) {
![Page 20: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/20.jpg)
Attackers are paying more attention to social networking sites.
“LOL. You’ve been catched on hidden cam, yo:”
![Page 21: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/21.jpg)
Attackers solve CAPTCHAs to access websites automatically.
![Page 22: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/22.jpg)
“Работа для студентов. Необходимы люди дляраспознавания картинок, за каждую 1000 картинокплатим $5. По наблюдениям, среднее времяраспознавания 1000 картинок - 1 час, т.е. за деньупорного труда вы можете заработать $60-70.”
“Работа для студентов. Необходимы люди дляраспознавания картинок, за каждую 1000 картинокплатим $5. По наблюдениям, среднее времяраспознавания 1000 картинок - 1 час, т.е. за деньупорного труда вы можете заработать $60-70.”
Human labor supplements botnet CAPTCHA efforts.
“Work for students. Looking for persons to recognize images. Get paid $4 for every 1,000 images recognized. From past experience, it takes about 1 hour to recognize 1,000 pictures, so you could earn $60-70 after a hard day’s work.”
“Work for students. Looking for persons to recognize images. Get paid $4 for every 1,000 images recognized. From past experience, it takes about 1 hour to recognize 1,000 pictures, so you could earn $60-70 after a hard day’s work.”
![Page 23: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/23.jpg)
So What?
• Focus on strengthening your web applications.
• Make it hard to target your users via your application.
• Consider whether your developers actually care about security, though.
![Page 24: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/24.jpg)
Malware – Pursuing Data and Computing Power
![Page 25: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/25.jpg)
Malware is a component of many data breaches.
Malware captured transitions that were not encrypted in transit.
Source: Heartland Payment Systems
Man planted malware to crash point-of-sale servers of retail companies.
Source: Department of Justice
![Page 26: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/26.jpg)
10 Days of Torpig
Data Type Number of ItemsMailbox account 54,000Email address 1,200,000Form data 12,000,000Windows password 1,200,000Other accoun 900,000
UC Santa Barbara
![Page 27: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/27.jpg)
The Tigger trojan was indicative of feature-packed malware.
Source: Michael Hale Ligh
Disables anti-virus toolsRootkit runs in safe mode
Takes screenshotsCaptures passwords, cookies, certs
Sniffs the networkObserves browsers
Logs keystrokes
Deactivates debuggers
Opens a backdoorRemoves other malware
![Page 28: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/28.jpg)
A Limbo 2 trojan intercepted 2-factor auth and virtual keys.
![Page 29: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/29.jpg)
Another trojan harvested one-time password card contents.
![Page 30: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/30.jpg)
Botnets offer crimeware-as-a-service (CaaS) for Spam, DDoS, etc.
Source: SecureWorks
![Page 31: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/31.jpg)
Fast flux DNS complicates tracking of botnets and malicious sites.
![Page 32: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/32.jpg)
Bots may generate C&C domain names on the fly via an algorithm.
![Page 33: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/33.jpg)
Some botnets use P2P, without a central node.
![Page 34: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/34.jpg)
So What?
• Reassess the strength of your web app’s authentication process.
• Understand what other process weaknesses malware may target.
• Consider scenarios where attackers have more computing power than you.
![Page 35: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/35.jpg)
Targets – Precision in Execution
![Page 36: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/36.jpg)
Zero-day exploits target organizations.
“A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. ... this issue is being exploited.”
Source: Adobe
“public reports of a vulnerability in Microsoft Office Excel ... We are aware only of limited and targeted attacks...”
Source: Microsoft
![Page 37: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/37.jpg)
Targeted Applications in 2009
Image Source: F-Secure
![Page 38: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/38.jpg)
Focused, polished attacks on pro-Tibet groups.
![Page 39: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/39.jpg)
Documents attached to emails carried exploits.
Source: F-Secure
Spoofed as if from a trusted source.
![Page 40: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/40.jpg)
Executives at a Swedish company targeted via
spoofed emails.
Provided a backdoor to the attacker
![Page 41: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/41.jpg)
Installed the Poison Ivy trojan.
Fully controlled the infected system.
![Page 42: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/42.jpg)
So What?
• Consider how your organization will detect a targeted attack.
• How will you respond to it?
• Combine the targeted scenario with social engineering and malware facets.
![Page 43: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/43.jpg)
Money – Commercialization of Threats
![Page 44: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/44.jpg)
Marketplace for stolen data is very active.
Source: Symantec
I'm a legit drop for items in US, you can trust me 100%, i also can cashout
Selling Cvv2 & Full info (US) - (FR) | Selling Host Hacked | Webmail | Selling Fast VPN
Spam All Banks UK / US
Selling logins good RDP / VNC
![Page 45: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/45.jpg)
Marketplace for stolen data and malware is very healthy.
Goods and Services PricesBank accounts $10-$1,000Credit cards $0.40-$20Full identities $1-$15Email passwords $4-$30Proxies $1.50-$30Scams $2.5/week -
$50/week for hostingMailers $1-$10
Source: Symantec
![Page 46: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/46.jpg)
One could get paid for installing spyware.
Prices per 1,000 downloads.
Country Price ($US)US $50UK $60Italy $60Spain $25Asia $3
Source: MessageLabs
![Page 47: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/47.jpg)
Spam fuels the Internet criminal economy.
Fast payouts, high degree of security... These are few reasons why Golden Gate casino is so popular
Discounts and perfect prices only for you. Forget about problems with ON line pharmacy!
No experience required. Limited homeworker opportunity.
Try Fatblaster, product with natural herbal ingredients which do all work of fat burning for you.
![Page 48: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/48.jpg)
Pump-and-dump is profitable.
Ramanathan traded via compromised brokerage accounts.
![Page 49: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/49.jpg)
Extortion makes money and takes many forms.
![Page 50: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/50.jpg)
Gpcoder encrypted local files.
![Page 51: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/51.jpg)
MonaRonaDona wanted the victim to search for a removal tool.
Image Source: Washington Post
![Page 52: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/52.jpg)
An extortionist demanded $10 mil for 8 mil patient records.
“I have your shit! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. ... For $10 million, I will gladly send along the password.”
Source: WikiLeaks
![Page 53: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/53.jpg)
Extortionists may launch DDoS attacks via botnets.
Example: A demand placed on a European gambling company (50,000 DNS requests/sec).
![Page 54: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/54.jpg)
The attackers are organized and well-equipped.
![Page 55: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/55.jpg)
The defenders need to keep learning and sharing.
![Page 56: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/56.jpg)
How does your security posture fend against these trends?
![Page 57: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/57.jpg)
Social Engineering – The Foot in the Door
Web – The New Operating System
Targets – Precision in Execution
Money – Commercialization of Threats
Malware – Pursuing Data & Computation
![Page 58: Emerging Internet Security Threats in 2009cdn.ttgtmedia.com/searchFinancialSecurity/... · Emerging Internet Security Threats in 2009 Lenny Zeltser Senior Faculty Member, SANS Institute](https://reader030.vdocuments.site/reader030/viewer/2022040615/5f0d343f7e708231d4392f46/html5/thumbnails/58.jpg)
Lenny Zeltserwww.zeltser.comtwitter.com/lennyzeltser