from phishing to the dark web: the life cycle of a cyber ...€¦ · § session hijacking and/or...

From Phishing to the Dark Web: The Life Cycle of a Cyber Attack

Stefanie Ellis AntiFraud Product Marketing Manager

2

Agenda

§  What is MarkMonitor’s Role?

§  Cyber Attacks & Threat Actors

§  How Cybercrime Operates

§  Life Cycle of a Cyber Attack

§  The Dark Web Element

§  Monetizing Stolen Data

§  Combatting Cyber Attacks

3

Have you assisted your organization in handling a cyber attack crisis? •  Yes, very commonly •  Yes, but minimally •  No, but I know they have happened •  No, my organization has never experienced a cyber attack

Poll

4

What’s MarkMonitor’s Role in this space?

Dark Web & Cyber Intelligence

24/7monitoringacrossDarkandDeepWebcybercrimezones,forbrand-related

cyberthreats.

AntiPhishing

PrevenAon,detecAon,andmiAgaAonofphishingandothersocialengineeringscams.

AntiMalware

DetecAon,analysis,andmiAgaAonofbrand-associatedmalware,wherethebrandisbeing

usedtodistributemalware.

5

What are cyber attacks?

A cyberattack is any type of offensive maneuver employed by nation-states, individuals, groups, or organizations: § That targets computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system.

§ These can be labeled as either a cyber campaign, cyberwarfare or cyberterrorism in different contexts. Cyberattacks can range from installing spyware on a PC to attempts to destroy the infrastructure of entire nations. Source: Wikipedia

6

Techtarget.com definition: A threat actor, also called a malicious actor, is an entity that is partially or wholly responsible for an incident that impacts – or has the potential to impact – an organization's security. In threat intelligence, actors are generally categorized as external, internal or partner.

7

Threat Actor Activity

8

Types of Cyber Attacks

Common cyber attacks include, but are not limited to:

§  Phishing – brand impersonation for consumer credentials

§  Malware – malicious software most often designed to silently steal data by infiltrating your computer or network

§  Spearphishing – targeted employee attack for money, data, or malware distribution §  95% of enterprise network attacks are the result of a successful spearphishing attack

§  APTs – Advanced Persistent Threats, designed to silently steal data over a long period of time

§  Ransomware – malicious software designed to encrypt your computer or network files for ransom

9

Types of Cyber Attacks continued

§  SQL Injection Attacks – running malicious code on compromised server to steal data

§  Cross-Site Scripting – malicious code injection operated through the user’s browser

§  DDOS – make a website inaccessible by flooding it with traffic

§  Session Hijacking and/or Man-in-the-Middle Attacks – hijacking or hacking into an online session to steal data or initiate money transfers – often accomplished using cross-site scripting

§  Credential Reuse – when credentials are harvested in any of the above methods the threat actors reuses those credentials on other sites with the expectation that we, as consumers, are reusing usernames and passwords for multiple accounts

10

Has your organization experienced any of the following types of attacks (check all that apply): •  Consumer Phishing •  Brand-associated malware •  Employee spearphishing/ Executive impersonation scams •  SQL injection attack •  Cross-Site Scripting •  DDOS •  Session Hijacking/ Man-in-the-Middle

Poll

11

§  Each role is specialized, and employing these tools/people costs the threat actor money or trade to execute

§  Different tools needed dependent on the type of attack being planned

Cybercrime is a business

Lifecycle of a Cyber Attack

13

Research: ID Target

Reconnaissance: Identify a way in

Development: Acquire tools

Build Campaign Testing

Initiate Attack

14


A target is selected on multiple parameters: • What is the motivation? What’s the gold? What’s the endgame?

•  Direct access to money •  Data (credentials or intellectual property) for resale •  Network intrusion for APT, ransomware

• Threat Actor’s skill set & knowledge • Identified vulnerabilities

15


•  Social Engineering •  Business Intelligence

16

Social Engineering Examples

17


18


19


20


Dependent on type of attack: §  Acquire tools/technology needed to execute §  Plan attack §  Build campaign steps

21

Dark Web Marketplaces Enable Cybercrime Activities

Dark Web Marketplaces – such as Sky-Fraud, Lampeduza, Exploit Dot, and many more, offer many tools for sell, such as:

§  PII/credit card data/stolen credentials §  Phish Kits §  Botnets, exploits, malware §  Malware distribution services §  Zero Day software vulnerabilities §  Trojans/Binders §  Crypters §  Serial keys for commercial programs §  Hacked databases §  Remote access tools §  Stolen social media accounts §  VPN services

22


Dependent on type of attack: §  Test email campaign §  Test intrusion in a small way for detection

23


Attack commences – 1. Delivering campaign, or commencing intrusion, is the beginning of the attack

2. Follow-up steps may include multiple campaigns or targets, or multiple levels of malware intrusion after the initial infection

The Dark Web Element

25

Monetizing Stolen Data

§  8,000 different illegal products exchanged across 17 websites

§  Carding credentials are #1

Source: Arizona State University https://arxiv.org/pdf/1607.07903.pdf

26


27


28


29


30


31

Banking Account Credentials For Sale

§  Sample of hundreds of banking accounts for one organization

§  For sale: $12 each

32

Healthcare Patient Files for Sale following Data Breach

§  9.3m patient files harvested

§  For sale: $750 bitcoin (roughly $3m)

§  Violating U.S. HIPAA laws protecting medical records

33

Using Employee Credentials/Re-using passwords

§  Employee credentials – email address & password

§  Employees use their corporate emails with 3rd party vendors

§  Passwords get re-used

34

How Can You Combat Cyber-Attacks?

§  Awareness – Don’t think it can’t happen to your organization

§  Education – Employee & Consumer

§  Protection – Internal security & external monitoring and mitigation

§  Intelligence – As risks evolve so should your incident plan and practices

36

For information on MarkMonitor solutions, services and complimentary educational events:

§  Contact via email: [email protected]

§  Visit our website: www.markmonitor.com

§  Contact via phone:

§  US: 1 (800) 745 9229

§  Europe: +44 (0) 203 206 2220

Thank You!

Stefanie Ellis, AntiFraud Product Marketing Manager | 208-685-1801 | [email protected] | markmonitor.com

from phishing to the dark web: the life cycle of a cyber ...€¦ · § session hijacking and/or...

Documents