from phishing to the dark web: the life cycle of a cyber ...€¦ · § session hijacking and/or...
TRANSCRIPT
From Phishing to the Dark Web: The Life Cycle of a Cyber Attack
Stefanie Ellis AntiFraud Product Marketing Manager
2
Agenda
§ What is MarkMonitor’s Role?
§ Cyber Attacks & Threat Actors
§ How Cybercrime Operates
§ Life Cycle of a Cyber Attack
§ The Dark Web Element
§ Monetizing Stolen Data
§ Combatting Cyber Attacks
3
Have you assisted your organization in handling a cyber attack crisis? • Yes, very commonly • Yes, but minimally • No, but I know they have happened • No, my organization has never experienced a cyber attack
Poll
4
What’s MarkMonitor’s Role in this space?
Dark Web & Cyber Intelligence
24/7monitoringacrossDarkandDeepWebcybercrimezones,forbrand-related
cyberthreats.
AntiPhishing
PrevenAon,detecAon,andmiAgaAonofphishingandothersocialengineeringscams.
AntiMalware
DetecAon,analysis,andmiAgaAonofbrand-associatedmalware,wherethebrandisbeing
usedtodistributemalware.
5
What are cyber attacks?
A cyberattack is any type of offensive maneuver employed by nation-states, individuals, groups, or organizations: § That targets computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system.
§ These can be labeled as either a cyber campaign, cyberwarfare or cyberterrorism in different contexts. Cyberattacks can range from installing spyware on a PC to attempts to destroy the infrastructure of entire nations. Source: Wikipedia
6
Techtarget.com definition: A threat actor, also called a malicious actor, is an entity that is partially or wholly responsible for an incident that impacts – or has the potential to impact – an organization's security. In threat intelligence, actors are generally categorized as external, internal or partner.
7
Threat Actor Activity
8
Types of Cyber Attacks
Common cyber attacks include, but are not limited to:
§ Phishing – brand impersonation for consumer credentials
§ Malware – malicious software most often designed to silently steal data by infiltrating your computer or network
§ Spearphishing – targeted employee attack for money, data, or malware distribution § 95% of enterprise network attacks are the result of a successful spearphishing attack
§ APTs – Advanced Persistent Threats, designed to silently steal data over a long period of time
§ Ransomware – malicious software designed to encrypt your computer or network files for ransom
9
Types of Cyber Attacks continued
§ SQL Injection Attacks – running malicious code on compromised server to steal data
§ Cross-Site Scripting – malicious code injection operated through the user’s browser
§ DDOS – make a website inaccessible by flooding it with traffic
§ Session Hijacking and/or Man-in-the-Middle Attacks – hijacking or hacking into an online session to steal data or initiate money transfers – often accomplished using cross-site scripting
§ Credential Reuse – when credentials are harvested in any of the above methods the threat actors reuses those credentials on other sites with the expectation that we, as consumers, are reusing usernames and passwords for multiple accounts
10
Has your organization experienced any of the following types of attacks (check all that apply): • Consumer Phishing • Brand-associated malware • Employee spearphishing/ Executive impersonation scams • SQL injection attack • Cross-Site Scripting • DDOS • Session Hijacking/ Man-in-the-Middle
Poll
11
§ Each role is specialized, and employing these tools/people costs the threat actor money or trade to execute
§ Different tools needed dependent on the type of attack being planned
Cybercrime is a business
Lifecycle of a Cyber Attack
13
Research: ID Target
Reconnaissance: Identify a way in
Development: Acquire tools
Build Campaign Testing
Initiate Attack
14
Lifecycle of a Cyber Attack
A target is selected on multiple parameters: • What is the motivation? What’s the gold? What’s the endgame?
• Direct access to money • Data (credentials or intellectual property) for resale • Network intrusion for APT, ransomware
• Threat Actor’s skill set & knowledge • Identified vulnerabilities
15
Lifecycle of a Cyber Attack
• Social Engineering • Business Intelligence
16
Social Engineering Examples
17
Social Engineering Examples
18
Social Engineering Examples
19
Social Engineering Examples
20
Lifecycle of a Cyber Attack
Dependent on type of attack: § Acquire tools/technology needed to execute § Plan attack § Build campaign steps
21
Dark Web Marketplaces Enable Cybercrime Activities
Dark Web Marketplaces – such as Sky-Fraud, Lampeduza, Exploit Dot, and many more, offer many tools for sell, such as:
§ PII/credit card data/stolen credentials § Phish Kits § Botnets, exploits, malware § Malware distribution services § Zero Day software vulnerabilities § Trojans/Binders § Crypters § Serial keys for commercial programs § Hacked databases § Remote access tools § Stolen social media accounts § VPN services
22
Lifecycle of a Cyber Attack
Dependent on type of attack: § Test email campaign § Test intrusion in a small way for detection
23
Lifecycle of a Cyber Attack
Attack commences – 1. Delivering campaign, or commencing intrusion, is the beginning of the attack
2. Follow-up steps may include multiple campaigns or targets, or multiple levels of malware intrusion after the initial infection
The Dark Web Element
25
Monetizing Stolen Data
§ 8,000 different illegal products exchanged across 17 websites
§ Carding credentials are #1
Source: Arizona State University https://arxiv.org/pdf/1607.07903.pdf
26
Dark Web Marketplaces Enable Cybercrime Activities
27
Dark Web Marketplaces Enable Cybercrime Activities
28
Dark Web Marketplaces Enable Cybercrime Activities
29
Dark Web Marketplaces Enable Cybercrime Activities
30
Dark Web Marketplaces Enable Cybercrime Activities
31
Banking Account Credentials For Sale
§ Sample of hundreds of banking accounts for one organization
§ For sale: $12 each
32
Healthcare Patient Files for Sale following Data Breach
§ 9.3m patient files harvested
§ For sale: $750 bitcoin (roughly $3m)
§ Violating U.S. HIPAA laws protecting medical records
33
Using Employee Credentials/Re-using passwords
§ Employee credentials – email address & password
§ Employees use their corporate emails with 3rd party vendors
§ Passwords get re-used
34
How Can You Combat Cyber-Attacks?
§ Awareness – Don’t think it can’t happen to your organization
§ Education – Employee & Consumer
§ Protection – Internal security & external monitoring and mitigation
§ Intelligence – As risks evolve so should your incident plan and practices
Q&A
36
For information on MarkMonitor solutions, services and complimentary educational events:
§ Contact via email: [email protected]
§ Visit our website: www.markmonitor.com
§ Contact via phone:
§ US: 1 (800) 745 9229
§ Europe: +44 (0) 203 206 2220
Thank You!
Stefanie Ellis, AntiFraud Product Marketing Manager | 208-685-1801 | [email protected] | markmonitor.com