•

•

•

–

–

–

–

•–

–

–

–

–

–

•

•

•

–

•

•

•

–

•

•

•

•

•–

–

•–

•–

–

•–

–Dancho Danchev Bloghttp://ddanchev.blogspot.com/2008/06/price-discrimination-in-market-for.html

“Hacker Forums” and online advertisements (Personal Research)

Kaspersky Labs – The Economics of Botnets http://www.securelist.com/en/analysis/204792068/The_economics_of_Botnets

•

•

–

–

•

–

•

–

•

–

•

•

•

•

•

•

•

•

•

1. Spearphishing w/doc exploit

2. User opens msg3. Attacker installs

backdoor4. Attacker propagates5. Attacker elevates

•

–

–

–

–

•

–McAfee Blogs – Latest Spyeye Botnet Active and Cheaper

http://blogs.mcafee.com/mcafee-labs/latest-spyeye-botnet-active-and-cheaper

Personal Research on forums and google indexed malware pricing lists

McAfee Blogs – Latest Spyeye Botnet Active and Cheaper

http://blogs.mcafee.com/mcafee-labs/latest-spyeye-botnet-active-and-cheaper

Personal Research on forums and google indexed malware pricing lists

•

•

•–

•

–•

•

•

–•

•

•

–

•

–

–

•

•

–

–

–

–

Security Week – Black Hole Exploithttp://www.securityweek.com/black-hole-exploit-business-savvy-cyber-gang-driving-massive-wave-fraud

GoDaddy Hostinghttp://www.godaddy.com

Gamma Internationalhttp://wiki.echelon2.org/wiki/Gamma_International

RSA Monthly Fraud Report – May 2012http://goo.gl/v6wye

Security Week – Black Hole Exploithttp://www.securityweek.com/black-hole-exploit-business-savvy-cyber-gang-driving-massive-wave-fraud

GoDaddy Hostinghttp://www.godaddy.com

Gamma Internationalhttp://wiki.echelon2.org/wiki/Gamma_International

RSA Monthly Fraud Report – May 2012http://goo.gl/v6wye

•–

•–

•–

–

1YR total:$111,000

Does not include:

Cost of people

Cost of risk of illicit / illegal activity

•

–

–

–

•

–

•

–

•

–

•

•

•

$80,000

$3,450

$18,315

Initial access CVE-2013-0025

Poison Ivy

$66,000

Antivirus

Patch management, solution

$3,500Firewall

Attacker$0

Defender$171,265

SCALE500 Seats

MSF Community Edition

Maintenance (15%)

Security Engineer

$167,815

$120,000

$320,000$1500

Initial access CVE-2013-0025(still free)

Exploit Kit

Everything from before

$21,700Web Proxy

Attacker$2500

Defender$645,720

Backdoor

C2

$150

$540

$538

Packer

Application Whitelisting$12,500

Head Security Engineer

5 Security engineers

$642,720

$400,000

$550,000

$1,500,000

$2,000Exploit Kit

Everything from before

$28,100

SIEM

Attacker$110,000

Defender$3,150,000

0day

C2

$4,239

$90,000

$13,364 NIDS

$16,000

10 Security Engineers

HIDS$???

$??????

Commercial Backdoor

“There are known knowns; there are things

we know we know.

We also know there are known unknowns;

that is to say, we know there are some

things we do not know.

But there are also unknown unknowns –

the ones we don’t know we don’t know.”

~US SECDEF Donald Rumsfeld2 SIEM Engineers

•

•

–

–

–

•

–

–

•

•

•

•

•

•

–

–

–

–

•

•

•

•

•

•

•

•

•

–

•

–

–

–

–

•

•

•

–

–

–

•

•

•

•

•

•

•

•

•

–

–

•

•

•

@wepIVblog.blackthc.com