OWL Cybersecurity

OWL CYBERSECURITYThe DARKINT Experts

actum, Hamburg I 11.5.2017

OWL Cybersecurity

Agenda

OWL CYBERSECURITYWe are the darkint experts. Our mission is to be the world’s leading darknet content, tools and services provider and to empower our clients to continually improve their cybersecurity defenses.

Let us show you how adopting OWL Cybersecurity as part of your organization will better your cyber security posture and grow your organization.

Wer sind wir

Anwendungsbeispiele & Live Suche

Was ist einzigartig

Darkweb Herausforderungen

01

02

03

04 Live Recherche & Ergebnisse

05

Fragen & Antworten06

OWL Cybersecurity

• 2009 als Penetration Testing Organisation gegründet• Fokussiert auf Darknet Intelligence• Mitbegründer TOR Netzwerk, Andrew Lewman• OWL Vision plattform durchsucht 1.7 Million Seiten täglich• 210 Million TOR bis dato durchsucht• Globale Präsenz in Europa & U.S

Denver, USA

Munich, GermanyLondon, UK

Basel, Switzerland

Paris, France

Wer sind wir.

Warsaw, Poland

Dubai, UAE

OWL Cybersecurity

Gemeinsame Erfahrungen.

• Hipp

• AfD

• ADAC

• Car2go

• Deutsche Lufthansa

• Agentur für Arbeit

• Tesco Bank

• Sony

• Target

• Advocate Health

• LinkedIn

• Dropbox

• Yahoo

OWL Cybersecurity

Unendeckt.

221IBM / Ponemon 2016

OWL Cybersecurity

Kosten eines Datendiebstahls.

4.000.000IBM / Ponemon 2016

OWL Cybersecurity

Was passiert ausserhalb Ihrer Organisation ?

OWL Cybersecurity

Surface Web4% of content on the web

19 TB of information60 Trillion Pages

Facebook, Wikipedia, Google

Darknetcontent on the web

TOR, I2P, IRC

Deep Web96% of content on the web7500 Billion TB of informationPersonal Financial Sites, PasswordProtected sites, paste sites

Das Darknet.

OWL Cybersecurity

Warum sollten Sie sich darum kümmern.

• Gestohlene Kreditkarten

• Email Credentials

• Zugangsdaten

• Personenbezogene Daten

• Gefälschte Dokumente

• CAD Daten

• Strategiedokumente

• Diskussion über geplante Hacking Attacken

• Viruses, Malware, Vulnerabilities, Exploits

• CEO Diskussionen

OWL Cybersecurity

DIE DARKNET HERAUSFORDERUNGEN

OWL Cybersecurity

• NICHT INDEXIERT (Navigation)• SPEZIELLE KOMMUNIKATION • VERSTECKTE FOREN• 25% DER PASTESITES VERSCHWINDEN INNERHALB 30

TAGEN• GEFÄHRLICHER ZUGANG• KEINE ANONYMITÄT• UNVORHERSEHBAR

Darknet Herausforderungen.

OWL Cybersecurity

OWL DARKNET VISION PLATFORM

OWL Cybersecurity

Greifen Sie auf die weltweit größteverfügbare kommerzielle Darknet Datenbank zu.

Darknet Big Data.

OWL Cybersecurity

Einzigartig.

Wir SUCHEN Ihre gestohlenen oder anderweitig gefährdeten oder

sensiblen Daten in der WELTWEIT GRÖSSTEN

kommerziell verfügbaren Datenbank und INFORMIEREN Sie.

OWL Cybersecurity

Was machen wir.

OWL Vision sammelt, registriert und bewertet automatisch,anonym illegale Daten aus dem Darknet 24/7/365.

OWL Vision registriert mehr nützliche Daten in einer Stunde als ein Analyst in einem Monat.

OWL Cybersecurity

Die Datenbank.

ForenMarkplätzeSoziale NetzwerkeDEEPWEB

InhalteDARKNET Inhalte

• 2.5 Mio Seiten täglich analysiert• 24.000 TOR Domains• 10 Mio neue Dokumente tägl.• Speichert vergangenen Inhalt

OWL Cybersecurity

Wie machen wir das.

InteraktiveSuche Alerts

API + Datafeeds

OWL Cybersecurity

Zugriff - OWL Vision Plattform.

Interaktive manuelle Suche Web-Interface

Monitoring Services nach individuellen Vorgaben

Integration über die API z.B. an SAP über ZENOS

OWL Cybersecurity

WIR SIND IHR DARKNET FRÜHWARN SYSTEM

Unsere Aufgabe.

OWL Cybersecurity

Findings.

OWL Cybersecurity

WORÜBER WARNEN WIR SIE ?

OWL Cybersecurity

Wie man in einen Geldautomaten einbricht

Information currently in the database. Pages on the deep web

OWL Cybersecurity

Wo man ein Ddos Attacke kauft

Information currently in the database. Deep Web

OWL Cybersecurity

Benötigen Sie eine neue Kreditkarte

OWL Cybersecurity

Maschinenbau Patent Informationen

OWL Cybersecurity

Anwendungsbeispiel

OWL Cybersecurity

DDoS Angriffe wachsen.

DDoS. Haben sich die letzten 12 Monate verdoppelt. Q 4 / 16

Powered by Link11

OWL Cybersecurity

Phishing Emailsrecipients open phishing emails

Openedrecipients click on attachments

23% 11%

Phishing.

Social Engineeringof breaches involve social engineering attacks

29%

OWL Vision kann aufdecken wer am meisten Angreifbar ist.

OWL Cybersecurity

Executive Monitoring.

1

Using open source informationWe discovered 7 instances where Vodafone Executive emails were exposed on the darknet because of a breach.

2Threat actors canPotentially use this information to conduct spear phishing attacks or Socially Engineer. Executives are at higher risk to be targets.

3Use Darknet Early Warning System to continually monitorUtilize OWL Vision’s Monitoring service and watch the darknet 24x7/365 to gain situational awareness to protect against Executive Fraud.

2.3 Billion USDLost to CEO email scams

for the last 3 years

a Associates & Colleagues

b Social Media

OWL Cybersecurity

1Using the Open Web

how could a threat actor gain access to sensitive

information?

Geistiges Eigentum.

We already identified this document as a way to learn about capabilities

and create counter measures

2

Could a threat actor socially engineera R&S employee for

additional information on the darknet?

3Our Risk Analysis Teamidentified an individual who is working on the QPS200 Project. He is a Calibration and Repair Engineer. He lives approximately 11 minutes away from the R&S London Facility. We also learned from Social Media other personal details.

4

We also identified a sitethat contained pictures of Rohde & Schwarz ID badges

5

Given these pieces of informationit is possible to for a threat actor to construct a social engineering attack to gain access to additional sensitive information. We recommend to instruct the employee to remove the QPS200 project name from his public profile and to have those pictures removed from the website. Contact information the website administrator on the following slide.

OWL Cybersecurity

Russian Forum

Using OWL Visionwe discovered a Russian Forum that was / is potentially targeting IP addresses within your ASN:21197 (80.246.32.0/20). The ASN was observed among other IP Ranges listed on the forum. The forum is no longer available however a screenshot is below.

Erweiterung Network Security.

OWL Cybersecurity

Malicious Android ApplicationGT!tr.spy u. Android/Marcher.GT!tr.

Android/Marcher.GT!trWe looked in OWL Vision for

Marcher.GT

Pivot Term: Marcher.GTOne of the two identified

Malware names in the original post

Pivot Term: com.p360courvDiscovered an official Android package ID

based off of number 3’s result

2

Android Source Code (SMALIS)Malware instructions showing the targeted bank’s

mobile applications, for credential theft

3

4

5

Maßgeschneidert Aufgaben.

1

OWL Cybersecurity

• Barclay’s

• Bawag

• EasyBank

• RBS

• ING.DiBa

• TSB Mobile Banking

• Fiducia

• RBS

• HTSU

• Deutsche Bank

• ISIS Papyrus Raiffeisen

• Grppl

• Starfinaz

• Commerz Bank

• Comdirect

• DKB

• Santander

• Postbanks Finazassistent

• Spardat

• Volksbank

• Bank Austria

• Adesso

• Consorsbank

Android Source Code (SMALIS)Excerpt of the source code showing specific banks targeted in malicious campaign

OWL Cybersecurity

Targeted Bank’s Official Mobile ApplicationsObserved banking applications from Google Play Store

OWL Cybersecurity

Warum benötigen Sie ein Darknet Frühwarn System.

2 31 4 5 6 7

ControlBrand

Reputation

Protect clients &

employee data

CEO & Executives

fraud protection

Protect Intellectual property

Financial data loss prevention

Network security

enhancement

Get visibility for GDPR Compliance

OWL Cybersecurity

VISIBILITÄT

OWL Cybersecurity

354.900Results on the Onion Domain

1.030Pastebin Results

2.933Credentials | USERID | Password

Initial Darknet Footprint: Mittelgroße Bank

OWL Cybersecurity

523Results of Vodafone on the

Onion Domain

70Pastebin Results

20.799Credentials | USERID | Password

Initial Darknet Footprint: Vodafone

OWL Cybersecurity

Initial DarknetFootprint Report

OWL Cybersecurity

OFFERINGS

OWL Cybersecurity

Early Warning Monitoring Service

Includes:

• Initial Darknet Footprint• Search & Keyword Concept• Real Time eMail Alerts • Dedicated Intel. Analyst• Status Reports Quarterly• 20 h / M / Intel. Analyst• 1 Year contract

Unsere Services.

EXECUTIVE MONITORING

E MAIL CREDENTIALS DETECTION

INTELLECTUAL PROPERTY SEARCH

FINANCIAL DATA MONITORING

CUSTOMER & CLIENT DATAS PROTECTION

OWL Cybersecurity

Live Search.