owl actum deuts11ch 11thapril · 2017-05-17 · owl cybersecurity executive monitoring. 1 using...
TRANSCRIPT
OWL Cybersecurity
OWL CYBERSECURITYThe DARKINT Experts
actum, Hamburg I 11.5.2017
OWL Cybersecurity
Agenda
OWL CYBERSECURITYWe are the darkint experts. Our mission is to be the world’s leading darknet content, tools and services provider and to empower our clients to continually improve their cybersecurity defenses.
Let us show you how adopting OWL Cybersecurity as part of your organization will better your cyber security posture and grow your organization.
Wer sind wir
Anwendungsbeispiele & Live Suche
Was ist einzigartig
Darkweb Herausforderungen
01
02
03
04 Live Recherche & Ergebnisse
05
Fragen & Antworten06
OWL Cybersecurity
• 2009 als Penetration Testing Organisation gegründet• Fokussiert auf Darknet Intelligence• Mitbegründer TOR Netzwerk, Andrew Lewman• OWL Vision plattform durchsucht 1.7 Million Seiten täglich• 210 Million TOR bis dato durchsucht• Globale Präsenz in Europa & U.S
Denver, USA
Munich, GermanyLondon, UK
Basel, Switzerland
Paris, France
Wer sind wir.
Warsaw, Poland
Dubai, UAE
OWL Cybersecurity
Gemeinsame Erfahrungen.
• Hipp
• AfD
• ADAC
• Car2go
• Deutsche Lufthansa
• Agentur für Arbeit
• Tesco Bank
• Sony
• Target
• Advocate Health
• Dropbox
• Yahoo
OWL Cybersecurity
Unendeckt.
221IBM / Ponemon 2016
OWL Cybersecurity
Kosten eines Datendiebstahls.
4.000.000IBM / Ponemon 2016
OWL Cybersecurity
Was passiert ausserhalb Ihrer Organisation ?
OWL Cybersecurity
Surface Web4% of content on the web
19 TB of information60 Trillion Pages
Facebook, Wikipedia, Google
Darknetcontent on the web
TOR, I2P, IRC
Deep Web96% of content on the web7500 Billion TB of informationPersonal Financial Sites, PasswordProtected sites, paste sites
Das Darknet.
OWL Cybersecurity
Warum sollten Sie sich darum kümmern.
• Gestohlene Kreditkarten
• Email Credentials
• Zugangsdaten
• Personenbezogene Daten
• Gefälschte Dokumente
• CAD Daten
• Strategiedokumente
• Diskussion über geplante Hacking Attacken
• Viruses, Malware, Vulnerabilities, Exploits
• CEO Diskussionen
OWL Cybersecurity
DIE DARKNET HERAUSFORDERUNGEN
OWL Cybersecurity
• NICHT INDEXIERT (Navigation)• SPEZIELLE KOMMUNIKATION • VERSTECKTE FOREN• 25% DER PASTESITES VERSCHWINDEN INNERHALB 30
TAGEN• GEFÄHRLICHER ZUGANG• KEINE ANONYMITÄT• UNVORHERSEHBAR
Darknet Herausforderungen.
OWL Cybersecurity
OWL DARKNET VISION PLATFORM
OWL Cybersecurity
Greifen Sie auf die weltweit größteverfügbare kommerzielle Darknet Datenbank zu.
Darknet Big Data.
OWL Cybersecurity
Einzigartig.
Wir SUCHEN Ihre gestohlenen oder anderweitig gefährdeten oder
sensiblen Daten in der WELTWEIT GRÖSSTEN
kommerziell verfügbaren Datenbank und INFORMIEREN Sie.
OWL Cybersecurity
Was machen wir.
OWL Vision sammelt, registriert und bewertet automatisch,anonym illegale Daten aus dem Darknet 24/7/365.
OWL Vision registriert mehr nützliche Daten in einer Stunde als ein Analyst in einem Monat.
OWL Cybersecurity
Die Datenbank.
ForenMarkplätzeSoziale NetzwerkeDEEPWEB
InhalteDARKNET Inhalte
• 2.5 Mio Seiten täglich analysiert• 24.000 TOR Domains• 10 Mio neue Dokumente tägl.• Speichert vergangenen Inhalt
OWL Cybersecurity
Wie machen wir das.
InteraktiveSuche Alerts
API + Datafeeds
OWL Cybersecurity
Zugriff - OWL Vision Plattform.
Interaktive manuelle Suche Web-Interface
Monitoring Services nach individuellen Vorgaben
Integration über die API z.B. an SAP über ZENOS
OWL Cybersecurity
WIR SIND IHR DARKNET FRÜHWARN SYSTEM
Unsere Aufgabe.
OWL Cybersecurity
Findings.
OWL Cybersecurity
WORÜBER WARNEN WIR SIE ?
OWL Cybersecurity
Wie man in einen Geldautomaten einbricht
Information currently in the database. Pages on the deep web
OWL Cybersecurity
Wo man ein Ddos Attacke kauft
Information currently in the database. Deep Web
OWL Cybersecurity
Benötigen Sie eine neue Kreditkarte
OWL Cybersecurity
Maschinenbau Patent Informationen
OWL Cybersecurity
Anwendungsbeispiel
OWL Cybersecurity
DDoS Angriffe wachsen.
DDoS. Haben sich die letzten 12 Monate verdoppelt. Q 4 / 16
Powered by Link11
OWL Cybersecurity
Phishing Emailsrecipients open phishing emails
Openedrecipients click on attachments
23% 11%
Phishing.
Social Engineeringof breaches involve social engineering attacks
29%
OWL Vision kann aufdecken wer am meisten Angreifbar ist.
OWL Cybersecurity
Executive Monitoring.
1
Using open source informationWe discovered 7 instances where Vodafone Executive emails were exposed on the darknet because of a breach.
2Threat actors canPotentially use this information to conduct spear phishing attacks or Socially Engineer. Executives are at higher risk to be targets.
3Use Darknet Early Warning System to continually monitorUtilize OWL Vision’s Monitoring service and watch the darknet 24x7/365 to gain situational awareness to protect against Executive Fraud.
2.3 Billion USDLost to CEO email scams
for the last 3 years
a Associates & Colleagues
b Social Media
OWL Cybersecurity
1Using the Open Web
how could a threat actor gain access to sensitive
information?
Geistiges Eigentum.
We already identified this document as a way to learn about capabilities
and create counter measures
2
Could a threat actor socially engineera R&S employee for
additional information on the darknet?
3Our Risk Analysis Teamidentified an individual who is working on the QPS200 Project. He is a Calibration and Repair Engineer. He lives approximately 11 minutes away from the R&S London Facility. We also learned from Social Media other personal details.
4
We also identified a sitethat contained pictures of Rohde & Schwarz ID badges
5
Given these pieces of informationit is possible to for a threat actor to construct a social engineering attack to gain access to additional sensitive information. We recommend to instruct the employee to remove the QPS200 project name from his public profile and to have those pictures removed from the website. Contact information the website administrator on the following slide.
OWL Cybersecurity
Russian Forum
Using OWL Visionwe discovered a Russian Forum that was / is potentially targeting IP addresses within your ASN:21197 (80.246.32.0/20). The ASN was observed among other IP Ranges listed on the forum. The forum is no longer available however a screenshot is below.
Erweiterung Network Security.
OWL Cybersecurity
Malicious Android ApplicationGT!tr.spy u. Android/Marcher.GT!tr.
Android/Marcher.GT!trWe looked in OWL Vision for
Marcher.GT
Pivot Term: Marcher.GTOne of the two identified
Malware names in the original post
Pivot Term: com.p360courvDiscovered an official Android package ID
based off of number 3’s result
2
Android Source Code (SMALIS)Malware instructions showing the targeted bank’s
mobile applications, for credential theft
3
4
5
Maßgeschneidert Aufgaben.
1
OWL Cybersecurity
• Barclay’s
• Bawag
• EasyBank
• RBS
• ING.DiBa
• TSB Mobile Banking
• Fiducia
• RBS
• HTSU
• Deutsche Bank
• ISIS Papyrus Raiffeisen
• Grppl
• Starfinaz
• Commerz Bank
• Comdirect
• DKB
• Santander
• Postbanks Finazassistent
• Spardat
• Volksbank
• Bank Austria
• Adesso
• Consorsbank
Android Source Code (SMALIS)Excerpt of the source code showing specific banks targeted in malicious campaign
OWL Cybersecurity
Targeted Bank’s Official Mobile ApplicationsObserved banking applications from Google Play Store
OWL Cybersecurity
Warum benötigen Sie ein Darknet Frühwarn System.
2 31 4 5 6 7
ControlBrand
Reputation
Protect clients &
employee data
CEO & Executives
fraud protection
Protect Intellectual property
Financial data loss prevention
Network security
enhancement
Get visibility for GDPR Compliance
OWL Cybersecurity
VISIBILITÄT
OWL Cybersecurity
354.900Results on the Onion Domain
1.030Pastebin Results
2.933Credentials | USERID | Password
Initial Darknet Footprint: Mittelgroße Bank
OWL Cybersecurity
523Results of Vodafone on the
Onion Domain
70Pastebin Results
20.799Credentials | USERID | Password
Initial Darknet Footprint: Vodafone
OWL Cybersecurity
Initial DarknetFootprint Report
OWL Cybersecurity
OFFERINGS
OWL Cybersecurity
Early Warning Monitoring Service
Includes:
• Initial Darknet Footprint• Search & Keyword Concept• Real Time eMail Alerts • Dedicated Intel. Analyst• Status Reports Quarterly• 20 h / M / Intel. Analyst• 1 Year contract
Unsere Services.
EXECUTIVE MONITORING
E MAIL CREDENTIALS DETECTION
INTELLECTUAL PROPERTY SEARCH
FINANCIAL DATA MONITORING
CUSTOMER & CLIENT DATAS PROTECTION
OWL Cybersecurity
Live Search.