Hackers Interrupted - RSA Conference Interrupted. CCT-W05. ... Resume Petty Crimes Crime ...

download Hackers Interrupted - RSA Conference  Interrupted. CCT-W05. ... Resume Petty Crimes Crime  Punishment ... Use Threat Intelligence as a defense technique. Understand the Dark

of 29

  • date post

    01-May-2018
  • Category

    Documents

  • view

    215
  • download

    2

Embed Size (px)

Transcript of Hackers Interrupted - RSA Conference Interrupted. CCT-W05. ... Resume Petty Crimes Crime ...

  • SESSION ID:SESSION ID:

    #RSAC

    Alex Holden

    Hackers Interrupted

    CCT-W05

    Chief Information Security OfficerHold Security, LLC@HoldSecurity

  • #RSAC

    Understanding Hackers

    2

    Why is this important?

    Can this stop cyber crime?

    Transcending technology

  • #RSAC

    What Drives a Hacker?

    3

    HACKTIVISM REVENGE STATE-SPONSORED

    FOR-PROFIT CRIME

  • #RSAC

    Modern Hacker

    4

  • #RSAC

    What is a Threat to You

    5

    Defamation and Reputation Loss

    Stolen Secrets

    Stolen Data

    Availability

  • #RSAC

    Learn to be a Hacker

    6

    Carding UniversityVirtual Carding Basics

    Hacker University

    Job After Graduation

    Professors Insight

  • #RSAC

    Hackers View of Us

    7

    Tessa88: Foreignersthe common folkI despise themthey are garbage to me

    War of stereotypesIm fighting a holy war against the West They drive their Rolls Royce's and go home to their million-dollar houses, while people here are struggling. I will never harm my fellow Slavs; but America, Europe, and the rest of the world deserve it.

    - aqua (jabberzeus)

  • #RSAC

    Target Retail Stores Breach

    8

    Kartoxa POS Malware author - Rinat Shabaev was looking for a regular job programming, asking for about 12 USD per hour. After failing to find a job, he is recruited to write a virus that steals financial data from 40 million victims.

  • #RSAC

    Target Breach Delivery Man

    9

  • #RSAC

    Target Breach

    10

  • #RSAC

    Extortion - Ransomware

    11

  • #RSACSan Francisco Municipal Transport Agency Ransomware Attach

    12

    What Happened?

    Hacker Techniques

    Who Is To Blame?

    How To Defend?

  • #RSAC

    The Russians Did It

    13

    Yandex Mail Messages

    Russian Phone Numbers

    Language Preferences

    Access Techniques

  • #RSAC

    Hackers Setup

    14

    Discovery and Attack ServerScan the Internet

    Exploit

    Explore

    Infection Server

    Extort and Communicate

  • #RSAC

    San Francisco Light Rail Ransomware

    15

    Metropolitan area railroad transportation system paralyzed from Ransomware attack sourced from Iran

  • #RSAC

    Target the Internet

    16

    Scans of 4.0.0.0/8 network (Layer 3)Scan of 75.0.0.0/11 network (AT&T)

    Found 75.10.2xx.xxx target SFMTA Oracle Primavera Server

    Exploited vulnerability

    Identified a network with 8,000+ systems

    Continued scanning US, Iran, and other networks.

  • #RSAC

    Tessa88

    17

  • #RSAC

    Who is the Real Tessa88?

    18

    Hacker sells stolen credentials from major breaches. Creates instability by exposing billions of accounts, and lying about Twitter and Yahoo breached data.

  • #RSAC

    Graduation to a Criminal

    19

    Resume

    Petty Crimes

    Crime & Punishment

    Graduation

  • #RSAC

    Drugs

    20

    HiroshimaAlso called Atomic Bomb or Atomic Blast

    Contains synthetic cannabinoid products like JWH-018

  • #RSAC

    2014 Drug Runner

    21

  • #RSAC

    While in Prison

    22

    I see a dreamI am DROWNING

    My heart beats fastI want to ESCAPETake a deep breath

    This is only a dreamOnly a NIGHTMARE

    I see myselfI am a bird flying so high

    I wake up I am still in SHOCK

    White pillowBed CAGEI am LOCKED UP

    My mood is dimWorld disappeared This is my reality now

  • #RSAC

    Yahoo Summer 2016

    23

    July sampleFake sale

  • #RSAC

    Malware Tech Marcus Hutchins

    24

    Transformation from hacker to a security researcher

    2009 Selling password stealers and scareware

    2012-2014 Distribution and reselling of viruses and exploit kits

    2014 Emergence of a researcher alter ego

    2017 Accidental discovery of WannaCry killswitch.

  • #RSAC

    Understanding Hackers

    25

    Hackers are human with faults

    Hackers are ruthless

    Hackers are innovative

    Understanding the human side of a hacker leads to improvement of our defenses

  • #RSAC

    Defense Techniques

    26

    Learn about your enemy

    Tune your defenses toward the threat

    Fortify against hackers NOT auditors

  • #RSAC

    Defenses 101

    27

    Viruses

    Credentials Misconfigurations

    0days

  • #RSAC

    Using Knowledge to Discourage Hackers

    28

    Increase complexity required for an attack to make your infrastructure the most unhospitable and fruitless for an attacker.

    Create HoneyPots in systems, applications, functions, and data as early identifiers for on-going attacks or exploitations.

    Use Threat Intelligence as a defense technique. Understand the Dark Web. Stay ahead of the adversary by adapting your defenses to their attack techniques.

  • #RSAC

    Conclusions

    29

    Hackers are winning

    We are improving

    Understanding our adversary is the key

    Hackers InterruptedUnderstanding HackersWhat Drives a Hacker?Modern HackerWhat is a Threat to YouLearn to be a HackerHackers View of UsTarget Retail Stores BreachTarget Breach Delivery ManTarget BreachExtortion - RansomwareSan Francisco Municipal Transport Agency Ransomware AttachThe Russians Did ItHackers SetupSan Francisco Light Rail RansomwareTarget the InternetTessa88Who is the Real Tessa88?Graduation to a Criminal Drugs2014 Drug RunnerWhile in PrisonYahoo Summer 2016Malware Tech Marcus HutchinsUnderstanding HackersDefense TechniquesDefenses 101Using Knowledge to Discourage HackersConclusions