Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light...
Transcript of Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light...
Shining a light on the criminal underground
Introducing:
David Burdelski Experian
Mike Gross Experian
©Experian 3
We now live in a world where
attackers have the advantage #DataIsGold (and they have a ton of it)
4/18/2017 Experian Public Vision 2017 ©Experian 3
©Experian 4
HYPER-connected world
• Smart tech ubiquitous
• Mobile adoption fueling growth
• Big Data insights driving margins
• Instant gratification
Attackers exploit tech explosion
• Compromised data EVERYWHERE
• Security an afterthought
We are living in a different era
4/18/2017 Experian Public Vision 2017
©Experian 5 4/18/2017 Experian Public Vision 2017
But can anyone possibly protect it?
Source: Trend Micro
$3.78
$6.43
$3.02
$0.22
Identity data has a price
©Experian 6
Attackers have evolved
4/18/2017 Experian Public Vision 2017
Opportunist
• Masquerade as another identity (a la Frank Abagnale)
• Leverage repurposed malware, likely blocked
• Mistakes common, easily traced
• Low barrier to entry, moderate risk to reward ratio
Carder
• Small copycat rings focused on stealing, selling, repeating
• Leverage key- loggers and repurposed malware kits
• Sell data on carding / data forums
• Entry limited to reputation, low risk to reward ratio
Hacktivist
• Distributed hacker network
• Access via vulnerabilities, brute force, or social engineering
• Typically targeted attack for political or social motivation
• Maintain anonymity, low risk of detection
Organized ring
• Global fraud enterprise with strong domain expertise
• Target large international financial transactions
• Top 10% of attackers, quickly attack and disappear
• Fund terrorism, drug trade, human trafficking, etc.
State-sponsored
• Sophisticated, well-funded, often state-sponsored
• Create / embed new malware, deep and persistent
• Elite 0.5% of attackers, quickly attack and disappear
• Extract secrets, corporate espionage, infrastructure
©Experian 7 4/18/2017 Experian Public Vision 2017
• New landscape overnight
• Enables market growth
• Satisfies Big Data hunger
• But extremely confusing
for executives
And tech has seen an innovation arms race
©Experian 8
Drop zones Publicly writable directory on the Internet that serves as an exchange point for key logger / stolen data
Zero-day attacks Attacks that exploit a previously unknown vulnerability in a computer application
A brief commercial break For some important definitions
4/18/2017 Experian Public Vision 2017
Software programs that automate routine tasks Bots / Botnets
Dark Web Part of the Internet accessible via special software and allowing users to remain anonymous
Internet of Things (IoT) Connected devices embedded with software, sensors and network connectivity, enabling them to collect and exchange data
Penetration testing Testing a computer system, network or application to find vulnerabilities that an attacker could exploit
Threat exchange Communities with a secure, trusted platform to enable cyber threat intelligence and analysis
©Experian 9
• Network
• Internet
• Client – Server – Peer-2-Peer
• The web
• A browser
• Indexing
• Content or purpose
4/18/2017 Experian Public Vision 2017
So what makes it a Dark Web?
A part of the Deep Web accessible only through certain
browsers such as Tor designed to ensure anonymity.
©Experian 10
The Dark Web: Content or purpose?
4/18/2017 Experian Public Vision 2017
©Experian 11
• Latest malware undetectable
• Air-to-glass device compromise
• IoT botnets and ransomware
• Identity data hemorrhages
… and biometrics, W-2s, health data …
4/18/2017 Experian Public Vision 2017
Pinpointing top threats
©Experian 12
Criminal’s malware-based monetization
4/18/2017 Experian Public Vision 2017
1233 2342 23423 2342
Daeeoab Berosu 08/16
Hacker
Carder Web site
Carder
Prepaid Card
Gift Card
Merchants Cards
Moving up in the monetization stream
©Experian 13
Zero-days are a gold mine
4/18/2017 Experian Public Vision 2017
Geography 1,000 5,000 10,000
World mix $25 $110 $200
EU mix $50 $225 $400
DE, CA, GB $80 $350 $600
US $120 $550 $1,000
A well-positioned, rooted mobile phone … pricele$$
Name your price: Zero-day vulnerabilities
Botnets for hire: Bot-in-a-box
Adobe Reader $5,000 – $30,000
Mac OSX $20,000 – $50,000
Android $30,000 – $60,000
Flash or JAVA browser plug-ins $40,000 – $100,000
Microsoft Word $50,000 – $100,000
Windows $60,000 – $120,000
Firefox or Safari $60,000 – $150,000
Chrome or Internet Explorer $80,000 – $200,000
IOS $100,000 – $250,000
©Experian 14
Carding forums and channels
4/18/2017 Experian Public Vision 2017
©Experian 15
W-2 data: Get it while it’s hot What’s next?
4/18/2017 Experian Public Vision 2017
©Experian 16
• Unified view across business siloes
Inventory systems and controls
• Strong penetration testing
• Proactive patching
• Collaborate via threat exchanges
• Recruit strong security teams
Enlist white hat hackers
4/18/2017 Experian Public Vision 2017
Defending our organizations
©Experian 17
• Engage private AND public sector
• Bridge multiple sources
• Create actionable intelligence
• Leverage trusted networks
• Share attack data in global consortiums
4/18/2017 Experian Public Vision 2017
Collaborating with peers
©Experian 18
• Mobile and IoT malware
• Coordinated zero-days target infrastructure
• Support system takeovers
• Open APIs exploited
• Attacker gamification
• Will AI go rogue?
4/18/2017 Experian Public Vision 2017
Predicting future attacks
©Experian 19
• Understand top threats
• Harden defenses (and play offense)
• Collaborate with industry experts
• Anticipate future attacks and business impacts
4/18/2017 Experian Public Vision 2017
Key takeaways
©Experian 20 4/18/2017 Experian Public Vision 2017
Experian contacts:
David Burdelski [email protected]
Mike Gross [email protected]
Questions?
©Experian 21
Share your thoughts about Vision 2017!
4/18/2017 Experian Public Vision 2017
Please take the time now to give us your feedback about this session.
You can complete the survey at the kiosk outside.
How would you rate both the Speaker and Content?