Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light...

22
Shining a light on the criminal underground

Transcript of Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light...

Page 1: Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light on the criminal underground . Introducing: David Burdelski Experian Mike Gross Experian

Shining a light on the criminal underground

Page 2: Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light on the criminal underground . Introducing: David Burdelski Experian Mike Gross Experian

Introducing:

David Burdelski Experian

Mike Gross Experian

Page 3: Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light on the criminal underground . Introducing: David Burdelski Experian Mike Gross Experian

©Experian 3

We now live in a world where

attackers have the advantage #DataIsGold (and they have a ton of it)

4/18/2017 Experian Public Vision 2017 ©Experian 3

Page 4: Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light on the criminal underground . Introducing: David Burdelski Experian Mike Gross Experian

©Experian 4

HYPER-connected world

• Smart tech ubiquitous

• Mobile adoption fueling growth

• Big Data insights driving margins

• Instant gratification

Attackers exploit tech explosion

• Compromised data EVERYWHERE

• Security an afterthought

We are living in a different era

4/18/2017 Experian Public Vision 2017

Page 5: Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light on the criminal underground . Introducing: David Burdelski Experian Mike Gross Experian

©Experian 5 4/18/2017 Experian Public Vision 2017

But can anyone possibly protect it?

Source: Trend Micro

$3.78

$6.43

$3.02

$0.22

Identity data has a price

Page 6: Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light on the criminal underground . Introducing: David Burdelski Experian Mike Gross Experian

©Experian 6

Attackers have evolved

4/18/2017 Experian Public Vision 2017

Opportunist

• Masquerade as another identity (a la Frank Abagnale)

• Leverage repurposed malware, likely blocked

• Mistakes common, easily traced

• Low barrier to entry, moderate risk to reward ratio

Carder

• Small copycat rings focused on stealing, selling, repeating

• Leverage key- loggers and repurposed malware kits

• Sell data on carding / data forums

• Entry limited to reputation, low risk to reward ratio

Hacktivist

• Distributed hacker network

• Access via vulnerabilities, brute force, or social engineering

• Typically targeted attack for political or social motivation

• Maintain anonymity, low risk of detection

Organized ring

• Global fraud enterprise with strong domain expertise

• Target large international financial transactions

• Top 10% of attackers, quickly attack and disappear

• Fund terrorism, drug trade, human trafficking, etc.

State-sponsored

• Sophisticated, well-funded, often state-sponsored

• Create / embed new malware, deep and persistent

• Elite 0.5% of attackers, quickly attack and disappear

• Extract secrets, corporate espionage, infrastructure

Page 7: Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light on the criminal underground . Introducing: David Burdelski Experian Mike Gross Experian

©Experian 7 4/18/2017 Experian Public Vision 2017

• New landscape overnight

• Enables market growth

• Satisfies Big Data hunger

• But extremely confusing

for executives

And tech has seen an innovation arms race

Page 8: Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light on the criminal underground . Introducing: David Burdelski Experian Mike Gross Experian

©Experian 8

Drop zones Publicly writable directory on the Internet that serves as an exchange point for key logger / stolen data

Zero-day attacks Attacks that exploit a previously unknown vulnerability in a computer application

A brief commercial break For some important definitions

4/18/2017 Experian Public Vision 2017

Software programs that automate routine tasks Bots / Botnets

Dark Web Part of the Internet accessible via special software and allowing users to remain anonymous

Internet of Things (IoT) Connected devices embedded with software, sensors and network connectivity, enabling them to collect and exchange data

Penetration testing Testing a computer system, network or application to find vulnerabilities that an attacker could exploit

Threat exchange Communities with a secure, trusted platform to enable cyber threat intelligence and analysis

Page 9: Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light on the criminal underground . Introducing: David Burdelski Experian Mike Gross Experian

©Experian 9

• Network

• Internet

• Client – Server – Peer-2-Peer

• The web

• A browser

• Indexing

• Content or purpose

4/18/2017 Experian Public Vision 2017

So what makes it a Dark Web?

A part of the Deep Web accessible only through certain

browsers such as Tor designed to ensure anonymity.

Page 10: Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light on the criminal underground . Introducing: David Burdelski Experian Mike Gross Experian

©Experian 10

The Dark Web: Content or purpose?

4/18/2017 Experian Public Vision 2017

Page 11: Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light on the criminal underground . Introducing: David Burdelski Experian Mike Gross Experian

©Experian 11

• Latest malware undetectable

• Air-to-glass device compromise

• IoT botnets and ransomware

• Identity data hemorrhages

… and biometrics, W-2s, health data …

4/18/2017 Experian Public Vision 2017

Pinpointing top threats

Page 12: Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light on the criminal underground . Introducing: David Burdelski Experian Mike Gross Experian

©Experian 12

Criminal’s malware-based monetization

4/18/2017 Experian Public Vision 2017

1233 2342 23423 2342

Daeeoab Berosu 08/16

Hacker

Carder Web site

Carder

Prepaid Card

Gift Card

Merchants Cards

Moving up in the monetization stream

Page 13: Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light on the criminal underground . Introducing: David Burdelski Experian Mike Gross Experian

©Experian 13

Zero-days are a gold mine

4/18/2017 Experian Public Vision 2017

Geography 1,000 5,000 10,000

World mix $25 $110 $200

EU mix $50 $225 $400

DE, CA, GB $80 $350 $600

US $120 $550 $1,000

A well-positioned, rooted mobile phone … pricele$$

Name your price: Zero-day vulnerabilities

Botnets for hire: Bot-in-a-box

Adobe Reader $5,000 – $30,000

Mac OSX $20,000 – $50,000

Android $30,000 – $60,000

Flash or JAVA browser plug-ins $40,000 – $100,000

Microsoft Word $50,000 – $100,000

Windows $60,000 – $120,000

Firefox or Safari $60,000 – $150,000

Chrome or Internet Explorer $80,000 – $200,000

IOS $100,000 – $250,000

Page 14: Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light on the criminal underground . Introducing: David Burdelski Experian Mike Gross Experian

©Experian 14

Carding forums and channels

4/18/2017 Experian Public Vision 2017

Page 15: Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light on the criminal underground . Introducing: David Burdelski Experian Mike Gross Experian

©Experian 15

W-2 data: Get it while it’s hot What’s next?

4/18/2017 Experian Public Vision 2017

Page 16: Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light on the criminal underground . Introducing: David Burdelski Experian Mike Gross Experian

©Experian 16

• Unified view across business siloes

Inventory systems and controls

• Strong penetration testing

• Proactive patching

• Collaborate via threat exchanges

• Recruit strong security teams

Enlist white hat hackers

4/18/2017 Experian Public Vision 2017

Defending our organizations

Page 17: Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light on the criminal underground . Introducing: David Burdelski Experian Mike Gross Experian

©Experian 17

• Engage private AND public sector

• Bridge multiple sources

• Create actionable intelligence

• Leverage trusted networks

• Share attack data in global consortiums

4/18/2017 Experian Public Vision 2017

Collaborating with peers

Page 18: Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light on the criminal underground . Introducing: David Burdelski Experian Mike Gross Experian

©Experian 18

• Mobile and IoT malware

• Coordinated zero-days target infrastructure

• Support system takeovers

• Open APIs exploited

• Attacker gamification

• Will AI go rogue?

4/18/2017 Experian Public Vision 2017

Predicting future attacks

Page 19: Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light on the criminal underground . Introducing: David Burdelski Experian Mike Gross Experian

©Experian 19

• Understand top threats

• Harden defenses (and play offense)

• Collaborate with industry experts

• Anticipate future attacks and business impacts

4/18/2017 Experian Public Vision 2017

Key takeaways

Page 20: Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light on the criminal underground . Introducing: David Burdelski Experian Mike Gross Experian

©Experian 20 4/18/2017 Experian Public Vision 2017

Experian contacts:

David Burdelski [email protected]

Mike Gross [email protected]

Questions?

Page 21: Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light on the criminal underground . Introducing: David Burdelski Experian Mike Gross Experian

©Experian 21

Share your thoughts about Vision 2017!

4/18/2017 Experian Public Vision 2017

Please take the time now to give us your feedback about this session.

You can complete the survey at the kiosk outside.

How would you rate both the Speaker and Content?

Page 22: Shining a light on the criminal underground › file_uploads › 4e4096efa3... · Shining a light on the criminal underground . Introducing: David Burdelski Experian Mike Gross Experian