SlideShare a Scribd company logo

Cyber crime v3

Download as PPTX, PDF
J
Jamison Utter

This document discusses cybercrime as a business model. It outlines the costs and returns for cybercriminals, showing that the annual return on investment for cybercrime can be over 1400% compared to typical investments. The document breaks down the costs for different components of a cybercriminal operation, such as paying for malware payloads and traffic acquisition. It argues that cybercrime has become a major black market economy due to the high returns and availability of outsourced criminal services. The document calls for improved security through collaboration, intelligence sharing, and speed to help address the challenges posed by cybercrime.

Education
1 of 27
Downloaded 15 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
1 | © 2013 Infoblox Inc. All Rights Reserved.1 | © 2015 Infoblox Inc. All Rights Reserved. Unlocking Cyber-Crime – The New Cold War Jamison Utter | Principal Security Consultant 6/15/2016
2 | © 2013 Infoblox Inc. All Rights Reserved.2 | © 2015 Infoblox Inc. All Rights Reserved. Motive Matters No one can build his security upon the nobleness of another person.” * *Willa Cather, Alexander's Bridge
3 | © 2013 Infoblox Inc. All Rights Reserved.3 | © 2015 Infoblox Inc. All Rights Reserved. Exponential ROI 1 Year CD = 1%Money Market = 0.5% Average Stock Market = 7% Cyber Crime = 1425%
4 | © 2013 Infoblox Inc. All Rights Reserved.4 | © 2015 Infoblox Inc. All Rights Reserved. Breaking it down What’s the cost of entry? Item Total Investment Payload $3000 Infection Vector $500 Traffic Acquisition $1800 Daily Traffic $600 Total Expenses $5,900
5 | © 2013 Infoblox Inc. All Rights Reserved.5 | © 2015 Infoblox Inc. All Rights Reserved. The Payload The Challenge: - Avoid trivial signature detection The Solution: - A new hash of a crypto-variant that is identified with ‘good’ programs (by purchasing the source code with support) The Cost: - 10 Bitcoin (or about $3000 USD) This does not include source code and support!
6 | © 2013 Infoblox Inc. All Rights Reserved.6 | © 2015 Infoblox Inc. All Rights Reserved. Commodity Programming • Criminal elements are in constant reinvestment cycles expanding both footprint and technical ability. • Like real software most malware is developed in teams by technical coders specialized in the particular function. • Customer support, code support, and bug fix are now table stakes in professional malware.
7 | © 2013 Infoblox Inc. All Rights Reserved.7 | © 2015 Infoblox Inc. All Rights Reserved. Economy of Scale 0 200 400 600 800 1000 Poland Czech Republic Slovak Republic Russian Federation Hungary Romania Bulgaria Ukraine Average Monthly Income US Dollars A Semi-skilled Ukrainian Hacker can make 5x – 25x their normal income by switching to a business model that is illegal (in the US)
8 | © 2013 Infoblox Inc. All Rights Reserved.8 | © 2015 Infoblox Inc. All Rights Reserved. The Infection Vector
9 | © 2013 Infoblox Inc. All Rights Reserved.9 | © 2015 Infoblox Inc. All Rights Reserved. Traffic Acquisition Getting clicks! - Often via Phishing (pretty easy) - Sometimes scare-ware - Sometimes Ad networks - Also via Botnets (RATS)
10 | © 2013 Infoblox Inc. All Rights Reserved.10 | © 2015 Infoblox Inc. All Rights Reserved. Crime as a Service Professional Crime Software Technical Innovators Reseller/Maintainers Non-technical Opportunists / Crimeware-as-a-Service Users
11 | © 2013 Infoblox Inc. All Rights Reserved.11 | © 2015 Infoblox Inc. All Rights Reserved. Breaking it down What’s the ROI? Item Total Investment Visitors 20,000 Infection Rate 10% Payout rate 0.5% (Symantec = 3%) Ransom Amount $300 ROI (Average 30 days) $3,000/day ($90,000/month)
12 | © 2013 Infoblox Inc. All Rights Reserved.12 | © 2015 Infoblox Inc. All Rights Reserved. What is the scale of this The Black Market Georgia Iceland AlbaniaHonduras El Salvador The Black market is a 17 Billion dollar economy
13 | © 2013 Infoblox Inc. All Rights Reserved.13 | © 2015 Infoblox Inc. All Rights Reserved. The Zero Sum Game Innovation Development Deployment Capitalization Current State Where we need to be Ceiling Cat FTW!
14 | © 2013 Infoblox Inc. All Rights Reserved.14 | © 2015 Infoblox Inc. All Rights Reserved. Change the Security Paradigm “The long term goal of a security strategy cannot be to outsmart criminals, since that just breeds smarter criminals.”* *Jarnon Lanier – “Who Owns the Future”
15 | © 2013 Infoblox Inc. All Rights Reserved.15 | © 2015 Infoblox Inc. All Rights Reserved. Meeting the Challenge Collaboration Intelligence Speed
16 | © 2013 Infoblox Inc. All Rights Reserved.16 | © 2015 Infoblox Inc. All Rights Reserved. Identify Collect AnalyzeDistribute Act Collaboration Security is a system, its as alive as an organization or organism. Without cooperation and data sharing between devices, you will never triangulate and locate threats already in your network
17 | © 2013 Infoblox Inc. All Rights Reserved.17 | © 2015 Infoblox Inc. All Rights Reserved. Intelligence Securing cyberspace is shared responsibility - collecting, analyzing & disseminating cyber threat intel” - FBI
18 | © 2013 Infoblox Inc. All Rights Reserved.18 | © 2015 Infoblox Inc. All Rights Reserved. What’s missing from your Threat Intel? Risks Targets and Assets Threats (or Threat Actors) Movement Observation and Restriction
19 | © 2013 Infoblox Inc. All Rights Reserved.19 | © 2015 Infoblox Inc. All Rights Reserved. What makes “actionable” intelligence? • Early discovery, appropriate TTLs, sensible refresh rateTimely • Applies to your problems, your use casesRelevant • Reasonable precision, limited false positivesAccurate • Why a threat, what kind, and what else is it related toContextual • Pre-integrated, standard formats, Rest APIsEasy-to-Use • Consistent in quality and rate/volumeReliable
20 | © 2013 Infoblox Inc. All Rights Reserved.20 | © 2015 Infoblox Inc. All Rights Reserved. Speed We must shorten the Kill Chain, or we will always be behind the ball.
21 | © 2013 Infoblox Inc. All Rights Reserved.21 | © 2015 Infoblox Inc. All Rights Reserved. Changing Security Culture Wisdom consists in being able to distinguish among dangers and make a choice of the least harmful. — Niccolo Machiavelli, The Prince
22 | © 2013 Infoblox Inc. All Rights Reserved.22 | © 2015 Infoblox Inc. All Rights Reserved. Security is a Culture Application Development Network Design End-user Training Business Workflow
23 | © 2013 Infoblox Inc. All Rights Reserved.23 | © 2015 Infoblox Inc. All Rights Reserved. Insecure Code Characteristic I Injectable Code N Non-Repudiation Mechanisms not Present S Spoofable E Exceptions and Errors not Properly Handled C Cryptographically Weak U Unsafe/Unused Functions and Routines in Code R Reversible Code E Elevated Privileges to Run (ISC)2 InSecure Code practices
24 | © 2013 Infoblox Inc. All Rights Reserved.24 | © 2015 Infoblox Inc. All Rights Reserved. Secure Network Design Know Don’t Guess Avoid Dangling Networks Route where needed not where possible See all manage all Know when to standardize Power is important Embrace Documentation Jennifer Jabbusch CISO, Carolina Advanced Digital
25 | © 2013 Infoblox Inc. All Rights Reserved.25 | © 2015 Infoblox Inc. All Rights Reserved. Secure Environment Educate Evaluate AdjustCultivate Test
26 | © 2013 Infoblox Inc. All Rights Reserved.26 | © 2015 Infoblox Inc. All Rights Reserved. Business Workflow Leadership Performance Culture
27 | © 2013 Infoblox Inc. All Rights Reserved.27 | © 2015 Infoblox Inc. All Rights Reserved. THANK YOU @jamison_utter Jamison Utter

More Related Content

PPTX
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
Eric Vanderburg
 
PDF
Modern Adversaries (Amplify Partners)
Andrew Manoske
 
PDF
Cyber Security - Whats the Worst that Could Happen
Rob Stevenson
 
PDF
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
MITRE - ATT&CKcon
 
PPTX
A CISO's Guide to Cyber Liability Insurance
SecureAuth
 
PPTX
Practical Defences Against A New Type of Professional Bank Fraudsters
Albert Hui
 
PPTX
New Frontiers in Cyber Forensics
Albert Hui
 
PDF
Singapore Cybersecurity Strategy and Legislation (2018)
Benjamin Ang
 
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
Eric Vanderburg
 
Modern Adversaries (Amplify Partners)
Andrew Manoske
 
Cyber Security - Whats the Worst that Could Happen
Rob Stevenson
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
MITRE - ATT&CKcon
 
A CISO's Guide to Cyber Liability Insurance
SecureAuth
 
Practical Defences Against A New Type of Professional Bank Fraudsters
Albert Hui
 
New Frontiers in Cyber Forensics
Albert Hui
 
Singapore Cybersecurity Strategy and Legislation (2018)
Benjamin Ang
 

What's hot (20)

PDF
CrowdCasts Monthly: When Pandas Attack
CrowdStrike
 
PDF
Singapore's National Cyber Security Strategy
Benjamin Ang
 
PPSX
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Albert Hui
 
PDF
Lessons learned from the SingHealth Data Breach COI Report
Benjamin Ang
 
PPTX
The Rise of California Cybercrime
SecureAuth
 
PPTX
Nvis, inc. 03 18-2020 - final
A. Phillip Smith
 
PDF
Criminal Education: Lessons from the Criminals and Their Methods
HP Enterprise Italia
 
PDF
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Benjamin Ang
 
PDF
Voices of Vulnerability Disclosure Policy
HackerOne
 
PDF
What retailers want you to know about data security
National Retail Federation
 
PPT
Cómo usar la tecnología para generar más Seguridad y desarrollo local
Adrian Mikeliunas
 
PDF
New developments in cyber law - Singapore and beyond
Benjamin Ang
 
PPTX
Market Intelligence Briefing: The Civilian FY16 Federal Budget
immixGroup
 
PDF
Practical approach to combating cyber crimes
Chinatu Uzuegbu
 
PPTX
Achieving 360° view of security for complete situational awareness
Happiest Minds Technologies
 
PPTX
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Eric Vanderburg
 
PDF
12 Top Talks from the 2016 R-CISC Summit
Tripwire
 
PDF
Cybercrime - Stealing in the Connected Age
dlblumen
 
PDF
Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...
REVULN
 
PDF
brochure
Ari Järvinen
 
CrowdCasts Monthly: When Pandas Attack
CrowdStrike
 
Singapore's National Cyber Security Strategy
Benjamin Ang
 
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Albert Hui
 
Lessons learned from the SingHealth Data Breach COI Report
Benjamin Ang
 
The Rise of California Cybercrime
SecureAuth
 
Nvis, inc. 03 18-2020 - final
A. Phillip Smith
 
Criminal Education: Lessons from the Criminals and Their Methods
HP Enterprise Italia
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Benjamin Ang
 
Voices of Vulnerability Disclosure Policy
HackerOne
 
What retailers want you to know about data security
National Retail Federation
 
Cómo usar la tecnología para generar más Seguridad y desarrollo local
Adrian Mikeliunas
 
New developments in cyber law - Singapore and beyond
Benjamin Ang
 
Market Intelligence Briefing: The Civilian FY16 Federal Budget
immixGroup
 
Practical approach to combating cyber crimes
Chinatu Uzuegbu
 
Achieving 360° view of security for complete situational awareness
Happiest Minds Technologies
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Eric Vanderburg
 
12 Top Talks from the 2016 R-CISC Summit
Tripwire
 
Cybercrime - Stealing in the Connected Age
dlblumen
 
Mei NELSON - Hacking and Trolling: The Changing Face of Hacktivism in the Dis...
REVULN
 
brochure
Ari Järvinen
 
Ad

Viewers also liked (20)

PDF
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Mundo Contact
 
PPTX
Advanced DNS Protection
Srikrupa Srivatsan
 
PPTX
Bmit meet theexperts_2013
William Visterin
 
PDF
Workgroup Issues
Infrastructure 2.0
 
PPT
LicensingScopeAndBoundaries
William Francis
 
PPTX
Education webinar april 2012
Infoblox
 
PDF
Wp ipam infoblox
islamet
 
PDF
Network automation seminar
patmisasi
 
PDF
Long Infoblox
SagehenCapitalManagement
 
PDF
Ipadd mngt
James1280
 
PDF
2010-11 The Anatomy of a Web Attack
Raleigh ISSA
 
PDF
Securing the Human (人を守るセキュリティ)
itforum-roundtable
 
PDF
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
NetCraftsmen
 
PDF
Fatca rules explained
Investors Europe (Mauritius) Limited
 
PDF
How to Sell Security to Your CIO
Rapid7
 
PPTX
Threat Exposure Management - Reduce your Risk of a Breach
Rahul Neel Mani
 
PDF
DNS, DHCP & IPAM with IPv6
Andreas Taudte
 
PPTX
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
Rapid7
 
PPT
Top 5 Reasons To Consider SolarWinds IPAM Over Infoblox
SolarWinds
 
PPSX
Bluecoat Services
ChessBall
 
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Mundo Contact
 
Advanced DNS Protection
Srikrupa Srivatsan
 
Bmit meet theexperts_2013
William Visterin
 
Workgroup Issues
Infrastructure 2.0
 
LicensingScopeAndBoundaries
William Francis
 
Education webinar april 2012
Infoblox
 
Wp ipam infoblox
islamet
 
Network automation seminar
patmisasi
 
Long Infoblox
SagehenCapitalManagement
 
Ipadd mngt
James1280
 
2010-11 The Anatomy of a Web Attack
Raleigh ISSA
 
Securing the Human (人を守るセキュリティ)
itforum-roundtable
 
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
NetCraftsmen
 
Fatca rules explained
Investors Europe (Mauritius) Limited
 
How to Sell Security to Your CIO
Rapid7
 
Threat Exposure Management - Reduce your Risk of a Breach
Rahul Neel Mani
 
DNS, DHCP & IPAM with IPv6
Andreas Taudte
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
Rapid7
 
Top 5 Reasons To Consider SolarWinds IPAM Over Infoblox
SolarWinds
 
Bluecoat Services
ChessBall
 
Ad

Similar to Cyber crime v3 (20)

PPTX
IT-Risks-for-Non-profits-September-18SEPT17.pptx
SAbedinArman
 
PDF
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
Cyber Security Alliance
 
PDF
Cyber Security at CTX15, London
John Palfreyman
 
PDF
GR - Security Economics in IoT 150817- Rel.1
Clay Melugin
 
PPT
Breaking down the cyber security framework closing critical it security gaps
IBM Security
 
PDF
Omlis Data Breaches Report - An Inside Perspective
Omlis
 
PDF
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Cyren, Inc
 
PDF
Addressing cyber risk managment from SME perspective
Cyber Watching
 
PPTX
WatchGuard Corporate Presentation.pptx
RachatrinTongrungroj1
 
PDF
A Look Into Cyber Security
GTreasury
 
PPTX
Enterprise Cyber Security 2016
Supply Chain Coalition
 
PDF
2016 trustwave global security report
Marco Antonio Agnese
 
PPTX
APT Monitoring and Compliance
Marcus Clarke
 
PPTX
Cyber Threat Intelligence
Prachi Mishra
 
PPTX
Man in the Browser attacks on online banking transactions
DaveEdwards12
 
PPTX
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Adelaide Hill
 
PPTX
Csa summit seguridad en el sddc
CSA Argentina
 
PDF
Top Cyber Security Trends for 2016
Imperva
 
PPTX
Cyber Security – Challenges [Autosaved].pptx
RambilashTudu
 
PPTX
LoginCat - Mini Presentation
Rohit Kapoor
 
IT-Risks-for-Non-profits-September-18SEPT17.pptx
SAbedinArman
 
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
Cyber Security Alliance
 
Cyber Security at CTX15, London
John Palfreyman
 
GR - Security Economics in IoT 150817- Rel.1
Clay Melugin
 
Breaking down the cyber security framework closing critical it security gaps
IBM Security
 
Omlis Data Breaches Report - An Inside Perspective
Omlis
 
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Cyren, Inc
 
Addressing cyber risk managment from SME perspective
Cyber Watching
 
WatchGuard Corporate Presentation.pptx
RachatrinTongrungroj1
 
A Look Into Cyber Security
GTreasury
 
Enterprise Cyber Security 2016
Supply Chain Coalition
 
2016 trustwave global security report
Marco Antonio Agnese
 
APT Monitoring and Compliance
Marcus Clarke
 
Cyber Threat Intelligence
Prachi Mishra
 
Man in the Browser attacks on online banking transactions
DaveEdwards12
 
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Adelaide Hill
 
Csa summit seguridad en el sddc
CSA Argentina
 
Top Cyber Security Trends for 2016
Imperva
 
Cyber Security – Challenges [Autosaved].pptx
RambilashTudu
 
LoginCat - Mini Presentation
Rohit Kapoor
 

Recently uploaded (20)

PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
PPTX
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PDF
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
PPTX
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PPTX
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PDF
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PPTX
master seminar digital applications in india
ananyaray35
 
PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
Institutional Correction lecture only . . .
limvtheghins
 
Classroom Observation Tools for Teachers
Nicaramirez
 
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
master seminar digital applications in india
ananyaray35
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 

Cyber crime v3

  • 1. 1 | © 2013 Infoblox Inc. All Rights Reserved.1 | © 2015 Infoblox Inc. All Rights Reserved. Unlocking Cyber-Crime – The New Cold War Jamison Utter | Principal Security Consultant 6/15/2016
  • 2. 2 | © 2013 Infoblox Inc. All Rights Reserved.2 | © 2015 Infoblox Inc. All Rights Reserved. Motive Matters No one can build his security upon the nobleness of another person.” * *Willa Cather, Alexander's Bridge
  • 3. 3 | © 2013 Infoblox Inc. All Rights Reserved.3 | © 2015 Infoblox Inc. All Rights Reserved. Exponential ROI 1 Year CD = 1%Money Market = 0.5% Average Stock Market = 7% Cyber Crime = 1425%
  • 4. 4 | © 2013 Infoblox Inc. All Rights Reserved.4 | © 2015 Infoblox Inc. All Rights Reserved. Breaking it down What’s the cost of entry? Item Total Investment Payload $3000 Infection Vector $500 Traffic Acquisition $1800 Daily Traffic $600 Total Expenses $5,900
  • 5. 5 | © 2013 Infoblox Inc. All Rights Reserved.5 | © 2015 Infoblox Inc. All Rights Reserved. The Payload The Challenge: - Avoid trivial signature detection The Solution: - A new hash of a crypto-variant that is identified with ‘good’ programs (by purchasing the source code with support) The Cost: - 10 Bitcoin (or about $3000 USD) This does not include source code and support!
  • 6. 6 | © 2013 Infoblox Inc. All Rights Reserved.6 | © 2015 Infoblox Inc. All Rights Reserved. Commodity Programming • Criminal elements are in constant reinvestment cycles expanding both footprint and technical ability. • Like real software most malware is developed in teams by technical coders specialized in the particular function. • Customer support, code support, and bug fix are now table stakes in professional malware.
  • 7. 7 | © 2013 Infoblox Inc. All Rights Reserved.7 | © 2015 Infoblox Inc. All Rights Reserved. Economy of Scale 0 200 400 600 800 1000 Poland Czech Republic Slovak Republic Russian Federation Hungary Romania Bulgaria Ukraine Average Monthly Income US Dollars A Semi-skilled Ukrainian Hacker can make 5x – 25x their normal income by switching to a business model that is illegal (in the US)
  • 8. 8 | © 2013 Infoblox Inc. All Rights Reserved.8 | © 2015 Infoblox Inc. All Rights Reserved. The Infection Vector
  • 9. 9 | © 2013 Infoblox Inc. All Rights Reserved.9 | © 2015 Infoblox Inc. All Rights Reserved. Traffic Acquisition Getting clicks! - Often via Phishing (pretty easy) - Sometimes scare-ware - Sometimes Ad networks - Also via Botnets (RATS)
  • 10. 10 | © 2013 Infoblox Inc. All Rights Reserved.10 | © 2015 Infoblox Inc. All Rights Reserved. Crime as a Service Professional Crime Software Technical Innovators Reseller/Maintainers Non-technical Opportunists / Crimeware-as-a-Service Users
  • 11. 11 | © 2013 Infoblox Inc. All Rights Reserved.11 | © 2015 Infoblox Inc. All Rights Reserved. Breaking it down What’s the ROI? Item Total Investment Visitors 20,000 Infection Rate 10% Payout rate 0.5% (Symantec = 3%) Ransom Amount $300 ROI (Average 30 days) $3,000/day ($90,000/month)
  • 12. 12 | © 2013 Infoblox Inc. All Rights Reserved.12 | © 2015 Infoblox Inc. All Rights Reserved. What is the scale of this The Black Market Georgia Iceland AlbaniaHonduras El Salvador The Black market is a 17 Billion dollar economy
  • 13. 13 | © 2013 Infoblox Inc. All Rights Reserved.13 | © 2015 Infoblox Inc. All Rights Reserved. The Zero Sum Game Innovation Development Deployment Capitalization Current State Where we need to be Ceiling Cat FTW!
  • 14. 14 | © 2013 Infoblox Inc. All Rights Reserved.14 | © 2015 Infoblox Inc. All Rights Reserved. Change the Security Paradigm “The long term goal of a security strategy cannot be to outsmart criminals, since that just breeds smarter criminals.”* *Jarnon Lanier – “Who Owns the Future”
  • 15. 15 | © 2013 Infoblox Inc. All Rights Reserved.15 | © 2015 Infoblox Inc. All Rights Reserved. Meeting the Challenge Collaboration Intelligence Speed
  • 16. 16 | © 2013 Infoblox Inc. All Rights Reserved.16 | © 2015 Infoblox Inc. All Rights Reserved. Identify Collect AnalyzeDistribute Act Collaboration Security is a system, its as alive as an organization or organism. Without cooperation and data sharing between devices, you will never triangulate and locate threats already in your network
  • 17. 17 | © 2013 Infoblox Inc. All Rights Reserved.17 | © 2015 Infoblox Inc. All Rights Reserved. Intelligence Securing cyberspace is shared responsibility - collecting, analyzing & disseminating cyber threat intel” - FBI
  • 18. 18 | © 2013 Infoblox Inc. All Rights Reserved.18 | © 2015 Infoblox Inc. All Rights Reserved. What’s missing from your Threat Intel? Risks Targets and Assets Threats (or Threat Actors) Movement Observation and Restriction
  • 19. 19 | © 2013 Infoblox Inc. All Rights Reserved.19 | © 2015 Infoblox Inc. All Rights Reserved. What makes “actionable” intelligence? • Early discovery, appropriate TTLs, sensible refresh rateTimely • Applies to your problems, your use casesRelevant • Reasonable precision, limited false positivesAccurate • Why a threat, what kind, and what else is it related toContextual • Pre-integrated, standard formats, Rest APIsEasy-to-Use • Consistent in quality and rate/volumeReliable
  • 20. 20 | © 2013 Infoblox Inc. All Rights Reserved.20 | © 2015 Infoblox Inc. All Rights Reserved. Speed We must shorten the Kill Chain, or we will always be behind the ball.
  • 21. 21 | © 2013 Infoblox Inc. All Rights Reserved.21 | © 2015 Infoblox Inc. All Rights Reserved. Changing Security Culture Wisdom consists in being able to distinguish among dangers and make a choice of the least harmful. — Niccolo Machiavelli, The Prince
  • 22. 22 | © 2013 Infoblox Inc. All Rights Reserved.22 | © 2015 Infoblox Inc. All Rights Reserved. Security is a Culture Application Development Network Design End-user Training Business Workflow
  • 23. 23 | © 2013 Infoblox Inc. All Rights Reserved.23 | © 2015 Infoblox Inc. All Rights Reserved. Insecure Code Characteristic I Injectable Code N Non-Repudiation Mechanisms not Present S Spoofable E Exceptions and Errors not Properly Handled C Cryptographically Weak U Unsafe/Unused Functions and Routines in Code R Reversible Code E Elevated Privileges to Run (ISC)2 InSecure Code practices
  • 24. 24 | © 2013 Infoblox Inc. All Rights Reserved.24 | © 2015 Infoblox Inc. All Rights Reserved. Secure Network Design Know Don’t Guess Avoid Dangling Networks Route where needed not where possible See all manage all Know when to standardize Power is important Embrace Documentation Jennifer Jabbusch CISO, Carolina Advanced Digital
  • 25. 25 | © 2013 Infoblox Inc. All Rights Reserved.25 | © 2015 Infoblox Inc. All Rights Reserved. Secure Environment Educate Evaluate AdjustCultivate Test
  • 26. 26 | © 2013 Infoblox Inc. All Rights Reserved.26 | © 2015 Infoblox Inc. All Rights Reserved. Business Workflow Leadership Performance Culture
  • 27. 27 | © 2013 Infoblox Inc. All Rights Reserved.27 | © 2015 Infoblox Inc. All Rights Reserved. THANK YOU @jamison_utter Jamison Utter

Editor's Notes

  • #8: A Semi-skilled Ukrainian Hacker can make 400x their normal income by switching to a business model that is illegal (in the US)
  • #9: How do we get that payload on a machine? Exploit (like Flash, or Java, or Windows) Use a service to install it (via Zeus or Angler?)
  • #11: The cybercrime network is expanding, strengthening, and, increasingly, operating like any legitimate, sophisticated business network. Today’s cybercriminal hierarchy is like a pyramid. At the bottom are the nontechnical opportunists and “crimeware-as-a-service” users who want to make money, a statement, or both with their campaigns. In the middle are the resellers and infrastructure maintainers—the “middlemen.” At the top are the technical innovators—the major players who law enforcement seeks most, but struggles to find. Crimeware’s development and distribution is highly organized and controlled by criminal groups that have formalized and implemented business models to automate cybercrime. Just as the software industry has spawned a business model in reselling, installing, and maintaining legitimate code, the malware industry has spawned distribution and support networks to assist criminals in successful malware usage. Developers of crimeware profit from the sale or lease of the malware to third parties who then use it to perpetrate identity theft and account fraud. When individual groups of criminals coordinate their efforts, and the product is Crimeware as a Service (CAAS).
  • #15: Alternative transition – recommend using additional colors for multiple transition slides
  • #17: Securing cyberspace is shared responsibility - collecting, analyzing & disseminating cyber threat intel” - FBI
  • #20: Ponemon stats around timeliness expectations
  • #24: https://www.isc2.org/uploadedfiles/(isc)2_public_content/certification_programs/csslp/csslp-wp-5.pdf
  • #26: SANS STH.EndUser Security Awareness Training