CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Update on the underground economy and making profit on the black market Wojciech Lapka.

Slides:



Advertisements
Similar presentations
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Advertisements

Cyber Stalking Cyber Stalking Phishing Hacker 1. Never reveal your home address !!! This rule is especially important for women who are business professionals.
ISRT IS 376 OCTOBER 28, 2014 INTERNET SECURITY THREAT REPORT  2014.
SECURITY CHECK Protecting Your System and Yourself Source:
7 Effective Habits when using the Internet Philip O’Kane 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Target Data Breach – Cost of the Learning Curve Discuss the recent Target data breach and its impact on the industry as well as individuals January 29/30,
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
By Ashlee Parton, Kimmy McCoy, & Labdhi Shah
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Internet Security Awareness Presenter: Royce Wilkerson.
Cyber X-Force-SMS alert system for threats.
Threats To A Computer Network
Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Norman SecureSurf Protect your users when surfing the Internet.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
What is E-commerce Safety Precautions Password Strengths
Confidential On-line Banking Risks & Countermeasures By Vishal Salvi – CISO HDFC Bank IBA Banking Security Summit 2009.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Cyber Crimes.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
A Step Into The Computer Underground 1 “By Understanding The Enemy We Are Better Prepared To Defend Ourselves”
Online Game Trojan SecurityLabs.websense.com Hermes Li.
Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.
IT security By Tilly Gerlack.
Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.
 A viruses is a program that can harm or track your computer. E.g. browser hijacker.  When a viruses accesses the computer it can accesses the HDD and.
Network problems Last week, we talked about 3 disadvantages of networks. What are they?
An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants.
Safe Computing Practices. Why would anyone want to hack me? 1 Krebs, Brian - “The Scrap Value of a Hacked PC, Revisited”, 12 Oct 2012,
CCT355H5 F Presentation: Phishing November Jennifer Li.
Phishing Problem Kristián Kučerák Milan Just. Abstract In this age of broadband, wireless, and network interconnectivity, we enjoy the unprecedented power.
Malware and Phishing By: Sydney Langley. MALWARE- includes viruses and spyware to steal your personal information PHISHING- is an internet scam sending.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
What is Spam? d min.
Computer Skills and Applications Computer Security.
Safe Computing Practices. Why would anyone want to hack me? 1 Krebs, Brian - “The Scrap Value of a Hacked PC, Revisited”, 12 Oct 2012,
INTRODUCTION & QUESTIONS.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Cybersecurity Test Review Introduction to Digital Technology.
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
Malicious Attacks By: Jamie Woznicki Rahul-Anaadi Kurl Alexander Kaufmann Curtis Songer Daniel Cardenas Rivero.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
Safe Computing Practices. What is behind a cyber attack? 1.
CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)
Matt Jennings.  Introduction  Value Chains  Major value chains in the illegal market  Means of Communication  Conclusion.
Source: Ecommerce (Chapter 5) Pearson Education
IT Security  .
ISYM 540 Current Topics in Information System Management
E-commerce Application Security
Online Banking Security
“CYBER SPACE” - THE UNDERGROUND ECONOMY
Risk of the Internet At Home
Staying safe on the internet
Understanding Browsers
Chapter 9 E-Commerce Security and Fraud Protection
Electronic Transactions
Computer Security.
Protecting Your Company’s Most Valuable Asset
Company Name | Phone Number | Website | Address
Presentation transcript:

CERN - IT Department CH-1211 Genève 23 Switzerland t Update on the underground economy and making profit on the black market Wojciech Lapka CERN IT/GD Group Meeting, 05 February 2009

CERN IT Department CH-1211 Genève 23 Switzerland t Presentation plan Main security threats in 2008 What’s for sale on black market? Value of advertised goods Malicious tools Software piracy Payment methods Security predictions for 2009 Mitigation and protection Conclusion IT/GD Group Meeting, 05 February 2009

CERN IT Department CH-1211 Genève 23 Switzerland t Main security threats in 2008 IT/GD Group Meeting, 05 February 2009 Web infections –75% of websites with malicious code – legitimate sites that have been compromised. SPAM & phishing –Phishing attacks – Cost: $2 billion in 2008 (only in the U.S.) –Blog & social networking Scareware –Cost: $3.6 billion in 2008 (only in the U.S.) Data breaches

CERN IT Department CH-1211 Genève 23 Switzerland t What’s for sale on black market? IT/GD Group Meeting, 05 February 2009

CERN IT Department CH-1211 Genève 23 Switzerland t Value of advertised goods $276 million (July 2007 – June 2008) IT/GD Group Meeting, 05 February 2009

CERN IT Department CH-1211 Genève 23 Switzerland t Real value of advertised goods Credit cards – $5.3 bilion Bank accounts – $1.7 billion, average balance $40,000 IT/GD Group Meeting, 05 February 2009

CERN IT Department CH-1211 Genève 23 Switzerland t Malicious tools Attack tools SPAM and phishing tools Malicious code Exploits IT/GD Group Meeting, 05 February 2009

CERN IT Department CH-1211 Genève 23 Switzerland t Attack tools TypeAverage PricePrice Range Botnet$225$150–$300 Autorooter$70$40–$100 SQL injection tools$63$15–$150 RFI scanner$26$5–$100 LFI scanner$23$15–$30 XSS scanner$20$10–$30 IT/GD Group Meeting, 05 February 2009

CERN IT Department CH-1211 Genève 23 Switzerland t Spam & phishing tools TypeAverage PricePrice Range Scam hosting$10$2–$80 Scam pages$10$2–$50 Spam software$9$3–$20 Mailers$7<$1–$20 addresses (per MB)$6<$1–$40 Scam letters$6$1–$10 IT/GD Group Meeting, 05 February 2009

CERN IT Department CH-1211 Genève 23 Switzerland t Malicious code TypeAverage PricePrice Range Binders$27$10–$100 Packers$24$4–$100 Trojans$24$15–$40 Keystroke loggers, password stealers$23$20–$30 IT/GD Group Meeting, 05 February 2009

CERN IT Department CH-1211 Genève 23 Switzerland t Exploits TypeAverage PricePrice Range Site-specific vulnerability (financial site)$740$100–$2,999 Remote file include exploit (500 links)$200$150–$250 Shopadmin (50 exploitable shops)$150$100–$200 Browser exploit$37$5–$60 IT/GD Group Meeting, 05 February 2009

CERN IT Department CH-1211 Genève 23 Switzerland t Software piracy IT/GD Group Meeting, 05 February 2009 Global loss for software companies: ~ $48 bilion (in 2007)

CERN IT Department CH-1211 Genève 23 Switzerland t Payment systems Online currency accounts – 63% –Service offered worldwide –Some providers do not require proof of identity –No government regulations. No requirement to monitor customers or transactions Trade of goods and services – 24% –Direct exchange between buyer and seller. Online payment service – 9% –Stolen credit cards –Compromised online payment accounts Wire transfer service – 3% IT/GD Group Meeting, 05 February 2009

CERN IT Department CH-1211 Genève 23 Switzerland t Security predictions for 2009 Security Analysis Changes from Technical to Financial Prioritization Malware as a Service Scareware More legitimate website hacking Social networking spam Impact of financial crisis Mobile malware Hacking on virtual words IT/GD Group Meeting, 05 February 2009

CERN IT Department CH-1211 Genève 23 Switzerland t Protection and Mitigation Education – e.g. IT Security Podcasts: – – – Education – Group Meeting Presentations Keep confidential information in secure place Ensure security of your software (especially Web Applications) Apply all security patches IT/GD Group Meeting, 05 February 2009

CERN IT Department CH-1211 Genève 23 Switzerland t Sources reporthttp:// report sophos-security-threat-report-jan-2009-na.pdfhttp:// sophos-security-threat-report-jan-2009-na.pdf computers/computers-internet/internet-and-other- services/protect-yourself-online/overview/protect-yourself- online-ov.htmhttp:// computers/computers-internet/internet-and-other- services/protect-yourself-online/overview/protect-yourself- online-ov.htm _Web_1h08.pdfhttp://securitylabs.websense.com/content/Assets/WSL_Report _Web_1h08.pdf ngs_globalstudy07.pdfhttp://global.bsa.org/idcglobalstudy2007/studies/summaryfindi ngs_globalstudy07.pdf IT/GD Group Meeting, 05 February 2009

CERN IT Department CH-1211 Genève 23 Switzerland t Conlusion “Hacking isn’t a kid’s game anymore. It’s a big business” Internet attacks organized and designed to steal information and resources Security (like safety) is our responsibility!!! IT/GD Group Meeting, 05 February 2009

CERN IT Department CH-1211 Genève 23 Switzerland t Questions? IT/GD Group Meeting, 05 February 2009