CERN - IT Department CH-1211 Genève 23 Switzerland t Update on the underground economy and making profit on the black market Wojciech Lapka CERN IT/GD Group Meeting, 05 February 2009
CERN IT Department CH-1211 Genève 23 Switzerland t Presentation plan Main security threats in 2008 What’s for sale on black market? Value of advertised goods Malicious tools Software piracy Payment methods Security predictions for 2009 Mitigation and protection Conclusion IT/GD Group Meeting, 05 February 2009
CERN IT Department CH-1211 Genève 23 Switzerland t Main security threats in 2008 IT/GD Group Meeting, 05 February 2009 Web infections –75% of websites with malicious code – legitimate sites that have been compromised. SPAM & phishing –Phishing attacks – Cost: $2 billion in 2008 (only in the U.S.) –Blog & social networking Scareware –Cost: $3.6 billion in 2008 (only in the U.S.) Data breaches
CERN IT Department CH-1211 Genève 23 Switzerland t What’s for sale on black market? IT/GD Group Meeting, 05 February 2009
CERN IT Department CH-1211 Genève 23 Switzerland t Value of advertised goods $276 million (July 2007 – June 2008) IT/GD Group Meeting, 05 February 2009
CERN IT Department CH-1211 Genève 23 Switzerland t Real value of advertised goods Credit cards – $5.3 bilion Bank accounts – $1.7 billion, average balance $40,000 IT/GD Group Meeting, 05 February 2009
CERN IT Department CH-1211 Genève 23 Switzerland t Malicious tools Attack tools SPAM and phishing tools Malicious code Exploits IT/GD Group Meeting, 05 February 2009
CERN IT Department CH-1211 Genève 23 Switzerland t Attack tools TypeAverage PricePrice Range Botnet$225$150–$300 Autorooter$70$40–$100 SQL injection tools$63$15–$150 RFI scanner$26$5–$100 LFI scanner$23$15–$30 XSS scanner$20$10–$30 IT/GD Group Meeting, 05 February 2009
CERN IT Department CH-1211 Genève 23 Switzerland t Spam & phishing tools TypeAverage PricePrice Range Scam hosting$10$2–$80 Scam pages$10$2–$50 Spam software$9$3–$20 Mailers$7<$1–$20 addresses (per MB)$6<$1–$40 Scam letters$6$1–$10 IT/GD Group Meeting, 05 February 2009
CERN IT Department CH-1211 Genève 23 Switzerland t Malicious code TypeAverage PricePrice Range Binders$27$10–$100 Packers$24$4–$100 Trojans$24$15–$40 Keystroke loggers, password stealers$23$20–$30 IT/GD Group Meeting, 05 February 2009
CERN IT Department CH-1211 Genève 23 Switzerland t Exploits TypeAverage PricePrice Range Site-specific vulnerability (financial site)$740$100–$2,999 Remote file include exploit (500 links)$200$150–$250 Shopadmin (50 exploitable shops)$150$100–$200 Browser exploit$37$5–$60 IT/GD Group Meeting, 05 February 2009
CERN IT Department CH-1211 Genève 23 Switzerland t Software piracy IT/GD Group Meeting, 05 February 2009 Global loss for software companies: ~ $48 bilion (in 2007)
CERN IT Department CH-1211 Genève 23 Switzerland t Payment systems Online currency accounts – 63% –Service offered worldwide –Some providers do not require proof of identity –No government regulations. No requirement to monitor customers or transactions Trade of goods and services – 24% –Direct exchange between buyer and seller. Online payment service – 9% –Stolen credit cards –Compromised online payment accounts Wire transfer service – 3% IT/GD Group Meeting, 05 February 2009
CERN IT Department CH-1211 Genève 23 Switzerland t Security predictions for 2009 Security Analysis Changes from Technical to Financial Prioritization Malware as a Service Scareware More legitimate website hacking Social networking spam Impact of financial crisis Mobile malware Hacking on virtual words IT/GD Group Meeting, 05 February 2009
CERN IT Department CH-1211 Genève 23 Switzerland t Protection and Mitigation Education – e.g. IT Security Podcasts: – – – Education – Group Meeting Presentations Keep confidential information in secure place Ensure security of your software (especially Web Applications) Apply all security patches IT/GD Group Meeting, 05 February 2009
CERN IT Department CH-1211 Genève 23 Switzerland t Sources reporthttp:// report sophos-security-threat-report-jan-2009-na.pdfhttp:// sophos-security-threat-report-jan-2009-na.pdf computers/computers-internet/internet-and-other- services/protect-yourself-online/overview/protect-yourself- online-ov.htmhttp:// computers/computers-internet/internet-and-other- services/protect-yourself-online/overview/protect-yourself- online-ov.htm _Web_1h08.pdfhttp://securitylabs.websense.com/content/Assets/WSL_Report _Web_1h08.pdf ngs_globalstudy07.pdfhttp://global.bsa.org/idcglobalstudy2007/studies/summaryfindi ngs_globalstudy07.pdf IT/GD Group Meeting, 05 February 2009
CERN IT Department CH-1211 Genève 23 Switzerland t Conlusion “Hacking isn’t a kid’s game anymore. It’s a big business” Internet attacks organized and designed to steal information and resources Security (like safety) is our responsibility!!! IT/GD Group Meeting, 05 February 2009
CERN IT Department CH-1211 Genève 23 Switzerland t Questions? IT/GD Group Meeting, 05 February 2009