Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Third Wave of Hacking Cyber-Crime as a Service

Published bySharon Page Modified over 6 years ago

Similar presentations

Presentation on theme: "The Third Wave of Hacking Cyber-Crime as a Service"— Presentation transcript:

1 The Third Wave of Hacking Cyber-Crime as a Service
Thomas Bennett CEO, ThreatSTOP Inc. Board Director, Dragos Former Board Director, Cylance Former Executive Chairman, Veracity Security Lia 1

2 What Actually Happens Now
Gain Access. Physical AND Logical– employees, vendors, or hackers for hire. Learn the Procedures. Eavesdrop to understand the business processes. Gain Privileges. Keylogging, Process Hijacking, and Entitlements. Steal. Old/static receiver accounts used, steal from correspondent accounts. Distract Responders. Mask activities with DDOS–to obfuscate the crime(s). Cover Their Tracks. Employ log filtering and/or wipe files or systems used. Launder. Transfer funds through varied routes from local to remote banks. Cash Out. Convert to cryptocurrencies, or direct transfers to payees. Malware is a Tool Distraction and Obfuscation are Tactics Fraud and Theft are Techniques

3 The Evolution of Cyber Threats
“Cybercrime-for-hire business appears to be so lucrative and booming that hacker gangs can't keep their crews staffed” -Bank Info Security, September

4 Phase of Cyber Threats PHASE 1: Business Interruption
Disrupt continuity of business (technology) for competitive (social, economic, financial) purposes; also distract from efforts to probe and penetrate networks.  PHASE 2: APT (Advanced Persistent Threat) Activities Gain and maintain access in order to observe, document/record, and catalog access and information as a commodity service offering.  PHASE 3: Extortion/Fraud/Theft Subscribe to access that others have already gained (hackers for hire or MAAS/BAAS catalog operators –aka “CAAS”) to perpetrate financial and economic crimes. Utilize technology as tools to distract investigators.

5 Phase 1 3-Phase construct and content courtesy of Dr. Shane Shook

6 Phase 2 3-Phase construct and content courtesy of Dr. Shane Shook

7 Phase 3 3-Phase construct and content courtesy of Dr. Shane Shook

8 We are well into the Third Wave…
Where’s it coming from? Portugal, Russia, Netherlands, the U.K. and Iceland

9 Think of it as Angie’s List for hacking services

10 Think of it as Angie’s List for hacking services
This is a Growth Industry!

11 What a sophisticated CAAS attack looks like
SWIFT (Global Payment Network) Content courtesy of Dr. Shane Shook

12

13 Cybersecurity Disclosure Act 0f 2017
First introduced in 2015 Requires companies to include in their SEC disclosures to investors whether anyone on the company's board is a cyber security expert. If such an expert does not exist, the company must disclose how it plans to mitigate the lack of expertise on the board.  Initially targeted at publicly traded companies, but… Realities of Government Regulations Regulations take a life of their own, and tend to be supported and given immortality by fines Witness General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679): 2-4% Gross Revenues Things of a certain kind flow downhill, and private companies will be in the cross-hairs

14 Thank You Thomas (Tom) Bennett e: tom@cyberdirector.org
LinkedIn:

15 NACD Texas TriCities Chapter
Thank you for attending! To download materials from past programs, please visit Register for our programs at utah.NACDonline.org Chapter Administrators: Julie Pitts, Regional Director, Heather May, Chapter Administrator, 5/14/13 Driving and Surviving with the Next Generation at Work | Houston, Texas

Download ppt "The Third Wave of Hacking Cyber-Crime as a Service"

Similar presentations

Economic and Social Impact of Digital Security Eng. Qusai AlShatti Deputy Director for Information Technology.

Economic and Social Impact of Digital Security Eng. Qusai AlShatti Deputy Director for Information Technology.
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Internet as a Military-Free Zone: The Kaspersky Vision Eugene Kaspersky Chairman & CEO, Kaspersky Lab.

Internet as a Military-Free Zone: The Kaspersky Vision Eugene Kaspersky Chairman & CEO, Kaspersky Lab.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.

Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.
Cyber-Warfare: The Future is Now!

Cyber-Warfare: The Future is Now!
Joel Maloff Phone.com February, 2012.

Joel Maloff Phone.com February, 2012.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Cyber Crimes.

Cyber Crimes.
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.

Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.
7 Information Security.

7 Information Security.
Cyber Security Nevada Businesses Overview June, 2014.

Cyber Security Nevada Businesses Overview June, 2014.
NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy Framework” Scenario for Discussion.

NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy Framework” Scenario for Discussion.
Computer Crimes 8 8 Chapter. The act of using a computer to commit an illegal act Authorized and unauthorized computer access. Examples- o Stealing time.

Computer Crimes 8 8 Chapter. The act of using a computer to commit an illegal act Authorized and unauthorized computer access. Examples- o Stealing time.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

Similar presentations

Ads by Google