Presentation is loading. Please wait.

Presentation is loading. Please wait.

CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Update on the underground economy and making profit on the black market Wojciech Lapka.

Published byValentine Banks Modified over 9 years ago

Similar presentations

Presentation on theme: "CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Update on the underground economy and making profit on the black market Wojciech Lapka."— Presentation transcript:

1 CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Update on the underground economy and making profit on the black market Wojciech Lapka CERN IT/GD Group Meeting, 05 February 2009

2 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Presentation plan Main security threats in 2008 What’s for sale on black market? Value of advertised goods Malicious tools Software piracy Payment methods Security predictions for 2009 Mitigation and protection Conclusion IT/GD Group Meeting, 05 February 2009

3 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Main security threats in 2008 IT/GD Group Meeting, 05 February 2009 Web infections –75% of websites with malicious code – legitimate sites that have been compromised. SPAM & phishing –Phishing attacks – Cost: $2 billion in 2008 (only in the U.S.) –Blog & social networking Scareware –Cost: $3.6 billion in 2008 (only in the U.S.) Data breaches

4 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t What’s for sale on black market? IT/GD Group Meeting, 05 February 2009

5 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Value of advertised goods $276 million (July 2007 – June 2008) IT/GD Group Meeting, 05 February 2009

6 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Real value of advertised goods Credit cards – $5.3 bilion Bank accounts – $1.7 billion, average balance $40,000 IT/GD Group Meeting, 05 February 2009

7 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Malicious tools Attack tools SPAM and phishing tools Malicious code Exploits IT/GD Group Meeting, 05 February 2009

8 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Attack tools TypeAverage PricePrice Range Botnet$225$150–$300 Autorooter$70$40–$100 SQL injection tools$63$15–$150 RFI scanner$26$5–$100 LFI scanner$23$15–$30 XSS scanner$20$10–$30 IT/GD Group Meeting, 05 February 2009

9 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Spam & phishing tools TypeAverage PricePrice Range Scam hosting$10$2–$80 Scam pages$10$2–$50 Spam software$9$3–$20 Mailers$7<$1–$20 Email addresses (per MB)$6<$1–$40 Scam letters$6$1–$10 IT/GD Group Meeting, 05 February 2009

10 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Malicious code TypeAverage PricePrice Range Binders$27$10–$100 Packers$24$4–$100 Trojans$24$15–$40 Keystroke loggers, password stealers$23$20–$30 IT/GD Group Meeting, 05 February 2009

11 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Exploits TypeAverage PricePrice Range Site-specific vulnerability (financial site)$740$100–$2,999 Remote file include exploit (500 links)$200$150–$250 Shopadmin (50 exploitable shops)$150$100–$200 Browser exploit$37$5–$60 IT/GD Group Meeting, 05 February 2009

12 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Software piracy IT/GD Group Meeting, 05 February 2009 Global loss for software companies: ~ $48 bilion (in 2007)

13 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Payment systems Online currency accounts – 63% –Service offered worldwide –Some providers do not require proof of identity –No government regulations. No requirement to monitor customers or transactions Trade of goods and services – 24% –Direct exchange between buyer and seller. Online payment service – 9% –Stolen credit cards –Compromised online payment accounts Wire transfer service – 3% IT/GD Group Meeting, 05 February 2009

14 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Security predictions for 2009 Security Analysis Changes from Technical to Financial Prioritization Malware as a Service Scareware More legitimate website hacking Social networking spam Impact of financial crisis Mobile malware Hacking on virtual words IT/GD Group Meeting, 05 February 2009

15 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Protection and Mitigation Education – e.g. IT Security Podcasts: –http://www.symantec.com/about/news/podcasts/http://www.symantec.com/about/news/podcasts/ –http://www.sophos.com/security/podcasts/http://www.sophos.com/security/podcasts/ –http://news.cnet.com/security-bites-podcast/http://news.cnet.com/security-bites-podcast/ Education – Group Meeting Presentations Keep confidential information in secure place Ensure security of your software (especially Web Applications) Apply all security patches IT/GD Group Meeting, 05 February 2009

16 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Sources http://www.symantec.com/business/theme.jsp?themeid=threat reporthttp://www.symantec.com/business/theme.jsp?themeid=threat report http://www.sophos.com/sophos/docs/eng/marketing_material/ sophos-security-threat-report-jan-2009-na.pdfhttp://www.sophos.com/sophos/docs/eng/marketing_material/ sophos-security-threat-report-jan-2009-na.pdf http://www.consumerreports.org/cro/electronics- computers/computers-internet/internet-and-other- services/protect-yourself-online/overview/protect-yourself- online-ov.htmhttp://www.consumerreports.org/cro/electronics- computers/computers-internet/internet-and-other- services/protect-yourself-online/overview/protect-yourself- online-ov.htm http://securitylabs.websense.com/content/Assets/WSL_Report _Web_1h08.pdfhttp://securitylabs.websense.com/content/Assets/WSL_Report _Web_1h08.pdf http://global.bsa.org/idcglobalstudy2007/studies/summaryfindi ngs_globalstudy07.pdfhttp://global.bsa.org/idcglobalstudy2007/studies/summaryfindi ngs_globalstudy07.pdf IT/GD Group Meeting, 05 February 2009

17 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Conlusion “Hacking isn’t a kid’s game anymore. It’s a big business” Internet attacks organized and designed to steal information and resources Security (like safety) is our responsibility!!! IT/GD Group Meeting, 05 February 2009

18 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Questions? IT/GD Group Meeting, 05 February 2009

Download ppt "CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Update on the underground economy and making profit on the black market Wojciech Lapka."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Cyber Stalking Cyber Stalking Phishing Hacker 1. Never reveal your home address !!! This rule is especially important for women who are business professionals.

Cyber Stalking Cyber Stalking Phishing Hacker 1. Never reveal your home address !!! This rule is especially important for women who are business professionals.
ISRT IS 376 OCTOBER 28, 2014 INTERNET SECURITY THREAT REPORT  2014.

ISRT IS 376 OCTOBER 28, 2014 INTERNET SECURITY THREAT REPORT  2014.
SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Target Data Breach – Cost of the Learning Curve Discuss the recent Target data breach and its impact on the industry as well as individuals January 29/30,

Target Data Breach – Cost of the Learning Curve Discuss the recent Target data breach and its impact on the industry as well as individuals January 29/30,
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
By Ashlee Parton, Kimmy McCoy, & Labdhi Shah

By Ashlee Parton, Kimmy McCoy, & Labdhi Shah
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Internet Security Awareness Presenter: Royce Wilkerson.

Internet Security Awareness Presenter: Royce Wilkerson.
Cyber X-Force-SMS alert system for E-mail threats.

Cyber X-Force-SMS alert system for threats.
Threats To A Computer Network

Threats To A Computer Network
Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.

Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.

Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Similar presentations

Ads by Google