El auge del cibercrimen / The rise of cyber crime

Tags:

Preview:

Click to see full reader

DESCRIPTION

Ponencia de Richard Stiennon. Analista jefe de Investigación. IT Harvest. Presentation by Richard Stiennon. Chief Research Analyst. IT Harvest. Curso de Verano / Summer Course CIGTR/URJC 2011

Citation preview

Cyber Crime Prepare for the next wave: Business Process Hacking

Richard Stiennon – Chief Research Analyst, IT-Harvest

Friday, July 1, 2011

IT-Harvest 2011

The Rise of Cybercrime

Ubiquitous Internet

New vulnerabilitiesMarket for identities

Success (profits) ‏30 million bots

Insider recruitmentOrganization

International cooperation (or not) ‏

Better security

DRIVERS

INHIBITORS

Friday, July 1, 2011

IT-Harvest 2011

Historical Criminal Societies

Friday, July 1, 2011

IT-Harvest 2011

The first wave: the adware economy

E-commerce Sites

Hit StatsFake “Top Ten”BrokersWebrings

Affiliate Web SitesSoftware parasitesWormsVirusesSpamInfected DesktopsADware

Friday, July 1, 2011

IT-Harvest 2011

The Adware economy

E-commerce Sites

Hit StatsPopularity- StatsBrokersWebrings

Affiliate Web SitesSoftware parasitesWormsVirusesSpamInfected DesktopsADware

Friday, July 1, 2011

IT-Harvest 2011

IP theft as a service in Israel

Friday, July 1, 2011

IT-Harvest 2011

Physical presence targets “where the money is” - Willie Sutton• Sumitomo Mitsui Bank Branch

Friday, July 1, 2011

IT-Harvest 2011

Cyber Defense :-) Sumitomo Best Practice

Friday, July 1, 2011

IT-Harvest 2011

Stop&Shop

Friday, July 1, 2011

IT-Harvest 2011

Stop&Shop cyber defense

Friday, July 1, 2011

IT-Harvest 2011

TJX: targeting data repositoriesTJ MAXX, Marshall’s45 Million Credit cards@ $80/card=$3.6 Billion in costs!

Pringle’s can or…?

Friday, July 1, 2011

IT-Harvest 2011

Business Process Hacking• Step one: identify the business process• Step two: identify key vulnerabilities and trust

relationships Insiders Customers Partners

• Step three: steal something• Step four: monitization

12

Friday, July 1, 2011

IT-Harvest 2011

An insider’s perspective• Major railroad in US• Major computer manufacturer in US

13

Friday, July 1, 2011

IT-Harvest 2011

Pump and dump• Break in to online trading account• Sell off owner’s portfolio• Purchase penny stocks • Dump attacker’s holdings when stock price jumps• Leave account holder with worthless portfolio• Canadian attacks thwarted $11 million frozen in

Lithuanian bank.

14

Friday, July 1, 2011

IT-Harvest 2011

E-ticketing fraud• Indian railway reservations. Scalpers use software to

corner the market for tickets and resell them at a mark up.

• Concert tickets. Scammers snipe tickets when they go on sale using elaborate hacks to avoid fraud detection schemes. They resell them immediately on sites such as StubHub.com or TicketsNow.com ($1,000)

• Even better: scammers buy seats and block others from getting seats.

15

Friday, July 1, 2011

IT-Harvest 2011

Carbon credits• 2010 Phishing attack against dozens of companies • Seven out of 2,000 German companies fall for it• Carbon credits transferred to two accounts owned by

attackers• $4 million stolen

• 2011 1.6 million carbon credits stolen from the Romanian branch of Swiss cement company Holcim. $36 million.

16

Friday, July 1, 2011

IT-Harvest 2011

Vulnerable business processes• Treasury functions• Logistics• Payroll• Trading platforms for energy, natural resources, commodities,

securities• Voting platforms• Gaming sites• Foreign Exchange• “Deal rooms” • Central banks•

17

Friday, July 1, 2011

IT-Harvest 2011

Beyond theft

• Commerce relies on trust. Break that trust and commerce fails.

18

Friday, July 1, 2011

richard@it-harvest.comthreatchaos.comtwitter.com/stiennon

Friday, July 1, 2011

Recommended

CYBER SECURITY STRATEGY · la unidad del FBI especializada en cibercrimen (IC3, In-ternet Crime Compliant Center),se puede observar un crecimiento considerable en las pérdidas derivadas
Documents
El cibercrimen jhoana
Internet
Cibercrimen y cibervictimización en Europa: instituciones ... · Cibercrimen y cibervictimización en Europa: instituciones involucradas en la prevención del ciberdelito en el Reino
Documents
Tecnica legislativa del cibercrimen
Documents
Cibercrimen en-el-peru-diapos-ely
Education
El Pulso del Cibercrimen en 2016
Documents
Cibercrimen en la sociedad
Documents
El cibercrimen
Documents
El Cibercrimen y delitos informaticos
Technology
MEDIDAS EFECTIVAS PARA PREVENIR EL CIBERCRIMEN
Documents
Cibercrimen - Instituto de Auditores Internos de Argentina€¦ · Cibercrimen Desafios Herramientas Legales Cooperacion Internacional Cooperacion Publico Privada. Cibercrimen Desafios
Documents
Informe SAFE - Tendencias del Cibercrimen 2021 - 2022
Documents
Cibercrimen point
Documents
CIBERCRIMEN Y LOS FENOMENOS EMERGENTES JEFATURA NACIONAL DE DELITOS ECONÓMICOS BRIGADA INVESTIGADORA DEL CIBERCRIMEN METROPOLITANA
Documents
Cibercrimen diapositivas
Law
Tácticas y técnicas del cibercrimen: 2T 2018
Documents
Cibercrimen y Ciberterrorismo
Documents
Abogado especializado en Cibercrimen Privacidad y Negocios ... · Cibercrimen, Privacidad y Negocios Digitales. Director de: Profesor de Derecho Informático en diversas instituciones
Documents
Trabajo encargado cibercrimen
Documents
cibercrimen en bancos potosinos - Plano Informativo
Documents