Upload
vuongngoc
View
227
Download
5
Embed Size (px)
Citation preview
•
•
•
–
–
–
–
•–
–
–
–
–
–
•
•
•
–
•
•
•
–
•
•
•
•
•–
–
•–
•–
–
•–
–Dancho Danchev Bloghttp://ddanchev.blogspot.com/2008/06/price-discrimination-in-market-for.html
“Hacker Forums” and online advertisements (Personal Research)
Kaspersky Labs – The Economics of Botnets http://www.securelist.com/en/analysis/204792068/The_economics_of_Botnets
•
•
–
–
•
–
•
–
•
–
•
•
•
•
•
•
•
•
•
1. Spearphishing w/doc exploit
2. User opens msg3. Attacker installs
backdoor4. Attacker propagates5. Attacker elevates
•
–
–
–
–
•
–McAfee Blogs – Latest Spyeye Botnet Active and Cheaper
http://blogs.mcafee.com/mcafee-labs/latest-spyeye-botnet-active-and-cheaper
Personal Research on forums and google indexed malware pricing lists
McAfee Blogs – Latest Spyeye Botnet Active and Cheaper
http://blogs.mcafee.com/mcafee-labs/latest-spyeye-botnet-active-and-cheaper
Personal Research on forums and google indexed malware pricing lists
•
•
•–
•
–•
•
•
–•
•
•
–
•
–
–
•
•
–
–
–
–
Security Week – Black Hole Exploithttp://www.securityweek.com/black-hole-exploit-business-savvy-cyber-gang-driving-massive-wave-fraud
GoDaddy Hostinghttp://www.godaddy.com
Gamma Internationalhttp://wiki.echelon2.org/wiki/Gamma_International
RSA Monthly Fraud Report – May 2012http://goo.gl/v6wye
Security Week – Black Hole Exploithttp://www.securityweek.com/black-hole-exploit-business-savvy-cyber-gang-driving-massive-wave-fraud
GoDaddy Hostinghttp://www.godaddy.com
Gamma Internationalhttp://wiki.echelon2.org/wiki/Gamma_International
RSA Monthly Fraud Report – May 2012http://goo.gl/v6wye
•–
•–
•–
–
1YR total:$111,000
Does not include:
Cost of people
Cost of risk of illicit / illegal activity
•
–
–
–
•
–
•
–
•
–
•
•
•
$80,000
$3,450
$18,315
Initial access CVE-2013-0025
Poison Ivy
$66,000
Antivirus
Patch management, solution
$3,500Firewall
Attacker$0
Defender$171,265
SCALE500 Seats
MSF Community Edition
Maintenance (15%)
Security Engineer
$167,815
$120,000
$320,000$1500
Initial access CVE-2013-0025(still free)
Exploit Kit
Everything from before
$21,700Web Proxy
Attacker$2500
Defender$645,720
Backdoor
C2
$150
$540
$538
Packer
Application Whitelisting$12,500
Head Security Engineer
5 Security engineers
$642,720
$400,000
$550,000
$1,500,000
$2,000Exploit Kit
Everything from before
$28,100
SIEM
Attacker$110,000
Defender$3,150,000
0day
C2
$4,239
$90,000
$13,364 NIDS
$16,000
10 Security Engineers
HIDS$???
$??????
Commercial Backdoor
“There are known knowns; there are things
we know we know.
We also know there are known unknowns;
that is to say, we know there are some
things we do not know.
But there are also unknown unknowns –
the ones we don’t know we don’t know.”
~US SECDEF Donald Rumsfeld2 SIEM Engineers
•
•
–
–
–
•
–
–
•
•
•
•
•
•
–
–
–
–
•
•
•
•
•
•
•
•
•
–
•
–
–
–
–
•
•
•
–
–
–
•
•
•
•
•
•
•
•
•
–
–
•
•
•
@wepIVblog.blackthc.com