Download - The Future of Hacking
The Future of Hacking
A Review of the Economics, Motivations, Tools, and Techniques of Cyber
Adversaries
5/7/2016 1 Richard S. Smith
Agenda
• Battlefield Assessment
• Hacking Economics
• Components of a Hack
• Hacker Traits
• Social Motivators
• Delivery and Transport
• Likely Targets
• Attack Tools
• Hacking R&D
5/7/2016 Richard S. Smith 2
Battlefield Assessment • Statista reports over 781 breaches
occurred in 2015 and 169 million sensitive records were exposed; a 97% increase from last year
• Ponemon’s 2015 Cost of Data Breach Report, data breaches cost Financial companies $259 per user; second highest average cost per breach by industry
• PwC’s, Global State of Information Security Survey 2015 reports the cost of global information security budgets decreased four percent when compared with 2013; security spending is stalled at four percent or less for the past five years
5/14/2016 Richard S. Smith 3
Hacking Economics Corporate costs of prevention are increasing while Hacker cost are decreasing. • Total cost to hackers for a successful
attack decreased due to: o Less time to execute successful attacks
o Improvement in hacker tools ($1,300 for sophisticated tools) o Decrease in the cost of computing power.
• Conversely, annualized cost of breaches last year was $7.7M with a broad range $.3M to $65M
• Financial Services and Energy breach costs are 67% greater (on average) than other industries
5/14/2016 Richard S. Smith 4
Components of a Hack
• People
• Motivators
• Transport
• Targets
• Tools or Methods
5/7/2016 Richard S. Smith 5
= PMT3
Hacker Traits
• Technical
• Creative
• Curious
• Resourceful
• Industrious
• Impatient
• Obsessive
• Self-absorbed
• Intellectual arrogance
5/14/2016 Richard S. Smith 6
Des
tru
ctiv
enes
s
Social Motivators
5/14/2016 Richard S. Smith 7
Casual Hacking
Fun and Thrill
Curiosity and Anonymity
Notoriety
Hacktivism or Moral Compass
Sabotage or Retaliatory
Property Destruction
Cyber Terrorism
Financial Gain
Ransom
Corporate Espionage
Intelligence Gathering
51%
29%
19%
1%
Delivery and Transport
Delivery Vehicle
• Spear-phishing email
• Phone call (social engineering and voicemail hacks)
• Reconnaissance or Scanning for unpatched devices in target network
Transport Method
• Cell phone
• Internet Cafes
• Home Network (utilize multiple hops for anonymity)
5/14/2016 Richard S. Smith 8
Likely Individual Targets
5/14/2016 Richard S. Smith 9
30%
40%
8%
6%
16%
IT Administrator
Contractor
Executive Assistant
Executive
Non-executive Employee
Attack Tools (Methods)
5/14/2016 Richard S. Smith 10
Attack Methods Probability Severity Expected
Loss
Malicious Code Moderate High High
Denial of Service Moderate Moderate Moderate
Phishing and Social Engineering Moderate Moderate Moderate
Web-based attacks Moderate Moderate Moderate
Malware High Low Low
Virus, worms, trojans High Low Low
Stolen devices Moderate Low Low
Botnets Moderate Low Low
Malicious insiders Low Low Low
Hacking R&D 1. Bitcoin: Criminals will exponentially increase the use of
Bitcoin to collect funds from criminal actions or as payment for new hacker tools
2. Social Media and Cloud Services: New attack vectors and platforms will emerge
3. Multi-vector DDoS Attacks: Use of Stressers/Booters will surpass traditional botnet attacks
4. Internet of Things: Increasing attacks on IoT devices (ATMs, planes, cars, smart home devices) will consume the news
5. Mobile attacks: Hackers will increasingly focus on malware affecting mobile devices and payment methods
6. Ransomware: Encryption will increasingly be used as a weapon against its victims
5/14/2016 Richard S. Smith 11
Malicious Code • Sophisticated malware borne
from legacy malware specifically aimed at stealing banking credentials
• Ransomware encrypts victim’s files and demands payment for decryption keys—all while using Bitcoin to transact payment
• ATM-focused cyber attacks that do not require skimmers, but utilize malicious code that can be loaded directly to the terminal
5/14/2016 Richard S. Smith 12
Hacking R&D
Distributed Denial of Service
• Stresser/booter-based botnets are the source of a vast majority of DDoS attacks
• DDoS tools rely heavily upon reflection techniques to generate massive amounts of traffic
• 56% of all DDoS attacks repeat targets
• China is the top country sourcing DDoS attacks and the gamer industry is the most frequent target
5/14/2016 Richard S. Smith 13
Hacking R&D
Phishing and Social Engineering
5/14/2016 Richard S. Smith 14
• In 2015, 90% of all phishing attacks were targeted at Financial Services
• Spear-phishing remains the attack method of choice for APT actors
• Gmail is used heavily as a drop point once usernames and passwords are stolen from a target
• Social media is used to market and distribute phishing kits and related goods and services
Hacking R&D
Web-based Attacks • Tor, Darknet, and Bitcoin are used in concert to
market and distribute exploits, like zero-days
• Increase in zero-day web-based tools available on the Darknet black market
• Hacker Toolkits provide configuration options to use different exploits
• Ransomeware campaigns use zero-day attacks for high-probability attacks that hit a large number of users simultaneously
5/14/2016 Richard S. Smith 15
Hacking R&D
Tech for Slowing Down Advanced Attackers
• Security intelligence or SIEM systems provide a significant ROI
• Deploying encryption technologies (storage, middle-tier, and database)
• Advanced perimeter controls such as UTM, NGFW, IPS with reputation feeds
• Hiring expert security staff, including a CISO
• Training your workforce to recognize attacks, especially spear-phishing
• Apply controls to systems based on the risk and sensitivity of the data
5/14/2016 Richard S. Smith 16
Questions?
“I'm a really good hacker, but
I'm not a sensible person.” –Richard D. James (Aphex Twin) British
electronic musician and composer
5/14/2016 Richard S. Smith 17
Sources • Ward, Peter. "The Future of Hacking: Your Planes, Trains and Automobiles
Aren't Safe." Newsweek. N.p., 07 July 2015. Web. 23 Apr. 2016.
• Press. "Thycotic Black Hat 2014." Thycotic Black Hat 2014 Hacker Survey
Executive Report (2014): n. pag. Thycotic. Aug. 2014. Web. 23 Apr. 2016.
• Kovaks, Eduard. "Ransomware: A Formidable Enterprise Threat |
SecurityWeek.Com." Ransomware: A Formidable Enterprise Threat |
SecurityWeek.Com. SecurityWeek, 30 Oct. 2015. Web. 23 Apr. 2016.
• Hassell, Jonathan. "You've Been Hit with Ransomware. Now What?" CIO. CIO,
21 Apr. 2016. Web. 24 Apr. 2016.
• Page, Jeremy. "4 Different Types of Attacks – Understanding the “Insider
Threat”." 4 Different Types of Attacks. CloudTweaks, 19 Jan. 2015. Web. 25 Apr.
2016.
5/14/2016 Richard S. Smith 18