Unifying theGlobal Responseto Cybercrime
Measurement of cybercrime
Standardisation across Member States
CAMINO’s 3rd Experts Workshop
15th-16th June 2015Royal Holloway, University
of London, UK
Presented:
Jart Armin
Unifying theGlobal Responseto Cybercrime
Metrics, Economics, & Research Roadmap?
• The annual cost to the global economy from cybercrime?
• Direct cost to the EU of cybercrime?
• Direct cost to Germany ?
• Direct cost to UK?
• Cybercrime market globally itself?
• Market for security products and services?
• EU Research (H2020) into cybercrime?
• H2020 based on reduced cost of cybercrime?
• €300 billion Euros
• €13 billion ~0.4% GDP – 2014
• € 2.6 billion /annum
• € 2 billion /annum
• €15 billion / annum
• €50 billion / annum
• €50 million / annum?
• €5 million project = €50 million saving / annum in EU on cybercrime
Unifying theGlobal Responseto Cybercrime
Metrics (1) – Observation
General Mobile Cyber Metrics
2.8 Billion users of the Internet (~39% world population)3.7 Billion mobile subscribers (~50% world population)WWW Page views - 62% PCs v 38% Mobile devices7% of all urls maliscious
969 million websites — 39 million / month added (4%).
Over 100 billion emails processed / day (85% spam)
1.4 million browser user agents - bots - >20% for mobile
Unifying theGlobal Responseto Cybercrime
Metrics (2) Cybercrime Observations Measuring malicious events Source
Public Block List count: 1,018,203,532 IP addresses Spamhaus250 million in total identifiable malware AV-Test Org200,000 new malicious programs registered AV-Test Org1 million+ measurable cyber-attacks every day Akamai
330 active Real-time Blackhole Lists (RBL & DNSBL) Hostexploit€ 5.9 million = average annualized cost of data breaches Ponemon Institute
10.4% net increase cost of data breaches / annum Ponemon Institute250,000 – 500,000 malicious binaries / day Shadowserver~280 million malicious binaries collected Shadowserver6 / 10 million unique IP's sinkholed / day Shadowserver900,000 malicious domains / day Shadowserver500 of 55,686 ASNs worldwide (~1%) account for 85% of malicious activity Hostexploit
Unifying theGlobal Responseto Cybercrime
Cyber Threats – Attack TrafficThe macro effects of cybercrime
• Who or what are the intruders & attackers? • = probes, botnets, zombies, vulnerability scanners, scrapers,
malware, worms, DDoS, reflective traffic via misconfigured open resolvers.
Unifying theGlobal Responseto Cybercrime
Cyber Threats – Attack TrafficThe macro effects of cybercrime
“Attack traffic,” meaning countries and regions where: port probes, worm, malware, viruses, and reflection attacks………. originate.
Unifying theGlobal Responseto Cybercrime
Comparing “Intrusion Attempts” with “Peak Traffic Attacks”
The macro effects of cybercrime
• In 2009 - 2012 we observed a 95% correlation between data for intrusion attempts and Traffic attack size
• We extrapolated the data to make predictions up until 2014
Unifying theGlobal Responseto Cybercrime
Comparing “Intrusion Attempts” with “Peak Traffic Attacks”
• The data we predicted matches very well with the real data today
• There is now a 99% correlation between the intrusion data and the DDoS / Attack data
Unifying theGlobal Responseto Cybercrime
There is now a 99% correlation between the datasets
• Peak attack traffic:
• 2008 - just over 30 GBPs took out Georgia
• Unlawful intrusion attempts detected:
• 2014 - 4+ billion
• 2008 – 0.38 billion
Unifying theGlobal Responseto Cybercrime
Renewed predictions show attacks exceeding 1 Tbps by 2017
Unifying theGlobal Responseto Cybercrime
The Compromise of millions of mobile devices
Over the last year (2014/15) > 12 million cellular clients accounts have
been compromised in Europe alone.
Such major operators as EE, Orange France, Vodaphone, Talk Talk, O2...
Pacnet…and others have all been compromised and this involves
broadband accounts as well as cellular.
Added to this we see the Gemalto compromise which involves a
potential 2 billion SIM cards, for over 400 networks.
Regardless of who is behind these hacks and their purpose, the cellular
operators and cyber security community have to re-focus on to safer
cellular system client data and improved safeguards for clients
accounts.
Unifying theGlobal Responseto Cybercrime
Measurement of cybercrime
• Contact presenter at [email protected] if you are interested in:
• Asking questions
• Helping with the mobile project:
• The threats from and to the mobile infrastructure
• iBots & the Pocket Botnet
• Mobile Intrusion (micro & macro)
• Mobile Apps
• Mobile authentication
• Encryption for mobiles