the dark side of the internet
TRANSCRIPT
The Dark Side of the InternetAnd Why You Shouldn’t Care
CEO of BH Consulting – Independent Information Security Firm
Founder & Head of IRISSCERT – Ireland’s first Computer Emergency Response Team
Special Advisor on Internet Security Europol's CyberCrime Centre (EC3)
Expert Advisor to European Network & Information Security Agency (ENISA)
Adjunct Lecturer at University College Dublin
Regularly comments on media stories – BBC, Forbes, Bloomberg, FT, Guardian, Sunday Times
Who Am I?
“Because that's where the money is.”
Willie Sutton
So Why Should I Care?
So Really Why Should I Care?
$1-$6 US Credit card number
$2-$12 UK Credit card number
$5-$50 Medical ID card
$6-$18 Basic identity information
$7 PayPal account with credentials
$50-$500 PayPal verified with balance
$20 DDoS attack from bot army (per hour)
$30 Passwords to consumer credit reports
$50 to $60 Health/medical record
$140 10 million email addresses
$200 Malicious Software Toolkit
$500 20 million SPAMs sent from bot army
$100-$2000 Malware as a Service (MaaS)
$1000-$5000 Online banking accounts with a balance
$10000 0-Day Exploit
Why Should I Care?
CyberCrimeIn
Ireland
63% believe their organisation is only partially equipped.
49% rate their overall readiness as fair or poor.
33% believe detection capabilities are inadequate.
30% believe evolving technical threats are biggest challenges.
Irish Computer Society
33% of organisations experienced a cyber breach in the past 2 years with 44% of organisations selling online have experienced a cyber breach
84% of directors say their organisation will increase spending on cyber security measures over the next 3 years
69% of directors claim their organisation is prepared or very prepared for a cyber breach
Institute of Directors in Ireland
Website Hacked
Data Protection Breach
Email Accounts Hacked
Loss Theft/Mobile Device
Computer Virus
0% 10% 20% 30% 40% 50% 60% 70%
19%
25%
28%
46%
64%
Top Five Breaches
Institute of Directors in Ireland
2014 - Incidents
6534
2015 - Incidents
26,137
2015 - IncidentsPhishing Hosted
7%
Malware45%
Denial of Service11%
Botnet C&C Servers11%
DDOS Outbound26%
2015 - Incidents
Org Crime, 74%
Other, 26%
Poor PasswordsMissing PatchesVulnerabilities
Web ApplicationsWeb PlatformsOut of date software (Windows XP)
Out of Date Anti-Virus SoftwareLack of Monitoring
Root Causes
DDoS Extortion Ransomware CEO Fraud SQL Injection
Current Issues/Concerns
To introduce ourselves first:
https://blogs.akamai.com/2014/12/dd4bc-anatomy-of-a-bitcoin-extortion-campaign.html
http://bitcoinbountyhunter.com/bitalo.html
http://cointelegraph.com/news/113499/notorious-hacker-group-involved-in-excoin-theft-owner-accuses-ccedk-of-withholding-info
Recently we were DDoS-ing Neteller:
https://twitter.com/neteller/status/583363894665715712
Yes, our attacks are powerful.
So, it’s your turn!
Your sites are going under attack unless you pay 100 Bitcoin.
Pay to 1XXXXXXXXXXXXXXXXXXXXX
Please note that it will not be easy to mitigate our attack, because our current UDP flood power is 400-500 Gbps, so don't even bother. At least, don't expect cheap services like CloudFlare or Incapsula to help...but you can try. :)
Right now we are running small demonstrative attack.Don't worry, it will not be that hard (it shouldn't crash your site) and it will stop in 1 hour. It's just to prove that we are serious.
We are aware that you probably don't have 100 BTC at the moment, so we are giving you 24 hours.
Find the best exchanger for you onhttps://localbitcoins.com orhttp://howtobuybitcoins.infoYou can pay directly through exchanger to our BTC address, you don't even need to have BTC wallet.
Current price of 1 BTC is about 230 USD, so we are cheap, at the moment. But if you ignore us, price will increase.
IMPORTANT: You don’t even have to reply. Just pay 100 BTC to 1XXXXXXXXXXXXXXXXXXXXX – we will know it’s you and you will never hear from us again.We say it because for big companies it's usually the problem as they don't want that there is proof that they cooperated. If you need to contact us, feel free to use some free email service. Or contact us via Bitmessage: BM-XXXXXXXXXXXXXXXXXX
But if you ignore us, and don't pay us within a given time, long term attack will start, price to stop will go to 200 BTC and will keep increasing for every hour of attack.
IMPORTANT: It’s a one-time payment. Pay and you will not hear from us ever again!
We do bad things, but we keep our word.
To introduce ourselves first:
https://blogs.akamai.com/2014/12/dd4bc-anatomy-of-a-bitcoin-extortion-campaign.html
http://bitcoinbountyhunter.com/bitalo.html
http://cointelegraph.com/news/113499/notorious-hacker-group-involved-in-excoin-theft-owner-accuses-ccedk-of-withholding-info
Recently we were DDoS-ing Neteller:https://twitter.com/neteller/status/583363894665715712
Yes, our attacks are powerful.So, it’s your turn!
Your sites are going under attack unless you pay 100 Bitcoin.
Pay to 1XXXXXXXXXXXXXXXXXXXXX
Please note that it will not be easy to mitigate our attack, because our current UDP flood power is 400-500 Gbps, so don't even bother. At least, don't expect cheap services like CloudFlare or Incapsula to help...but you can try. :)
Right now we are running small demonstrative attack.Don't worry, it will not be that hard (it shouldn't crash your site) and it will stop in 1 hour. It's just to prove that we are serious.
We are aware that you probably don't have 100 BTC at the moment, so we are giving you 24 hours.
Find the best exchanger for you onhttps://localbitcoins.com orhttp://howtobuybitcoins.infoYou can pay directly through exchanger to our BTC address, you don't even need to have BTC wallet.
Current price of 1 BTC is about 230 USD, so we are cheap, at the moment. But if you ignore us, price will increase.
IMPORTANT: You don’t even have to reply. Just pay 100 BTC to 1XXXXXXXXXXXXXXXXXXXXX – we will know it’s you and you will never hear from us again.We say it because for big companies it's usually the problem as they don't want that there is proof that they cooperated. If you need to contact us, feel free to use some free email service. Or contact us via Bitmessage: BM-XXXXXXXXXXXXXXXXXX
But if you ignore us, and don't pay us within a given time, long term attack will start, price to stop will go to 200 BTC and will keep increasing for every hour of attack.
IMPORTANT: It’s a one-time payment. Pay and you will not hear from us ever again!
We do bad things, but we keep our word.
To introduce ourselves first:
https://blogs.akamai.com/2014/12/dd4bc-anatomy-of-a-bitcoin-extortion-campaign.html
http://bitcoinbountyhunter.com/bitalo.html
http://cointelegraph.com/news/113499/notorious-hacker-group-involved-in-excoin-theft-owner-accuses-ccedk-of-withholding-info
Recently we were DDoS-ing Neteller:
https://twitter.com/neteller/status/583363894665715712
Yes, our attacks are powerful.
So, it’s your turn!Your sites are going under attack unless you pay 100 Bitcoin.
Pay to 1XXXXXXXXXXXXXXXXXXXXX
Please note that it will not be easy to mitigate our attack, because our current UDP flood power is 400-500 Gbps, so don't even bother. At least, don't expect cheap services like CloudFlare or Incapsula to help...but you can try. :)
Right now we are running small demonstrative attack.Don't worry, it will not be that hard (it shouldn't crash your site) and it will stop in 1 hour. It's just to prove that we are serious.
We are aware that you probably don't have 100 BTC at the moment, so we are giving you 24 hours.
Find the best exchanger for you onhttps://localbitcoins.com orhttp://howtobuybitcoins.infoYou can pay directly through exchanger to our BTC address, you don't even need to have BTC wallet.
Current price of 1 BTC is about 230 USD, so we are cheap, at the moment. But if you ignore us, price will increase.
IMPORTANT: You don’t even have to reply. Just pay 100 BTC to 1XXXXXXXXXXXXXXXXXXXXX – we will know it’s you and you will never hear from us again.We say it because for big companies it's usually the problem as they don't want that there is proof that they cooperated. If you need to contact us, feel free to use some free email service. Or contact us via Bitmessage: BM-XXXXXXXXXXXXXXXXXX
But if you ignore us, and don't pay us within a given time, long term attack will start, price to stop will go to 200 BTC and will keep increasing for every hour of attack.
IMPORTANT: It’s a one-time payment. Pay and you will not hear from us ever again!
We do bad things, but we keep our word.
To introduce ourselves first:
https://blogs.akamai.com/2014/12/dd4bc-anatomy-of-a-bitcoin-extortion-campaign.html
http://bitcoinbountyhunter.com/bitalo.html
http://cointelegraph.com/news/113499/notorious-hacker-group-involved-in-excoin-theft-owner-accuses-ccedk-of-withholding-info
Recently we were DDoS-ing Neteller:
https://twitter.com/neteller/status/583363894665715712
Yes, our attacks are powerful.
So, it’s your turn!
Your sites are going under attack unless you pay 100 Bitcoin = (€22000)Pay to 1XXXXXXXXXXXXXXXXXXXXX
Please note that it will not be easy to mitigate our attack, because our current UDP flood power is 400-500 Gbps, so don't even bother. At least, don't expect cheap services like CloudFlare or Incapsula to help...but you can try. :)
Right now we are running small demonstrative attack.Don't worry, it will not be that hard (it shouldn't crash your site) and it will stop in 1 hour. It's just to prove that we are serious.
We are aware that you probably don't have 100 BTC at the moment, so we are giving you 24 hours.
Find the best exchanger for you onhttps://localbitcoins.com orhttp://howtobuybitcoins.infoYou can pay directly through exchanger to our BTC address, you don't even need to have BTC wallet.
Current price of 1 BTC is about 230 USD, so we are cheap, at the moment. But if you ignore us, price will increase.
IMPORTANT: You don’t even have to reply. Just pay 100 BTC to 1XXXXXXXXXXXXXXXXXXXXX – we will know it’s you and you will never hear from us again.We say it because for big companies it's usually the problem as they don't want that there is proof that they cooperated. If you need to contact us, feel free to use some free email service. Or contact us via Bitmessage: BM-XXXXXXXXXXXXXXXXXX
But if you ignore us, and don't pay us within a given time, long term attack will start, price to stop will go to 200 BTC and will keep increasing for every hour of attack.
IMPORTANT: It’s a one-time payment. Pay and you will not hear from us ever again!
We do bad things, but we keep our word.
To introduce ourselves first:
https://blogs.akamai.com/2014/12/dd4bc-anatomy-of-a-bitcoin-extortion-campaign.html
http://bitcoinbountyhunter.com/bitalo.html
http://cointelegraph.com/news/113499/notorious-hacker-group-involved-in-excoin-theft-owner-accuses-ccedk-of-withholding-info
Recently we were DDoS-ing Neteller:
https://twitter.com/neteller/status/583363894665715712
Yes, our attacks are powerful.
So, it’s your turn!
Your sites are going under attack unless you pay 100 Bitcoin.
Pay to 1XXXXXXXXXXXXXXXXXXXXX
Please note that it will not be easy to mitigate our attack, because our current UDP flood power is 400-500 Gbps, so don't even bother. At least, don't expect cheap services like CloudFlare or Incapsula to help...but
you can try. :)
Right now we are running small demonstrative attack.Don't worry, it will not be that hard (it shouldn't crash your site) and it will stop in 1 hour. It's just to prove that we are serious.We are aware that you probably don't have 100 BTC at the moment, so we are giving you 24 hours.Find the best exchanger for you onhttps://localbitcoins.com orhttp://howtobuybitcoins.infoYou can pay directly through exchanger to our BTC address, you don't even need to have BTC wallet.
Current price of 1 BTC is about 230 USD, so we are cheap, at the moment. But if you ignore us, price will increase.
IMPORTANT: You don’t even have to reply. Just pay 100 BTC to 1XXXXXXXXXXXXXXXXXXXXX – we will know it’s you and you will never hear from us again.We say it because for big companies it's usually the problem as they don't want that there is proof that they cooperated. If you need to contact us, feel free to use some free email service. Or contact us via Bitmessage: BM-XXXXXXXXXXXXXXXXXX
But if you ignore us, and don't pay us within a given time, long term attack will start, price to stop will go to 200 BTC and will keep increasing for every hour of attack.
IMPORTANT: It’s a one-time payment. Pay and you will not hear from us ever again!
We do bad things, but we keep our word.
To introduce ourselves first:
https://blogs.akamai.com/2014/12/dd4bc-anatomy-of-a-bitcoin-extortion-campaign.html
http://bitcoinbountyhunter.com/bitalo.html
http://cointelegraph.com/news/113499/notorious-hacker-group-involved-in-excoin-theft-owner-accuses-ccedk-of-withholding-info
Recently we were DDoS-ing Neteller:
https://twitter.com/neteller/status/583363894665715712
Yes, our attacks are powerful.
So, it’s your turn!
Your sites are going under attack unless you pay 100 Bitcoin.
Pay to 1XXXXXXXXXXXXXXXXXXXXX
Please note that it will not be easy to mitigate our attack, because our current UDP flood power is 400-500 Gbps, so don't even bother. At least, don't expect cheap services like CloudFlare or Incapsula to help...but you can try. :)
Right now we are running small demonstrative attack.Don't worry, it will not be that hard (it shouldn't crash your site) and it will stop in 1 hour. It's just to prove that we are serious.
We are aware that you probably don't have 100 BTC at the moment, so we are giving you 24 hours.
Find the best exchanger for you onhttps://localbitcoins.com orhttp://howtobuybitcoins.infoYou can pay directly through exchanger to our BTC address, you don't even need to have BTC wallet.
Current price of 1 BTC is about 230 USD, so we are cheap, at the moment. But if you ignore us, price will increase.
IMPORTANT: You don’t even have to reply. Just pay 100 BTC to 1XXXXXXXXXXXXXXXXXXXXX – we will know it’s you and you will never hear from us again.We say it because for big companies it's usually the problem as they don't want that there is proof that they cooperated. If you need to contact us, feel free to use some free email service. Or contact us via Bitmessage: BM-XXXXXXXXXXXXXXXXXX
But if you ignore us, and don't pay us within a given time, long term attack will start, price to stop will go to 200 BTC and will keep increasing for every hour of attack.
IMPORTANT: It’s a one-time payment. Pay and you will not hear from us ever again!
We do bad things, but we keep our word.
Ransomware
CEO Fraud
CEO Fraud
Criminals Target Company
Get Details on Company LinkedIn About Us Pages Press Releases News Stories
Understand Hierarchy
CEO Fraud Spoof CEO Email
Address Compromise CEO Email
Account OWA/Web Based
Email Password Guessing Password reuse by
CEO from other breach
Infect CEO’s PC to gather Passwords
CEO Fraud Send Urgent Email to
CFO as CEO Requesting Payment to new
vendor Change in existing
vendor payments BCC to email account
under Criminal’s control
Criminal acting as CEO
Criminal’s own email account
CEO Fraud Criminal’s fake account
looks similar to real account;
[email protected]@Connpanyabc.com
Criminal now in control of conversation
If still in control of CEO mailbox, delete emails of ongoing conversation
CEO Fraud Can even take part in
conversation with supplier
Monitor emails to Genuine supplier account
Set up fake supplier email [email protected]@suppIier.com(note L in 2nd supplier address is uppercase i)
CEO Fraud Payment is made to Bank account under criminals’
control
How To Defend
Security Is An Enabler
Identify & Value Key Assets
Establish Policies
Security Awareness
Training
Monitor & Respond
Information Sharing
Secure Coding
Other Mechanisms Mobile Device Management (MDM)
Enforce Policies across devices Network Access Control Data Leakage Prevention Digital Rights Management Monitor Log Files for Access Check Corporate Credit Card Statements Encrypted & Secure USB Devices End Point Management Mobile Malware Protection
