Cybercrime and Cyber Threats - CBLA - Eric Vanderburg

© 2017 Technology Concepts & Design, Inc. All Rights Reserved.

Cybercrime and cyber threatsA glimpse of cybersecurity’s opponent

ERIC VANDERBURGVICE PRESIDENT, CYBERSECURITY

Cleveland Business Leaders Association

October 25, 2017


About UsTCDI founded in 1988

Microsoft Certified Partner since 2003

Services include:◦Digital forensics

◦ Cybersecurity

◦ eDiscovery

Minority owned enterprise

http://www.youtube.com/watch?feature=player_embedded&v=5xaks8A5mcs

http://www.youtube.com/watch?feature=player_embedded&v=5xaks8A5mcs


Over 40 certifications

Published author

Licensed private investigator

Expert witness and thought leader

18 years in cybersecurity

Specializations include: Risk management

Governance and compliance

Security strategy

ERIC VANDERBURGVICE PRESIDENT, CYBERSECURITY


Cyber threats and the criminals behind them

Techniques

Growth Factors

Organization

Regions


Techniques


Tier1: Entry-level techniques

◦Advance-Fee Fraud

◦Stranded Traveler Fraud

◦Romance Fraud

◦Ransomware


Tier 2: Moderate techniques◦Business Email Compromise

◦ Emails masquerading as an email from an executive

◦Tax Fraud

◦ Fake tax returns

◦ False IRS demands

◦Botherding

◦Deploying and managing bots


Tier 3: Advanced techniques◦Advanced Persistent Threats◦ Lengthy undetected access

◦ Long-term strategy

◦ Slowly acquire access to elements of the attack plan.

◦Advanced Ransomware Threats◦ Removes backups over a long period

◦ Destroys vital data when backups nolonger exist.

◦ Victims have no choice but to pay


Growth Factors


Human Resources◦Tech-savvy unemployment or underemployment

◦Over 200 million currently unemployed*

◦ Prototypical case: Russian tech industry in the 1990s

◦ Similar cases in many other countries since then

◦New college graduates with limited career prospects

◦ College graduates are more likely to turn to cybercrime in developing countries.

*United Nations International Labour Organization (ILO) 2017 Study


Anonymity

Tor

Bulletproof Hosting Services

Encrypted communications

Crypto currency and mixing

services

Decentralized messaging


Enabling Technologies◦Botnets

◦RaaS

◦Keyloggers

◦Crypters

◦Email extractors

◦Social engineering toolkits


Deep Web Markets

Credentials

PII

Tool kits

Lease services


Organization


Lower barriers to entry

Easy access to powerful tools

Bitcoin makes complex money laundering schemes unnecessary

Tools and techniques to maintain anonymity are prevalent

The market is large enough that competition is not a big issue

©2017 Technology Concepts & Design, Inc. All Rights Reserved.

Organized Crime

Born out of existing organized crime units

Function like corporations

Access to vast resources

Local connections and robust money laundering capabilities

Effectively combine cybercrime with traditional crime

©2017 Technology Concepts & Design, Inc. All Rights Reserved.

Disorganized Crime Small, agile groups

Members may operate as independent contractors

Some form from real life relationships

May excel at specific types of attacks or scams

Mentor new recruits


Tactical roles

Hackers

• perform attacks

• exploit network vulnerabilities

• Exploit weaknesses in systems and apps

Fraudsters

• Phish

• Execute con games to defraud victims

Distributors

• Spread ransomware, malware, and bots


Support roles

Programmers

• Write malicious code

• Develop exploits

Operations

• Maintain criminal systems and communication protocols

• Store data

• Host code

Traders

• List stolen items and goods on black markets

• Purchase goods and services

• Maintain relationships with upstream and downstream providers

Recruiters

• Identify and evaluate potential criminals

• Recruit money mules


Leadership◦Direct cybercrime groups

◦Ensure that members are compensated

◦Ensure necessary resources are available

◦Maintain order

◦Sanction members who do not obey the rules

◦Make hiring decisions

◦Terminate team members


Regions


Incident response phases

Russia

China

Eastern Europe

West Africa

United States


Russia◦Unspoken partnership between cybercrime syndicates and the Russian security services cy-ops

◦Russian hackers must not target Russian businesses or government entities

◦Many consider Russian hackers the most sophisticated in the world

◦Many groups developed after the fall of the Soviet Union

◦Mature underground markets and resources


China◦Cybercrime falls into a legal grey area with many believing it is ok

◦Motivations to acquire intellectual property

◦Many money laundering and significant amount of bank fraud

◦Theft of online gaming accounts is the second largest target


Eastern Europe◦Frequently team up with groups outside the EU to complicate law enforcement efforts

◦Many underground marketplaces for stolen goods and hacking tools

◦Robust malware development

◦Popular attacks include bitcoin theft and theft of personal information for sale on the black market


West Africa◦Many small groups or individuals who know each other in real life or grew up together

◦Popular career path for those with AIDS who have limited life expectancy

◦Predominantly use phishing based scams

◦Authorities rarely respond to cybercrime reports


United States◦Highly skilled attackers performing long-term attacks or developing malicious code

◦US residents are often recruited as money mules to launder money from attacks on US companies and citizens

◦Easy access to underground markets


Questions?

@evanderburg

216-664-1100

Date post:	23-Jan-2018
Category:	Technology
Upload:	eric-vanderburg
View:	293 times
Download:	3 times