+ All Categories
Home > Technology > Observations on Modern Cyber Crime and Espionage - Wade Baker, Verizon

Observations on Modern Cyber Crime and Espionage - Wade Baker, Verizon

Date post: 15-Jan-2015
Category:
Upload: akamai-technologies
View: 5,224 times
Download: 2 times
Share this document with a friend
Description:
Based on forensic evidence collected while investigating some of the largest data breaches in history, Wade Baker will present a rare view into the world of cyber crime & espionage. Over the last seven years, Baker and his colleagues have compiled one of the largest and most detailed security incident repositories in the world. Their research has been used by law enforcement agencies around the world to prosecute criminals as well as by numerous organizations to assess and improve their security program. The presentation will discuss the evolution of cybercrime & espionage and delve into the people, methods, and motives that drive it today. See Wade Baker's Edge Presentation: http://www.akamai.com/html/custconf/edgetv.html#wade-baker The Akamai Edge Conference is a gathering of the industry revolutionaries who are committed to creating leading edge experiences, realizing the full potential of what is possible in a Faster Forward World. From customer innovation stories, industry panels, technical labs, partner and government forums to Web security and developers' tracks, there’s something for everyone at Edge 2013. Learn more at http://www.akamai.com/edge
Popular Tags:
9
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Are modern threats so advanced, diverse, and unpredictable that we can’t mount any meaningful defense against them? > Let’s explore that question today
Transcript
Page 1: Observations on Modern Cyber Crime and Espionage - Wade Baker, Verizon

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

Are modern threats so advanced,

diverse, and unpredictable that we

can’t mount any meaningful defense

against them?

> Let’s explore that question today

Page 2: Observations on Modern Cyber Crime and Espionage - Wade Baker, Verizon
Page 3: Observations on Modern Cyber Crime and Espionage - Wade Baker, Verizon
Page 4: Observations on Modern Cyber Crime and Espionage - Wade Baker, Verizon

An ongoing study that analyzes forensic

evidence to uncover how sensitive data is

stolen from organizations, who’s doing it,

why they’re doing it, and what might be

done to prevent it.

Data Breach Investigations Report

• Australian Federal Police

• CERT Insider Threat Center

• Consortium of Cybersecurity Action

• Danish Ministry of Defence

• Danish National Police

• Deloitte

• Dutch Police

• Electricity Sector ISAC

• European Cyber Crime Center

• G-C Partners, LLC

• Guardia Civil

• Industrial Control Systems CERT

• Irish Reporting & InfoSec Service

• Malaysia CERT

• National Cybersecurity &

Communications Integration Center

• ThreatSim

• US CERT

• US Secret Service

• Verizon

--------------------------------------------------------------2013 CONTRIBUTORS--------------------------------------------------------------

Page 5: Observations on Modern Cyber Crime and Espionage - Wade Baker, Verizon

Adware , Backdoor , Brute force , Capture app data , Capture stored data , Client-side , C2 , Destroy data ,

Disable controls , DoS , Downloader , Exploit vuln , Export data , Packet sniffer , Password dumper , Ram

scraper , Ransomware , Rootkit , Scan network , Spam , Spyware , SQL injection , Utility , Worm , Abuse of

functionality , Brute force , Buffer overflow , Cache poisoning , Credential/session prediction , Cross-site

request forgery , Cross-site scripting , Cryptanalysis , Denial of service , Footprinting and fingerprinting ,

Forced browsing , Format string attack , Fuzz testing , HTTP request smuggling , HTTP request splitting , HTTP

response smuggling , HTTP Response Splitting , Integer overflows , LDAP injection , Mail command injection ,

Man-in-the-middle attack , Null byte injection , Offline cracking , OS commanding , Path traversal , Remote

file inclusion , Reverse engineering , Routing detour , Session fixation , Session replay , Soap array abuse ,

Special element injection , SQL injection , SSL injection , URL redirector abuse , Use of backdoor or C2 , Use of

stolen creds , XML attribute blowup , XML entity expansion , XML external entities , XML injection , XPath

injection , XQuery injection , Baiting , Bribery , Elicitation , Extortion , Forgery , Influence , Scam , Phishing ,

Pretexting , Propaganda , Spam , Knowledge abuse , Privilege abuse , Embezzlement , Data mishandling ,

Email misuse , Net misuse , Illicit content , Unapproved workaround , Unapproved hardware , Unapproved

software , Assault , Sabotage , Snooping , Surveillance , Tampering , Theft , Wiretapping , Classification error ,

Data entry error , Disposal error , Gaffe , Loss , Maintenance error , Misconfiguration , Misdelivery ,

Misinformation , Omission , Physical accidents , Capacity shortage , Programming error , Publishing error ,

Malfunction , Deterioration , Earthquake , EMI , ESD , Temperature , Fire , Flood , Hazmat , Humidity ,

Hurricane , Ice , Landslide , Lightning , Meteorite , Particulates , Pathogen , Power failure , Tornado , Tsunami ,

Vermin , Volcano , Leak , Wind

All threat actions defined within VERIS

Page 6: Observations on Modern Cyber Crime and Espionage - Wade Baker, Verizon

Top 20 threat actions observed across 2000+ data breaches

47%

41%

29%

28%

23%

21%

19%

12%

10%

10%

9%

9%

8%

7%

7%

6%

4%

4%

4%

4%

Brute force (Hacking)

Spyware (Malware)

Use of stolen creds (Hacking)

Export data (Malware)

Backdoor (Malware)

Use of backdoor or C2 (Hacking)

Tampering (Physical)

Disable controls (Malware)

Capture stored data (Malware)

Phishing (Social)

C2 (Malware)

Downloader (Malware)

Password dumper (Malware)

Unknown (Hacking)

Rootkit (Malware)

Unknown (Malware)

Privilege abuse (Misuse)

Adminware (Malware)

Embezzlement (Misuse)

Unapproved hardware (Misuse)

Overall

9%

19%

23%

22%

27%

23%

42%

8%

13%

21%

23%

21%

17%

6%

11%

1%

8%

4%

1%

2%

Larger orgs

Page 7: Observations on Modern Cyber Crime and Espionage - Wade Baker, Verizon

Computer and Electronic Product Man ufacturing (334)

Transportation Equipment Manufacturing (336)

Food and Beverage Stores (445)

Health and Personal Care Stores (446)

Gasoline Stations (447) Clothing and Clothing Accessor ies Stores (448)

Miscellaneous Store Retailers (453)

Nonstore Retailers (454)

Pipeline Transportation (486)

Publishing Industries (except Internet) (511)

Telecommunications (517)

Data Processing, Hosting, and Related Ser vices (518)

Other Information Services (519)

Credit Intermediation and Related Activities (522)

Professional, Scientific, and Technical Services (541)

Administrative and Support Services (561)

Ambulatory Health Care Services (621)

Accommodation (721)

Food Services and Drinking Places (722)

Executive, Legislative, and Other General Government Support (921)

Cluster analysis measuring similarity of incidents across industries

Page 8: Observations on Modern Cyber Crime and Espionage - Wade Baker, Verizon

Top threat scenarios observed across 2000+ data breaches

Something else

State espionage

Insider misuse

Web app hacks

Skimming devices

POS intrusions43%

22%

9%

9%

6%

11% 26%

24%

19%

19%

19%

15%

13%

13%

11%

11%

11%

11%

11%

9%

7%

7%

7%

6%

4%

4%

Spyware (Malware)

Backdoor (Malware)

Brute force (Hacking)

Export data (Malware)

Use of stolen creds (Hacking)

C2 (Malware)

Capture app data (Malware)

Downloader (Malware)

Client-side (Malware)

Extortion (Social)

Other (Hacking)

Phishing (Social)

Use of backdoor or C2 (Hacking)

Pretexting (Social)

Capture stored data (Malware)

Other (Malware)

Theft (Physical)

Unknown (Hacking)

Adminware (Malware)

Destroy data (Malware)

Page 9: Observations on Modern Cyber Crime and Espionage - Wade Baker, Verizon

< or >

Threats to your data?

47%

41%

29%

28%

23%

21%

19%

12%

10%

10%

9%

9%

8%

Brute force (Hacking)

Spyware (Malware)

Use of stolen creds…

Export data (Malware)

Backdoor (Malware)

Use of backdoor or C2…

Tampering (Physical)

Disable controls…

Capture stored data…

Phishing (Social)

C2 (Malware)

Downloader (Malware)

Password dumper…


Recommended