Property of Secure Network Technologies-Do Not Distribute or Post Without Written Permission-Copyrights and Trademark Apply

Transcription

1

2 Malware - Mules & Money Mobile Edition v2.0 By Steve Stasiukonis

3 What We Do Security Assessments & Penetration Tests Incident Response Digital Investigation & Forensic Services Technical Surveillance Countermeasure Services

4 Incident Statistics for 2014 Driven By Crimeware Spear Phishing Attacks Attacks Leveraged Stealing Credentials Sources: 2013Verizon Data Breach Investigations report

5 Who s Doing This?

6 Advanced Persistent Threat

7 The Advanced Persistent Threat Foreign Nationals & Nation States Hacktivists / Anarchists Organized Crime

8 Foreign Nationals & Nation States

9 Foreign Nationals & Nation States China Russia France

10 Foreign Nationals & Nation States

11 Foreign Nationals & Nation States China APT Group Expanding Their Market

12 Foreign Nationals & Nation States

13 Foreign Nationals & Nation States

14 Hacktivists / Anarchists Cult of the Dead Cow LulzSec Anonymous

15 Hacktivists / Anarchists

16 Anonymous

17 Anonymous Vs.

18 Anonymous

19 Anonymous

20 Anonymous

21 Organized Crime Vladimir Lenin Citibank $10 Mil Ehud Tenebaum $1.5 Mil Credit Cards Albert Gonzalez Shadow Crew TJ Maxx Dave & Busters Heartland

22 Hacker Resources

23 Malware

24 Why Malware Works

25 2013 Malware Numbers Over 150,000,000 in 2013 Sources: AV-Test, GmBH, av-test.org

26 2014 Malware Numbers Almost 300,000,000 Variants Sources: AV-Test, GmBH, av-test.org

27 Known vs. Zero Day Malware Internet Matches Signature = SQL Slammer Antivirus Applies Protection

28 Known vs. Zero Day Malware Internet ???????? No Signature = Zero Day Antivirus Limited to NO Protection

29 Crimeware

30 Low Orbit Ion Cannon Designed for Denial of Service Attacks Designed for Extorting Company Websites Used by Hacktivists (i.e. Anonymous)

31 High Orbit Ion Cannon Designed for Better Distributed Denial of Service Attacks Designed for Defeating Hardware

32 Weyland Yutani Designed to turn Mac OSX Computers into Zombies Uses Form Grabbing in Fire Fox, Google Chrome, Safari ipad Version soon to be released

33 Phoenix Disguised as Adobe & Java Update Designed for the theft of Credit Card Numbers

34 Phoenix Disguised as Adobe & Java Update Designed for the theft of Credit Card Numbers

35 SpyEye Designed to scrape Credit Card Numbers from PC s

36 SpyEye Author Claims Best Customer Service & Rivals Zeus

37 Zeus Builder Known as the Microsoft of Crimeware Designed to Harvest and Mine Victim Data

38 Builds Zero Day Exploits Creates and Manages a Bot Net of Infected Systems Steals the Authentication Credentials of Victims

39 Stats to Review & Manage Bot Net

40 ZeuS Victims Center View Infected Systems-Use These Proxies To Hide While Stealing From Victims

41 Zeus: Authentication/Credentials Capture Steal Logins and Passwords

42 Virtual Keystroke Collector To Capture Masked Passwords

43 Better Encryption Capability For Hiding the Bot Net

44 Bot-Nets

45 ATTACK VECTOR-Bot-Net Building Financial Institution

46 ATTACK VECTOR-Bot-Net Building HACKER

47 ATTACK VECTOR-Bot-Net Building Citadel Had Botnets within other Botnets

48 ATTACK VECTOR-Bot-Net (Distributed Denial of Service) Hardware Fails Data Passes Your Business

49 ATTACK VECTOR-Bot-Net (SPAM) Your Business

50 ATTACK VECTOR-Bot-Net (Pivot Point for Financial Theft) Your Business

51 Customer of a financial institution targeted. Zeus dashboard provides feedback. Hacker spams targets through spear phishing attack. Hacker Targeted Victim Methods of authentication compromised Hacker Collects Banking Credentials Hacker Logs into the Victims Online Account Hacker Moves Money To Mule in USA (2 Transactions) Mule Moves Money Overseas

52 Hire a Money Mule

53 Money Mules Types of Jobs Offered Personal Valet / Assistant Payment Processor Money Remittance Associate

54 Money Mules Common Characteristics Financially Distressed No Conscious Not Worried Scamming Others Average Computer Literacy

55 Money Mules Recruitment Newspaper Advertisements - Work From Home

56 Money Mules Recruitment Newspaper Advertisements - Work From Home

57 Money Mules Recruitment Internet Job Site

58 Money Mules Recruitment Craigslist

59 Money Mules Recruitment Street Signs

60 Money Mules Recruitment Internet Dating Sites

61 Money Mules Recruitment Almost Always Outside the US

62 Money Mules Recruitment Western Union 510,000 World Wide Locations

63 Case Studies

64 Case Study: Bad AV Fake AV For Protection UPS Command & Control MONEY Moved To Mules Loss $50,000

65 Case Study: Bad AV Physically Went to Banks To Withdraw Cash

66 Small Business Business PC Polluted with Malware Victim Uses Work Computer To View Inappropriate Content Business Owner Logged into Online Banking Site Command & Control Hackers Logged into Online Banking Site Bank IT Admins See Both Hacker and Business Owner Logged Into Site Kills Access to Both Transactions Processed by Hackers Loss Averted $1,000,000

67 Large Business Business Employee Clicks on UPS Command & Control in Ukraine Hacker Deletes Certificate From Employee Computer Hacker Steals New Certificate & Credentials Bank Re- Issues Certificate With New Credentials Hacker Wires Money to Mule Mule Wires Money Overseas Loss $1,000,000

68 Large Business-Ransomware Phishing Command & Control in Slovakia Displays Ransom Note

69

70 Large Business-Ransomware Phishing Command & Control in Slovakia Displays Ransom Note Convert Dollars to Bitcoin Loss $5,000 Transferred to ewallet

71 Questions