Malware - Mules & Money Mobile Edition v2.0 By Steve Stasiukonis
What We Do Security Assessments & Penetration Tests Incident Response Digital Investigation & Forensic Services Technical Surveillance Countermeasure Services
Incident Statistics for 2014 Driven By Crimeware Spear Phishing Attacks Attacks Leveraged Stealing Credentials Sources: 2013Verizon Data Breach Investigations report
Who s Doing This?
Advanced Persistent Threat
The Advanced Persistent Threat Foreign Nationals & Nation States Hacktivists / Anarchists Organized Crime
Foreign Nationals & Nation States
Foreign Nationals & Nation States China Russia France
Foreign Nationals & Nation States
Foreign Nationals & Nation States China APT Group Expanding Their Market
Foreign Nationals & Nation States
Foreign Nationals & Nation States
Hacktivists / Anarchists Cult of the Dead Cow LulzSec Anonymous
Hacktivists / Anarchists
Anonymous
Anonymous Vs.
Anonymous
Anonymous
Anonymous
Organized Crime Vladimir Lenin Citibank $10 Mil Ehud Tenebaum $1.5 Mil Credit Cards Albert Gonzalez Shadow Crew TJ Maxx Dave & Busters Heartland
Hacker Resources
Malware
Why Malware Works
2013 Malware Numbers Over 150,000,000 in 2013 Sources: 9-9-2013 AV-Test, GmBH, av-test.org
2014 Malware Numbers Almost 300,000,000 Variants Sources: 9-9-2013 AV-Test, GmBH, av-test.org
Known vs. Zero Day Malware Internet 10010100010100100101000101010 Matches Signature = SQL Slammer Antivirus Applies Protection
Known vs. Zero Day Malware Internet 0001010100100100101000101010???????? No Signature = Zero Day Antivirus Limited to NO Protection
Crimeware
Low Orbit Ion Cannon Designed for Denial of Service Attacks Designed for Extorting Company Websites Used by Hacktivists (i.e. Anonymous)
High Orbit Ion Cannon Designed for Better Distributed Denial of Service Attacks Designed for Defeating Hardware
Weyland Yutani Designed to turn Mac OSX Computers into Zombies Uses Form Grabbing in Fire Fox, Google Chrome, Safari ipad Version soon to be released
Phoenix Disguised as Adobe & Java Update Designed for the theft of Credit Card Numbers
Phoenix Disguised as Adobe & Java Update Designed for the theft of Credit Card Numbers
SpyEye Designed to scrape Credit Card Numbers from PC s
SpyEye Author Claims Best Customer Service & Rivals Zeus
Zeus Builder Known as the Microsoft of Crimeware Designed to Harvest and Mine Victim Data
Builds Zero Day Exploits Creates and Manages a Bot Net of Infected Systems Steals the Authentication Credentials of Victims
Stats to Review & Manage Bot Net
ZeuS Victims Center View Infected Systems-Use These Proxies To Hide While Stealing From Victims
Zeus: Authentication/Credentials Capture Steal Logins and Passwords
Virtual Keystroke Collector To Capture Masked Passwords
Better Encryption Capability For Hiding the Bot Net
Bot-Nets
ATTACK VECTOR-Bot-Net Building Financial Institution
ATTACK VECTOR-Bot-Net Building HACKER
ATTACK VECTOR-Bot-Net Building Citadel Had Botnets within other Botnets
ATTACK VECTOR-Bot-Net (Distributed Denial of Service) Hardware Fails Data Passes Your Business
ATTACK VECTOR-Bot-Net (SPAM) Your Business
ATTACK VECTOR-Bot-Net (Pivot Point for Financial Theft) Your Business
Customer of a financial institution targeted. Zeus dashboard provides feedback. Hacker spams targets through spear phishing attack. Hacker Targeted Victim Methods of authentication compromised Hacker Collects Banking Credentials Hacker Logs into the Victims Online Account Hacker Moves Money To Mule in USA (2 Transactions) Mule Moves Money Overseas
Hire a Money Mule
Money Mules Types of Jobs Offered Personal Valet / Assistant Payment Processor Money Remittance Associate
Money Mules Common Characteristics Financially Distressed No Conscious Not Worried Scamming Others Average Computer Literacy
Money Mules Recruitment Newspaper Advertisements - Work From Home
Money Mules Recruitment Newspaper Advertisements - Work From Home
Money Mules Recruitment Internet Job Site
Money Mules Recruitment Craigslist
Money Mules Recruitment Street Signs
Money Mules Recruitment Internet Dating Sites
Money Mules Recruitment Almost Always Outside the US
Money Mules Recruitment Western Union 510,000 World Wide Locations
Case Studies
Case Study: Bad AV Fake AV For Protection UPS Email Command & Control MONEY Moved To Mules Loss $50,000
Case Study: Bad AV Physically Went to Banks To Withdraw Cash
Small Business Business PC Polluted with Malware Victim Uses Work Computer To View Inappropriate Content Business Owner Logged into Online Banking Site Command & Control Hackers Logged into Online Banking Site Bank IT Admins See Both Hacker and Business Owner Logged Into Site Kills Access to Both Transactions Processed by Hackers Loss Averted $1,000,000
Large Business Business Employee Clicks on UPS Email Command & Control in Ukraine Hacker Deletes Certificate From Employee Computer Hacker Steals New Certificate & Credentials Bank Re- Issues Certificate With New Credentials Hacker Wires Money to Mule Mule Wires Money Overseas Loss $1,000,000
Large Business-Ransomware Phishing Email Command & Control in Slovakia Displays Ransom Note
Large Business-Ransomware Phishing Email Command & Control in Slovakia Displays Ransom Note Convert Dollars to Bitcoin Loss $5,000 Transferred to ewallet
Questions