insert awesome quote - · pdf file“hacker forums” and online advertisements ......
TRANSCRIPT
![Page 1: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/1.jpg)
![Page 2: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/2.jpg)
![Page 3: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/3.jpg)
![Page 4: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/4.jpg)
•
•
•
–
–
–
–
![Page 5: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/5.jpg)
•–
–
–
–
–
–
•
•
![Page 6: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/6.jpg)
•
–
•
•
•
–
•
•
•
•
![Page 7: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/7.jpg)
•–
–
•–
•–
–
•–
–Dancho Danchev Bloghttp://ddanchev.blogspot.com/2008/06/price-discrimination-in-market-for.html
“Hacker Forums” and online advertisements (Personal Research)
Kaspersky Labs – The Economics of Botnets http://www.securelist.com/en/analysis/204792068/The_economics_of_Botnets
![Page 8: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/8.jpg)
•
•
–
–
•
–
•
–
•
–
![Page 9: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/9.jpg)
•
•
•
•
![Page 10: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/10.jpg)
•
•
•
•
•
![Page 11: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/11.jpg)
1. Spearphishing w/doc exploit
2. User opens msg3. Attacker installs
backdoor4. Attacker propagates5. Attacker elevates
![Page 12: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/12.jpg)
•
–
–
–
–
•
–McAfee Blogs – Latest Spyeye Botnet Active and Cheaper
http://blogs.mcafee.com/mcafee-labs/latest-spyeye-botnet-active-and-cheaper
Personal Research on forums and google indexed malware pricing lists
McAfee Blogs – Latest Spyeye Botnet Active and Cheaper
http://blogs.mcafee.com/mcafee-labs/latest-spyeye-botnet-active-and-cheaper
Personal Research on forums and google indexed malware pricing lists
![Page 13: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/13.jpg)
•
•
•–
•
–•
•
•
–•
![Page 14: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/14.jpg)
•
•
–
•
–
–
•
•
–
–
–
–
Security Week – Black Hole Exploithttp://www.securityweek.com/black-hole-exploit-business-savvy-cyber-gang-driving-massive-wave-fraud
GoDaddy Hostinghttp://www.godaddy.com
Gamma Internationalhttp://wiki.echelon2.org/wiki/Gamma_International
RSA Monthly Fraud Report – May 2012http://goo.gl/v6wye
Security Week – Black Hole Exploithttp://www.securityweek.com/black-hole-exploit-business-savvy-cyber-gang-driving-massive-wave-fraud
GoDaddy Hostinghttp://www.godaddy.com
Gamma Internationalhttp://wiki.echelon2.org/wiki/Gamma_International
RSA Monthly Fraud Report – May 2012http://goo.gl/v6wye
![Page 15: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/15.jpg)
•–
•–
•–
–
1YR total:$111,000
Does not include:
Cost of people
Cost of risk of illicit / illegal activity
![Page 16: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/16.jpg)
•
–
–
–
![Page 17: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/17.jpg)
•
–
•
–
•
–
![Page 18: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/18.jpg)
•
•
•
![Page 19: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/19.jpg)
$80,000
$3,450
$18,315
Initial access CVE-2013-0025
Poison Ivy
$66,000
Antivirus
Patch management, solution
$3,500Firewall
Attacker$0
Defender$171,265
SCALE500 Seats
MSF Community Edition
Maintenance (15%)
Security Engineer
![Page 20: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/20.jpg)
$167,815
$120,000
$320,000$1500
Initial access CVE-2013-0025(still free)
Exploit Kit
Everything from before
$21,700Web Proxy
Attacker$2500
Defender$645,720
Backdoor
C2
$150
$540
$538
Packer
Application Whitelisting$12,500
Head Security Engineer
5 Security engineers
![Page 21: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/21.jpg)
$642,720
$400,000
$550,000
$1,500,000
$2,000Exploit Kit
Everything from before
$28,100
SIEM
Attacker$110,000
Defender$3,150,000
0day
C2
$4,239
$90,000
$13,364 NIDS
$16,000
10 Security Engineers
HIDS$???
$??????
Commercial Backdoor
“There are known knowns; there are things
we know we know.
We also know there are known unknowns;
that is to say, we know there are some
things we do not know.
But there are also unknown unknowns –
the ones we don’t know we don’t know.”
~US SECDEF Donald Rumsfeld2 SIEM Engineers
![Page 22: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/22.jpg)
![Page 23: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/23.jpg)
![Page 24: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/24.jpg)
![Page 25: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/25.jpg)
![Page 26: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/26.jpg)
![Page 27: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/27.jpg)
•
•
–
–
–
•
–
–
![Page 28: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/28.jpg)
•
•
•
•
•
![Page 29: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/29.jpg)
![Page 30: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/30.jpg)
![Page 31: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/31.jpg)
•
–
–
–
–
![Page 32: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/32.jpg)
•
•
•
•
•
![Page 33: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/33.jpg)
•
•
•
![Page 34: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/34.jpg)
•
–
![Page 35: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/35.jpg)
•
–
–
![Page 36: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/36.jpg)
–
–
![Page 37: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/37.jpg)
•
•
![Page 38: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/38.jpg)
•
–
–
–
![Page 39: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/39.jpg)
•
•
•
•
![Page 40: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/40.jpg)
•
•
•
•
![Page 41: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/41.jpg)
•
–
–
•
•
•
![Page 42: Insert awesome quote - · PDF file“Hacker Forums” and online advertisements ... RSA Monthly Fraud Report –May 2012 ... 10/23/2014 11:31:16 AM](https://reader031.vdocuments.net/reader031/viewer/2022021817/5aa1deac7f8b9ada698c2f02/html5/thumbnails/42.jpg)
@wepIVblog.blackthc.com