RSA Security Summit London April 2014 – InTh3Wild – The current state of cybercrime

Talk by Nick Edwards of RSA around the current state of cyber-crime titled;

InTh3Wild – The current state of cybercrime

Trends;

1.       As the world goes mobile, cybercrime will follow

Stats and facts around mobile;

2007 – Apple introduces iPone, Google unveils Android OS

2013 – Jan – Apple hits 40 billion downloads, May – Apple hits 50 billion downloads

2012 – Android malware explodes

1 billion android devices shipped by 2018

1 million android devices currently activated / day

86% of all Android malware is repackaged versions of legitimate apps with malicious payloads

Focus of mobile malware; eCommerce, Online banking, Online trading.

–          Much of the effort is around harvesting credentials rather than trying to commit fraud via the mobile app – likely due to the limited functionality of many mobile apps

2012 – 300 million mobile bankers.

2013 – 530 million mobile bankers

71% of organisations allow their users to use their own mobile devices for company business

–          Even if you’re using a container technology could credentials be stolen?

–          What could be harvested from ‘screen scraping;?

Games are also a common app used for attacks;

–          Angry birds in space had over 150 million downloads in the first two weeks

–          Only requires a very low percentage of people to install a malicious version for the malicious user to have access to many compromised devices.

Phishing / SMSishing – SMS spoofing and phishing such as sending texts that look like they come from your bank.

SMS sniffers that sniff and send your SMS details to the criminal

Voice – recent android Trojan can record phone calls – these have 2 purposes, harvesting information, and using your voice to fool biometric systems that rely on voice.

2.       Hactivism

Political messages and defacements

DDoS and other malicious activities ‘for hire’

Trying to make hactivism legitimate – e.g. Anonymous creadet US ‘we the people’ petition to make DDoS a valid form of protest

Many different organisations such as Syrian Electronic Army (SEA), Anonymous, …

News sites as well as businesses are often targets

3.       Account takeover

Identity theft

Take over of online accounts such as twitter, facebook

Tools readily available for identity theft such as components or the Zeus plugin.

–          Can alert when users of compromised machines try to log onto banking sites and perform transactions etc. in real time

–          Keeps records of users history so they can answer questions around user behavior etc if prompted by customer services.

Security tools need to catch up with this to start dealing with these attacks that occur in real time

4.       Fraud as a Service

Cybercriminals increase effectiveness of fraud offerings

Ransomeware – scare tactics around crime and child porn etc. to extort money from users

Ransomeware – encrypts parts of or the entire computer and requires ransom to decrypt

Call centre service – fake call centres set up to call customers with compromised machines – set up locally so they sound correct and have knowledge of the local banks etc.

Analytics – crimeware now has the ability to provide ‘big data’ type analytics around its use, distribution, numbers of infected machines etc.

 

2014 – sneak peak;

–          More sophisticated mobile malware

–          Generic malware for advanced attacks

–          Bitcoin’s popularity / demand for stealing

  • Digital currencies and issues with them to become more prevalent

–          Trojans get more sophisticated

–          More breaches

Mobile is huge, criminals continue to become more organised and sophisticated with very low barriers to entry into the market.

Security must catch up!

K

 

Leave a Reply

Your email address will not be published. Required fields are marked *