Talk by Nick Edwards of RSA around the current state of cyber-crime titled;
InTh3Wild – The current state of cybercrime
1. As the world goes mobile, cybercrime will follow
Stats and facts around mobile;
2007 – Apple introduces iPone, Google unveils Android OS
2013 – Jan – Apple hits 40 billion downloads, May – Apple hits 50 billion downloads
2012 – Android malware explodes
1 billion android devices shipped by 2018
1 million android devices currently activated / day
86% of all Android malware is repackaged versions of legitimate apps with malicious payloads
Focus of mobile malware; eCommerce, Online banking, Online trading.
– Much of the effort is around harvesting credentials rather than trying to commit fraud via the mobile app – likely due to the limited functionality of many mobile apps
2012 – 300 million mobile bankers.
2013 – 530 million mobile bankers
71% of organisations allow their users to use their own mobile devices for company business
– Even if you’re using a container technology could credentials be stolen?
– What could be harvested from ‘screen scraping;?
Games are also a common app used for attacks;
– Angry birds in space had over 150 million downloads in the first two weeks
– Only requires a very low percentage of people to install a malicious version for the malicious user to have access to many compromised devices.
Phishing / SMSishing – SMS spoofing and phishing such as sending texts that look like they come from your bank.
SMS sniffers that sniff and send your SMS details to the criminal
Voice – recent android Trojan can record phone calls – these have 2 purposes, harvesting information, and using your voice to fool biometric systems that rely on voice.
Political messages and defacements
DDoS and other malicious activities ‘for hire’
Trying to make hactivism legitimate – e.g. Anonymous creadet US ‘we the people’ petition to make DDoS a valid form of protest
Many different organisations such as Syrian Electronic Army (SEA), Anonymous, …
News sites as well as businesses are often targets
3. Account takeover
Take over of online accounts such as twitter, facebook
Tools readily available for identity theft such as components or the Zeus plugin.
– Can alert when users of compromised machines try to log onto banking sites and perform transactions etc. in real time
– Keeps records of users history so they can answer questions around user behavior etc if prompted by customer services.
Security tools need to catch up with this to start dealing with these attacks that occur in real time
4. Fraud as a Service
Cybercriminals increase effectiveness of fraud offerings
Ransomeware – scare tactics around crime and child porn etc. to extort money from users
Ransomeware – encrypts parts of or the entire computer and requires ransom to decrypt
Call centre service – fake call centres set up to call customers with compromised machines – set up locally so they sound correct and have knowledge of the local banks etc.
Analytics – crimeware now has the ability to provide ‘big data’ type analytics around its use, distribution, numbers of infected machines etc.
2014 – sneak peak;
– More sophisticated mobile malware
– Generic malware for advanced attacks
– Bitcoin’s popularity / demand for stealing
- Digital currencies and issues with them to become more prevalent
– Trojans get more sophisticated
– More breaches
Mobile is huge, criminals continue to become more organised and sophisticated with very low barriers to entry into the market.
Security must catch up!