Cyber Threats

1
Cyber Threats

• By Intelligence Analyst
• Michael J. Grossano

2
Overview

• Role of the FBI
• Trojans
• Worms
• Phishing
• Botnets
• Cyber Terrorism
• InfraGard

3
Key Judgments

• Financial gain is the primary emerging motivation
  for hacking
• Computer expertise is not necessary
• Emergence of a division of labor
• Constant battle between good guys and bad guys
• Sharing of intelligence is necessary

4
Role of the FBI

• Computer intrusions
• Child sexual exploitation
• Intellectual property rights
• Internet fraud
• Investigation vs. intelligence

5
Trojans

• A program that appears or attempts to appear
  legitimate but contains malicious code
• A Trojan does not replicate
• Requires user interaction

6
Trojan Trends

• Websense alert 2/21/07
• Targeted users of over 50 financial institutions
• Lured to visit a web site
• Server congestion..shutdown your firewall and
  antivirus software
• Malicious files are downloaded
• When visiting one of the 50 sites the fraudulent
  HTML collects and sends logon credentials

7
Trojan Trends

• Panda Software
• Banbra.DCY
• Targets users of several foreign banking entities
• Captures login credentials
• Not a keylogger
• Captures screenshot pointer area
• AVI format

8
Trojan Trends

• Man-in-the-Browser
• Targets users of specific banking web sites
• Captures login credentials
• Logs in to the bank from victims IP address
• Transfers money from victims account to a mule
  account at the same bank
• Illegal transfer occurs while the victim is
  logged in
• User does not see this happening

9
Trojan Trends

• Five out of top ten malicious code families in
  last 6 months were Trojans
• Forty-five percent of top fifty malicious code
  samples were Trojans
• Move towards modular malicious code
• Targeting confidential information
• Polymorphic and metamorphic

10
Worms

• Self replicating
• Doesnt require user interaction
• Perform many functions
• Carry different payloads

11
Worms

• Initially created to disrupt service and cause
  loss of productivity
• Now they are stealing personal information
• Corrupt antivirus and firewall protection
• Using non-standard outbound ports
• Encrypted communications

12
Worms

• Trends
• Symantec worms made up 52 of the volume of
  malicious code threats
• Stration worm
• Shufa worm
• Netsky worm
• SMTP most common propagation
• CIFS and P2P also common and increasing

13
Phishing
14
Phishing

• Department of Justice
• Creation/use of e-mails that look like they are
  from legitimate sites
• Creation/use of web sites that look like they are
  legitimate entities
• Intent to cause users to reveal personal data

15
Phishing

• Anti-Phishing Working Group (APWG)
• Social engineering uses spoofed e-mails to lure
  consumers to counterfeit web sites
• Technical subterfuge uses malware to steal
  credentials directly from PCs
• Both methods are used to steal personal
  information

16
Phishing

• Pharming directs consumers to fraudulent sites
  without their knowledge
• Spear phishing targets a specific audience
• Vishing combines phishing with VoIP technology
• Universal Man-in-the-Middle Phishing Kit

17
Phishing

• APWG
• Most targeted sector
• February 2007

18
Botnets

• Bot client is a software program that performs
  predefined functions in an automated fashion
  operating in response to a command
• Zombies are compromised machines
• Command and control machine
• Botnet is a group of bots that answers to a
  common controller
• Botherders control botnets

19
Botnets

• Send spam
• DDoS attacks
• Store stolen information
• Store illegal content
• Botnets can be used to conduct
• almost any malicious activity.

20
Botnets

• Phishing attack
• Botherder issues commands to spam
• Spam phishing sites
• Spam job sites
• Victim discloses credentials at phishing site
• Sent to Russia via botnet
• Job recruits work as money agents
• Stolen money sent to agents
• Agents send money to Russia minus commission

21
Cyber Terrorism

• Directly cause physical harm
• Cause economic harm
• Aggravate a physical attack
• Raise funds
• Steal identities
• Use as means of communication

22
Cyber Terrorism

• In a 2005 publication, Imam Samudra urged fellow
  Muslims to become preacher, hacker, bomber, and
  fighter/killer.
• Encouraged Muslim youths to develop hacking
  skills and steal credit card numbers.
• Urged Muslim youths to learn how to obtain credit
  card numbers carding as he called it.
• If you succeed at hacking and get into carding,
  be ready to make more money within three to six
  hours than the income of an Indonesian policeman
  in six months. But do not do it for the sake of
  money.

23
Defending Yourself

• Use a firewall
• Use and update antivirus software
• Use encryption, MAC filtering, disable SSID
  broadcast when wireless
• Install security patches
• Dont open suspicious attachments or hyperlinks
• Share intelligence

24
InfraGard

• A way to counter cyber threats
• A partnership between the FBI and public sector
  and private industry
• Includes business executives, entrepreneurs,
  military and government officials, computer
  professionals, academia, state and local law
  enforcement

25
InfraGard
Sharing intelligence
With the goal of protecting our critical
infrastructure
26
InfraGard

• Web site contains FBI intelligence products and
  DHS products
• Collection of open source articles and research
  papers
• Financial and IT sectors
• www.infragard.net is national site
• www.njinfragard.org is the New Jersey chapter

27
DISCUSSION/QUESTIONS? Michael.Grossano_at_ic.fbi.gov