Cyber Threats - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

Cyber Threats

Description:

Financial gain is the primary emerging motivation for hacking. Computer expertise is not necessary ... youths 'to develop hacking skills and steal credit ... – PowerPoint PPT presentation

Number of Views:1283
Avg rating:3.0/5.0
Slides: 28
Provided by: mgros
Category:

less

Transcript and Presenter's Notes

Title: Cyber Threats


1
Cyber Threats
  • By Intelligence Analyst
  • Michael J. Grossano

2
Overview
  • Role of the FBI
  • Trojans
  • Worms
  • Phishing
  • Botnets
  • Cyber Terrorism
  • InfraGard

3
Key Judgments
  • Financial gain is the primary emerging motivation
    for hacking
  • Computer expertise is not necessary
  • Emergence of a division of labor
  • Constant battle between good guys and bad guys
  • Sharing of intelligence is necessary

4
Role of the FBI
  • Computer intrusions
  • Child sexual exploitation
  • Intellectual property rights
  • Internet fraud
  • Investigation vs. intelligence

5
Trojans
  • A program that appears or attempts to appear
    legitimate but contains malicious code
  • A Trojan does not replicate
  • Requires user interaction

6
Trojan Trends
  • Websense alert 2/21/07
  • Targeted users of over 50 financial institutions
  • Lured to visit a web site
  • Server congestion..shutdown your firewall and
    antivirus software
  • Malicious files are downloaded
  • When visiting one of the 50 sites the fraudulent
    HTML collects and sends logon credentials

7
Trojan Trends
  • Panda Software
  • Banbra.DCY
  • Targets users of several foreign banking entities
  • Captures login credentials
  • Not a keylogger
  • Captures screenshot pointer area
  • AVI format

8
Trojan Trends
  • Man-in-the-Browser
  • Targets users of specific banking web sites
  • Captures login credentials
  • Logs in to the bank from victims IP address
  • Transfers money from victims account to a mule
    account at the same bank
  • Illegal transfer occurs while the victim is
    logged in
  • User does not see this happening

9
Trojan Trends
  • Five out of top ten malicious code families in
    last 6 months were Trojans
  • Forty-five percent of top fifty malicious code
    samples were Trojans
  • Move towards modular malicious code
  • Targeting confidential information
  • Polymorphic and metamorphic

10
Worms
  • Self replicating
  • Doesnt require user interaction
  • Perform many functions
  • Carry different payloads

11
Worms
  • Initially created to disrupt service and cause
    loss of productivity
  • Now they are stealing personal information
  • Corrupt antivirus and firewall protection
  • Using non-standard outbound ports
  • Encrypted communications

12
Worms
  • Trends
  • Symantec worms made up 52 of the volume of
    malicious code threats
  • Stration worm
  • Shufa worm
  • Netsky worm
  • SMTP most common propagation
  • CIFS and P2P also common and increasing

13
Phishing
14
Phishing
  • Department of Justice
  • Creation/use of e-mails that look like they are
    from legitimate sites
  • Creation/use of web sites that look like they are
    legitimate entities
  • Intent to cause users to reveal personal data

15
Phishing
  • Anti-Phishing Working Group (APWG)
  • Social engineering uses spoofed e-mails to lure
    consumers to counterfeit web sites
  • Technical subterfuge uses malware to steal
    credentials directly from PCs
  • Both methods are used to steal personal
    information

16
Phishing
  • Pharming directs consumers to fraudulent sites
    without their knowledge
  • Spear phishing targets a specific audience
  • Vishing combines phishing with VoIP technology
  • Universal Man-in-the-Middle Phishing Kit

17
Phishing
  • APWG
  • Most targeted sector
  • February 2007

18
Botnets
  • Bot client is a software program that performs
    predefined functions in an automated fashion
    operating in response to a command
  • Zombies are compromised machines
  • Command and control machine
  • Botnet is a group of bots that answers to a
    common controller
  • Botherders control botnets

19
Botnets
  • Send spam
  • DDoS attacks
  • Store stolen information
  • Store illegal content
  • Botnets can be used to conduct
  • almost any malicious activity.

20
Botnets
  • Phishing attack
  • Botherder issues commands to spam
  • Spam phishing sites
  • Spam job sites
  • Victim discloses credentials at phishing site
  • Sent to Russia via botnet
  • Job recruits work as money agents
  • Stolen money sent to agents
  • Agents send money to Russia minus commission

21
Cyber Terrorism
  • Directly cause physical harm
  • Cause economic harm
  • Aggravate a physical attack
  • Raise funds
  • Steal identities
  • Use as means of communication

22
Cyber Terrorism
  • In a 2005 publication, Imam Samudra urged fellow
    Muslims to become preacher, hacker, bomber, and
    fighter/killer.
  • Encouraged Muslim youths to develop hacking
    skills and steal credit card numbers.
  • Urged Muslim youths to learn how to obtain credit
    card numbers carding as he called it.
  • If you succeed at hacking and get into carding,
    be ready to make more money within three to six
    hours than the income of an Indonesian policeman
    in six months. But do not do it for the sake of
    money.

23
Defending Yourself
  • Use a firewall
  • Use and update antivirus software
  • Use encryption, MAC filtering, disable SSID
    broadcast when wireless
  • Install security patches
  • Dont open suspicious attachments or hyperlinks
  • Share intelligence

24
InfraGard
  • A way to counter cyber threats
  • A partnership between the FBI and public sector
    and private industry
  • Includes business executives, entrepreneurs,
    military and government officials, computer
    professionals, academia, state and local law
    enforcement

25
InfraGard
Sharing intelligence
With the goal of protecting our critical
infrastructure
26
InfraGard
  • Web site contains FBI intelligence products and
    DHS products
  • Collection of open source articles and research
    papers
  • Financial and IT sectors
  • www.infragard.net is national site
  • www.njinfragard.org is the New Jersey chapter

27
DISCUSSION/QUESTIONS? Michael.Grossano_at_ic.fbi.gov
Write a Comment
User Comments (0)
About PowerShow.com