3. The Month in Numbers
The global price tag of consumer cybercrime
• $113BN enough to host the 2012 London Olympics nearly 10 times
over
• 212 million (11,000 malicious network requests a second) cyber
attacks on the official website during 2012 Olympic and Para-Olympic
Games
• $298 - average cost per victim (represents a 50 percent increase over
2012)
The scale of consumer cybercrime
• 378 million victims per year - nearly 2.8 times as many babies born
each year
• 1 million+ victims per day - enough to fill Wembley football stadium
(London, England) more than 10 times over
Website Security Threats: November 2013 Update
4. The month in numbers continued…..
22 hours Average time for malware
distributors to exploit news events
8 out of 10 malware infections
involve Trojans
46% of firms believe they are “very
vulnerable” or “vulnerable” to an
insider attack.
Website Security Threats: November 2013 Update
5. Ransomware
• New variant encrypts data files
• Uses strong encryption algorithms
• Demands payment in
Bitcoins/MoneyPak
• Pay €300 or keys destroyed
• No guarantee – so don’t pay!
Website Security Threats: November 2013 Update
6. Phishing
• Campaign to harvest Apple IDs
– “Your Apple ID has been frozen
temporarily”
– Links to a website where accounts
can be ‘re-accessed’
– Email sent just after latest OS
download
• “Ghost Brokers”
– Taking advantage of high
insurance prices for young drivers
– Advertised online and offline
– Victims often don’t realise
Website Security Threats: November 2013 Update
7. Hacking the internet of things
• Electricity substations – targeted
• Lack physical and infrastructure
hardening makes for a soft target
• Carmel Tunnel toll road targeted in Israel
• Road closed for 20 mins one day, 8 hours the next
Website Security Threats: November 2013 Update
8. Stranger than Fiction
• Could Dick Cheney have been hacked?
– Feared terrorists might hack his implanted
medical device
– Dr turned off wireless capabilities
– Hard-coded password flaw in 300 medical
devices from 40 vendors
• Beware of your Kettle!
– Kettles and irons found in customs with
spyware chips
– Can exploit Wi-Fi without passwords
– Sends data to foreign servers
Website Security Threats: November 2013 Update
9. Toolkits: Try before you buy…
•
•
•
•
Trial software for free
Basic license costs $500
Full license costs $950.
Discounts are offered to
owners of other DDoS
toolkits such as Dirt Jumper
Website Security Threats: November 2013 Update
10. Updates from previous webinars
• WordPress 3.7 (aka Basie)
– Attempts to improve security
– “Updates while you sleep”
– Remains to be seen if this helps with
plugin issues
• Criminals Hit the ATM Jackpot
– Technical characteristics of
Backdoor.Ploutus
– Actions performed
– Interactions through keypad and
GUI
Website Security Threats: November 2013 Update
11. Good News
• Silk Road “Mastermind” not so Smart
– Five stupid things Dread Pirate Roberts did to
get arrested
• TorRAT
– Dutch police arrest four men involved in largescale digital fraud and money laundering
– 150 fraudulent transactions worth €1 million
– Spear phishing was used to install malicious
TorRAT malware onto victims' computers
• Blackhole and Cool malware exploit kit
suspect arrested
– Alias Paunch
– “If it’s true…it’s a very big deal”
Website Security Threats: November 2013 Update
12. Link Glossary (Press Print screen now)
• BT Cyber Attacks:
– http://www.computerweekly.com/news/2240208217/Olympic-cybersecurity-down-to-design-and-testing-says-BT
• Norton Cybercrime Report 2013
– http://www.symantec.com/about/news/release/article.jsp?prid=2013100
1_01
• Vulnerabilities in Power stations
– http://www.wired.com/threatlevel/2013/10/ics/
• Guardian Article - Five stupid things Dread Pirate Roberts did
– http://www.theguardian.com/technology/2013/oct/03/five-stupidthings-dread-pirate-roberts-did-to-get-arrested
• Mexican ATM blog post
– http://www.symantec.com/connect/blogs/criminals-hit-atm-jackpot
Website Security Threats: November 2013 Update