A new generation of Internet startups is focused on converting malware infections into revenue. Who are these new CEOs, what can we learn from their business models? No longer in the shadows of the dark web, they are businessmen scaling operations and driving revenue. This session will discuss how malware is being monetized as a sustainable business, showing a realistic picture of what we’re up against.
(Source :RSA Conference USA 2017)
4. #RSAC
Malware Inc. The Business
4
30 employees
Healthcare,
vacation, lunch,
gym membership
Goal: grow distribution
and use of software
increasing LTV and ROI
2 offices located
anywhere
Revenue
2015 - $25m
2016 - $1bn
2017 - >2x growth?
5. #RSAC
Malware Inc. Products and Services
5
Software distribution
Data storage and encryption
Data collection and sales
Support services
6. #RSAC
Malware Inc. Software Distribution Q4 Recap
6
Q4 software distribution campaigns
Email delivery
• 20m emails delivered to 12m unique users
• Open rate
• Execution of the software package
• Conversion rates to paying customer
7. #RSAC
Malware Inc. Software Distribution Q4 Recap
7
Q4 software distribution campaigns
Hosted website downloads
• Automated - drive by download
• Unique users vs actual delivery/installation
• User initiated - click jacking
• CTR - Click Through Rate 0.5%
8. #RSAC
Malware Inc. Q4 Data Business
8
Q4 data collection
Mobile App distribution
Collected from 3rd parties
Service redirection
Email campaigns
9. #RSAC
Malware Inc. Bonus Payments
Over achievement on goals
Revenue exceeded target
All staff will receive a 110% bonus
We shutdown for the holidays early,
congratulations!
9
10. #RSAC
Malware Inc. Bonus Payments
Over achievement on goals
Revenue exceeded target
All staff will receive a 110% bonus
We shutdown for the holidays early,
congratulations!
10
January 17, 2017
Locky down as cybercrime takes a brief December holiday
38. #RSAC
Ransomware - 2016
#1 Threat
150 new strains of ransomware
128,108,948 x $500 =
(detections) (average ransom)
39. #RSAC
Ransomware - 2016
#1 Threat
150 new strains of ransomware
128,108,948 x $500 =
$ 64,054,474,000
105% growth year on year
(detections) (average ransom)
41. #RSAC
Combatting Ransomware
Many different forms
Scareware, screen lockers,
crypto lockers, Doxingware
Ransomware is detected on every protection
layer, including behavioral analysis
14 ‘Free’ decryption tools available
Decryption is a last resort
Not
Decryptable
, 0.565
Decryptable
, 0.3785
Plausible
Decryption ,
0.0565
41
42. #RSAC
Connected devices estimated to reach up to 50 billion by 2020
Source: Cisco IBSG Report
42
Internet of Things is Exploding
Avast Confidential
43. #RSAC
Enslaved IoT Devices
IoT attacks more frequent:
• DDoS attack on Dyn
• 900,000 Telekom routers attacked
• 2016: from more than 4.3 million routers
scanned, 48% had some security vulnerability
• More than 50% of all home routers use default
passwords
• 2 out of 5 people are unaware that their router
has an administrative interface where they can
log in to view and change their settings
• 1 out of 7 log into their router’s admin
interface weekly or monthly to check for
updates43
44. #RSAC
Avast Confidential
44
Over 400M endpoints acting as
sensors. Allow us to detect and
neutralize threats fast.
Largest, most sophisticated, most
geographically dispersed threat
detection network.
World’s largest security-centric
machine-learning network.
About Avast
Leveraging data analytics to
improve customers online lifestyle. 8,524 virtual, 2,527 physical
and 443 AWS servers
82,600 simultaneous VPN connections
2.1m DNS requests
(normal and secure) per second
3.6tr URLs processed per year
45.8m concurrent connections
Pushed 110pb of data in last three months
45. #RSAC
Best Practices for a Ransomware Defense:
45
Ensure your systems, applications and devices are fully
updated and patched
Ensure you have strong layered anti-malware security solution
Educate employees not to open suspicious attachments
Disable Microsoft Office macros by default as a policy
Keep recent backup copies, disconnected and offsite