Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Can cyber extortion happen to you? Practical tools for assessing the threat

85 vues

Publié le

Slides from Tony Martin-Vegue's presentation at Security BSides, Seattle: February 20, 2016.

"Can cyber extortion happen to you? Practical tools for assessing the threat"

Abstract:

Ransom is more than just the stuff of Hollywood thrillers. Action packed extortion schemes are as old as history itself, but today’s criminals are trading in information. Extortion rackets such as the Ashley Madison and Sony Pictures Entertainment hacks are well-known cases and many security professionals have experienced ransom attempts of their own, ranging from CryptoWall and CryptoLocker malware to DDoS attacks that promise to continue until the attackers are paid.

This session will take a detailed look at the different threat actors that perpetrate these attacks and how companies can assess the risk and potential impact of an incident. Participants will learn how to model threats, identify assets at risk, determine the impact and calculate risk. These methods help security professionals understand the impact of various forms of cyber ransom, determine if it is applicable to their organization and how to communicate risk effectively to management.

When an organization faces a cyber ransom, quick action is needed to respond to the attackers, safeguard systems and bring systems back online. Participants will also learn how to strengthen their incident response plans and make risk-aware decisions.

Publié dans : Technologie
  • Get Automated Computer NFL,MLB,Soccer picks [$127,999 profit verified] ➤➤ http://scamcb.com/zcodesys/pdf
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • New NFL Bankroll doubler for you. Fully Verified Proof [inside] ■■■ http://ishbv.com/zcodesys/pdf
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici

Can cyber extortion happen to you? Practical tools for assessing the threat

  1. 1. #BSidesSeattle
  2. 2. ABOUT ME Tony Martin-Vegue tony.martinvegue@gmail.com www.thestandarddeviant.com @tdmv
  3. 3. AGENDA •What is extortion? •DDoS for ransom •Ransomware •Targeted victims (Sony, Ashley Madison) •Assessing the risk at your company
  4. 4. EXTORTION
  5. 5. LEGAL DEFINITION ”The obtaining of property from another induced by wrongful use of actual or threatened force, violence, or fear, or under color of official right.” - 18 U.S.C.A. §871 et seq.; §1951
  6. 6. FIRST SEXTORTION?
  7. 7. DDOS
  8. 8. Attack website with a small and short attack Simultaneous attack on others in the sector Send a ransom note demanding payment Increase DDoS attack intensity/duration OR move on ANATOMY OF AN ATTACK
  9. 9. WHY DOES IT WORK? ATTACKER • Attack is Very low cost per hour • Can attack multiple websites in the time allotted • Scalable – can scale up in bandwidth to make a point or scale down to save costs • The attacker knows what they are capable of (information asymmetry) DEFENDER • Costs a company on average of $40,000 an hour1 • Can be only or primary source of revenue • Reputational issues • Have no idea if attack is isolated or worst nightmare 1 Source: Incapsula DDoS Survey: http://lp.incapsula.com/rs/incapsulainc/images/eBook%20- %20DDoS%20Impact%20Survey.pdf
  10. 10. DD4BC Source: Recorded Future, DD4BC, Armada Collective, and the Rise of Cyber Extortion; https://www.recordedfuture.com/dd4bc-cyber-extortion/
  11. 11. TO PAY OR NOT TO PAY?
  12. 12. KNOWN PAYMENTS NITROGEN SPORTS • EU based sports betting site • Patrons pay in Bitcoin • DDoS Attacks started in September 2014 • Attackers continually asked for 2 BC • Copycats also attacked PROTON MAIL • Swiss encrypted email provider • On November 4th, 2015 they were hit with one of the largest DDoS attacks seen in Europe – 50gbps • Armada Collective demanded $6000 in ransom which was paid • A copycat attacked, hoping to get paid
  13. 13. DETECTION AND RESPONSE •Risk models should include DDoS for ransom •Cost/benefit analysis on DDoS protection services •Update incident response plans •Review and update crisis team members
  14. 14. RANSOMWARE
  15. 15. HOW IT WORKS Image Source: TrendMicro.com
  16. 16. Bad Guy
  17. 17. DETECTION AND RESPONSE
  18. 18. TO PAY OR NOT TO PAY?
  19. 19. TARGETED ATTACKS
  20. 20. ASHLEY MADISON
  21. 21. PAY THE RANSOM?
  22. 22. RISK ANALYSIS
  23. 23. ANATOMY OF A RISK ASSESSMENT Risk Loss Event Frequency Threat Event Frequency Vulnerability Threat Capability Control Strength Loss Magnitude Primary Loss Secondary Loss
  24. 24. RISK ANALYSIS •US-based credit union founded in 2008 •Has on online banking presence with several thousand customers •In 2014, was hit with one DDoS for ransom attack for 30 minutes; response costs were high but no loss of customers •Last attack, we decided to wait it out until the attackers stopped
  25. 25. THREAT EVENT FREQUENCY Threat Event Frequency Method Objectives Resources Limits
  26. 26. VULNERABILITY Vulnerability Threat Capability Control Strength The probability that an asset will be unable to resist the actions of a threat agent. Top 2% Top 16% Average Bottom 16% Bottom 2%
  27. 27. DERIVE RISK Loss Event Frequency 1x to .1x / year Vulnerability Threat Capability Low- Bottom 16% Control Strength Very Low – Only protects against the bottom 2% Probable Loss $40,000 / hour Risk ALE: 9k
  28. 28. RESIDUAL RISK Loss Event Frequency 1x to .1x / year Vulnerability Threat Capability Low- Bottom 16% Control Strength Very High – Protects against all but the top 2% Probable Loss $40,000 / hour Risk ALE: $260
  29. 29. FINAL THOUGHTS •Ransomware can and does happen to anyone – plan for it •Other types of extortion are rare, but model the threats and see if you are fit the target profile •Update your incident response plans & BC/DR plans •A good risk analysis can help execs make better decisions •Have a way for extortionists to contact you •Partner with law enforcement BEFORE something bad happens  do this Monday
  30. 30. QUESTIONS?

×