landscape of Cybercrime
Gerhard Engelbrecht
Nedbank Business Banking
Agenda
Introduction
Perspectives on a changing world
Some recent global events
Cyber warfare
Observations from local investigations
Where to start?
Questions
We are all at risk
All credit card PIN numbers in the World leaked
The body of the message simply said 0000 0001 0002 0003 0004
We are not security
conscious
Rank PIN Frequency
1 1234 10.71%
2 1111 6.02%
3 0000 1.88%
4 1212 1.20%
5 7777 0.75%
6 1004 0.62%
7 2000 0.61%
8 4444 0.53%
9 2222 0.52%
10 6969 0.51%
11 9999 0.45%
12 3333 0.42%
13 5555 0.40%
14 6666 0.39%
15 1122 0.37%
16 1313 0.30%
17 8888 0.30%
18 4321 0.29%
19 2001 0.29%
20 1010 0.29%
Agenda
Introduction
Perspectives on a changing world
Some recent global events
Cyber warfare
Observations from local investigations
Where to start?
Questions
Perspectives on a changing world
You can't defend. You can't prevent. The only thing you can do is detect
and respond.
There are two types of encryption: one that will prevent your sister from
reading your diary and one that will prevent your government.
Bruce Schneier
Perspectives on a changing world
Advanced Persistent Threat (APT):
Organised
Long-term
Attack
You don't want to have a police state where people can access anything
they want at any time, but hacking groups typically have no such concerns
and essentially break the law to have access to this information
themselves..
Source: CBC News
Perspectives on a changing world
If we take as given that critical infrastructures are vulnerable to a cyber
terrorist attack, then the question becomes whether there are actors with
the capability and motivation to carry out such an operation.
Dorothy Denning
Agenda
Introduction
Perspectives our changing world
Some recent global events
Cyber warfare
Observations from local investigations
Where to start?
Questions
Some recent global events
Ethical hacking schools proliferating but what about informal,
unethical schools?
New attacks actively exploit and reverse the technologies designed to
protect you:
Intelligent phishing techniques
Exploitation of browsers
Remote access
$13bn invested in VC in first half 2012 ($14.7bn 2011H1) PwC,
National Venture Capital Association
$4bn for software ($2.9bn 2011H1
New strategies post anti-virus
Some recent global events
A few very recent items in the news
In Cyberattack on Saudi Firm, U.S. Sees Iran Firing Back
How millions of DSL modems were hacked in Brazil, to pay for Rio prostitutes
Shamoon' Virus Most Destructive Ever To Hit A Business, Leon Panetta Warns
World Of Warcraft Hack: Attack Kills Thousands Of Players, Destroys Several Major Cities
House Intelligence Committee Says China Tech Giants Pose National Security Threat To U.S.
Samuel Cox, U.S. Cyber Command Officier, Says China Is Targeting Pentagon Computers
Hack attack on energy giant highlights threat to critical infrastructure
DesignerWare Settlement: Companies Agree To Stop Snooping On People's Home
Computers
Twitter Hacking Victims Find Stolen Accounts Sold On Black Market
Middle East Cyber Attacks On U.S. Banks Were Highly Sophisticated
Barnes & Noble Discloses Credit Card Security Breach In 63 Stores
Suspect Named In Devastating Cyberattack On World's Most Valuable Oil Company
Some recent global events
China
Caveat: China's economic data are a bit like sausages: If you're a fan, it's
best not to scrutinize how they're made. (Wall Street Journal)
Wikipedia
Cyber warfare
North Koreas government has a significant cyber warfare capability that
it continues to improve. (October 2012)