Cybercrime Prevention from the Perspective of Anti-Cyber-Attack Technology ——The Thinking and Practice of the Enterprise

Total Page:16

File Type:pdf, Size:1020Kb

Cybercrime Prevention from the Perspective of Anti-Cyber-Attack Technology ——The Thinking and Practice of the Enterprise Cybercrime Prevention from the Perspective of Anti-cyber-attack Technology ——the Thinking and Practice of the Enterprise Dr. Liyun HAN 360 Dipper Research, the Future Security Labs 2020.07.29 @ UN IEG ConFerence The Overall Scale of Cyber Underground Economy Top companies paying for cyber security $25/min vulnerabilities per minute in 2018 Global economic loss per minute $ 2.9 million/min due to cybercrime in 2018 Estimated global economic loss per minute $ 222184/min due to ransomware attacks in 2019 From:The Cybersecurity Law Research Center of the Third Research Institute of the Ministry of Public Security P.R.C. 02. 360 Mobile Guard Statistics: Mobile Malware Unit:10 thousand 03. 360 Mobile Guard Statistics: Internet Fraud 04. How to Understand Cyber crime? Typical Cybercrime Typical Characteristic Industrialization, the chain is long and tight ① Traditional E-crime • The upper reaches: the hackers to provide technologies • The middle reaches: black production gangs • The lower reaches: various related organizations who support Tech:Fake IP address, URL redirection, botnet black production gangs. Crime:Telecom fraud, Internet gambling, spreading pornography via chatroom, online social suicide, Grouped Form copyright infringement It involves cross-department, cross-industry, cross-platform and even cross-border criminal actions, forming a close network loop Crime enabled by hacking and defense ② technology Tech :exploiting Vulnerabilities, ransomware, Increasingly enhanced technical means Malicious Trojan and anti-reconnaissance capabilities Crime :Illegal intrusion, control, and destruction of computer information systems, stealing data, production and spread of viruses, and paralysis of 05. systems Long Chain Attack by Hacker Penetration Target to attack Serious security incidents may happen thoughthe the hacker’s behavior in the intranet environment seems to be legal. Criminal Intranet Exploiting vulnerability Send messages Obtain legal with legal identity credentials to Production Smart entry Appliances shutdown Get phone permissions by Malicious OA server Industrial Trojan Control Server Obtain valid credentials and legally entry 06. Employee’s phone Black Production Chain of Malware 01 Exploiting the malicious Trojan ① Remote control ② Traffic hijacking 03 ③ Botnet ④ Hacking 02 ⑤ Malicious downloading Main types of cybercrime Spreading via smartphone ① DDOS attack, traffic hijacking ① Downloading maliciously implanted viruses ② Illegal trading of personal through APP information stolen by malicious ② Spreading malware through mobile web pages programs ③ Spreading malware through scanning QR codes ③ Use malware as tools to by mobile phone users implement fraud and extortion ④ Spreading through communication software email 07. Three Key Steps for Cyber Crime Governance 1 Individual 2 Governance of Public 3 The judicial Protection Network Environment punishment Prevention can kill crime in the cradle The key influencing factor of prevention is the capability Network attack and defense tech To Improve the pre-capability and the capability of identifying, detecting, responding and controlling 08. Case:Anti-phishing Websites Protection Protection Detection § All round blocking phishing websites § Accurately detecting phishing sites § For PCs and mobile devices § Detecting the rogue base station § Blocking phishing websites through threat intelligence sharing mechanism and reporting in real time Investigation & Analysis § Real-time query of phishing websites § Malicious sample storage 09. § Customized report Technology-driven Cybercrime Prevention Big data analysis Security analysis and response Identification, detection, platform interception during anti-fraud, Multi-dimensional detection anti-gambling, anti-pornography Financial fraud prevention engine and others underground economy platform industry combating process Vulnerability mining Telecom fraud prevention PC & mobile endpoint Security enhancement in protection technology industrial internet and various Microscope APP fields of information scanning platform Traffic monitoring infrastructure, such as BFSI, server provider, Energy and Deception defense Cloud security service others. Technology Platform Crime prevention scenario 010. Cases and efforts of 360 1 Malware Blocking 110 million times per day Discovered more than 2,000 CVE vulnerabilities from mainstream global vendors including Apple, Google, Microsoft, 2 Vulnerability Discovering Huawei, Qualcomm, VMWare, etc, and assisted them in vulnerability location and repair, which can reduces the possibility of criminals exploiting vulnerabilities to commit crimes Committed to cybersecurity education for 3 360 University of Cybersecurity users and cyber security practitioner in China and some developing countries 011. Responsibility · Cooperation · Ecosystem 预防与打 击结合 Combination High-level responsibility of Prevention promote the industrial safety ecosystem l The Security + Internet Combating Multi- Public Responsibility participating Innovative And l Prevent cybercrime Technology collaborative 多方 Platform ecosystem 协同 Industry Collaboration 合作 创新型 l Security data sharing 技术平台 l Promote industry safety standards 产学界 Platform Responsibility 交流 Communication l Security technology operation and maintenance with Academia l Platform information governance and Industry 012. We are looking forward to the further discussion and research with you. Email: Dr. HAN Liyun [email protected] THANKS For academic cooperation please contact via: [email protected] FUTURE SECURITY LABS the infinite future.
Recommended publications
  • Flipping 419 Cybercrime Scams: Targeting the Weak and the Vulnerable
    Flipping 419 Cybercrime Scams: Targeting the Weak and the Vulnerable Gibson Mba Jeremiah Onaolapo Royal Holloway University College London University of London Gianluca Stringhini Lorenzo Cavallaro University College London Royal Holloway University of London ABSTRACT ans living in Nigeria. While the long history and advanced Most of cyberscam-related studies focus on threats perpe- use of Information and Communication Technology (ICT) trated against the Western society, with a particular atten- in the Western societies justify the large body of literature tion to the USA and Europe. Regrettably, no research has dealing with its misuse, the absence of detailed studies on been done on scams targeting African countries, especially other regions, such as Africa, creates the impression that Nigeria, where the notorious and (in)famous 419 advanced- these societies are immune from cyber attacks. On the con- fee scam, targeted towards other countries, originated. How- trary, there is more happening out there that has not been ever, as we know, cybercrime is a global problem affecting brought to the attention of the concerned public. Our study all parties. In this study, we investigate a form of advance aims at bridging this gap, i.e., the paucity of African unique fee fraud scam unique to Nigeria and targeted at Nigerians, contribution to the global cybercrime, by studying in de- but unknown to the Western world. For the study, we rely tail a form of 419 (advance fee fraud) scam unknown to the substantially on almost two years worth of data harvested West but unique to Africa|Nigeria in particular|targeted from an online discussion forum used by criminals.
    [Show full text]
  • Mcafee Potentially Unwanted Programs (PUP) Policy March, 2018
    POLICY McAfee Potentially Unwanted Programs (PUP) Policy March, 2018 McAfee recognizes that legitimate technologies such as commercial, shareware, freeware, or open source products may provide a value or benefit to a user. However, if these technologies also pose a risk to the user or their system, then users should consent to the behaviors exhibited by the software, understand the risks, and have adequate control over the technology. McAfee refers to technologies with these characteristics as “potentially unwanted program(s),” or “PUP(s).” The McAfee® PUP detection policy is based on the process includes assessing the risks to privacy, security, premise that users should understand what is being performance, and stability associated with the following: installed on their systems and be notified when a ■ Distribution: how users obtain the software including technology poses a risk to their system or privacy. advertisements, interstitials, landing-pages, linking, PUP detection and removal is intended to provide and bundling notification to our users when a software program or technology lacks sufficient notification or control over ■ Installation: whether the user can make an informed the software or fails to adequately gain user consent to decision about the software installation or add- the risks posed by the technology. McAfee Labs is the ons and can adequately back out of any undesired McAfee team responsible for researching and analyzing installations technologies for PUP characteristics. ■ Run-Time Behaviors: the behaviors exhibited by the technology including advertisements, deception, and McAfee Labs evaluates technologies to assess any impacts to privacy and security risks exhibited by the technology against the degree of user notification and control over the technology.
    [Show full text]
  • Trojans and Malware on the Internet an Update
    Attitude Adjustment: Trojans and Malware on the Internet An Update Sarah Gordon and David Chess IBM Thomas J. Watson Research Center Yorktown Heights, NY Abstract This paper continues our examination of Trojan horses on the Internet; their prevalence, technical structure and impact. It explores the type and scope of threats encountered on the Internet - throughout history until today. It examines user attitudes and considers ways in which those attitudes can actively affect your organization’s vulnerability to Trojanizations of various types. It discusses the status of hostile active content on the Internet, including threats from Java and ActiveX, and re-examines the impact of these types of threats to Internet users in the real world. Observations related to the role of the antivirus industry in solving the problem are considered. Throughout the paper, technical and policy based strategies for minimizing the risk of damage from various types of Trojan horses on the Internet are presented This paper represents an update and summary of our research from Where There's Smoke There's Mirrors: The Truth About Trojan Horses on the Internet, presented at the Eighth International Virus Bulletin Conference in Munich Germany, October 1998, and Attitude Adjustment: Trojans and Malware on the Internet, presented at the European Institute for Computer Antivirus Research in Aalborg, Denmark, March 1999. Significant portions of those works are included here in original form. Descriptors: fidonet, internet, password stealing trojan, trojanized system, trojanized application, user behavior, java, activex, security policy, trojan horse, computer virus Attitude Adjustment: Trojans and Malware on the Internet Trojans On the Internet… Ever since the city of Troy was sacked by way of the apparently innocuous but ultimately deadly Trojan horse, the term has been used to talk about something that appears to be beneficial, but which hides an attack within.
    [Show full text]
  • Hacks, Leaks and Disruptions | Russian Cyber Strategies
    CHAILLOT PAPER Nº 148 — October 2018 Hacks, leaks and disruptions Russian cyber strategies EDITED BY Nicu Popescu and Stanislav Secrieru WITH CONTRIBUTIONS FROM Siim Alatalu, Irina Borogan, Elena Chernenko, Sven Herpig, Oscar Jonsson, Xymena Kurowska, Jarno Limnell, Patryk Pawlak, Piret Pernik, Thomas Reinhold, Anatoly Reshetnikov, Andrei Soldatov and Jean-Baptiste Jeangène Vilmer Chaillot Papers HACKS, LEAKS AND DISRUPTIONS RUSSIAN CYBER STRATEGIES Edited by Nicu Popescu and Stanislav Secrieru CHAILLOT PAPERS October 2018 148 Disclaimer The views expressed in this Chaillot Paper are solely those of the authors and do not necessarily reflect the views of the Institute or of the European Union. European Union Institute for Security Studies Paris Director: Gustav Lindstrom © EU Institute for Security Studies, 2018. Reproduction is authorised, provided prior permission is sought from the Institute and the source is acknowledged, save where otherwise stated. Contents Executive summary 5 Introduction: Russia’s cyber prowess – where, how and what for? 9 Nicu Popescu and Stanislav Secrieru Russia’s cyber posture Russia’s approach to cyber: the best defence is a good offence 15 1 Andrei Soldatov and Irina Borogan Russia’s trolling complex at home and abroad 25 2 Xymena Kurowska and Anatoly Reshetnikov Spotting the bear: credible attribution and Russian 3 operations in cyberspace 33 Sven Herpig and Thomas Reinhold Russia’s cyber diplomacy 43 4 Elena Chernenko Case studies of Russian cyberattacks The early days of cyberattacks: 5 the cases of Estonia,
    [Show full text]
  • The Ethics of Cyberwarfare Randall R
    This article was downloaded by: [University of Pennsylvania] On: 28 February 2013, At: 08:22 Publisher: Routledge Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK Journal of Military Ethics Publication details, including instructions for authors and subscription information: http://www.tandfonline.com/loi/smil20 The Ethics of Cyberwarfare Randall R. Dipert a a SUNY (State University of New York) at Buffalo, NY, USA Version of record first published: 16 Dec 2010. To cite this article: Randall R. Dipert (2010): The Ethics of Cyberwarfare, Journal of Military Ethics, 9:4, 384-410 To link to this article: http://dx.doi.org/10.1080/15027570.2010.536404 PLEASE SCROLL DOWN FOR ARTICLE Full terms and conditions of use: http://www.tandfonline.com/page/terms-and- conditions This article may be used for research, teaching, and private study purposes. Any substantial or systematic reproduction, redistribution, reselling, loan, sub-licensing, systematic supply, or distribution in any form to anyone is expressly forbidden. The publisher does not give any warranty express or implied or make any representation that the contents will be complete or accurate or up to date. The accuracy of any instructions, formulae, and drug doses should be independently verified with primary sources. The publisher shall not be liable for any loss, actions, claims, proceedings, demand, or costs or damages whatsoever or howsoever caused arising directly or indirectly in connection with or arising out of the use of this material. Journal of Military Ethics, Vol. 9, No. 4, 384Á410, 2010 The Ethics of Cyberwarfare RANDALL R.
    [Show full text]
  • (Malicious Software) Installed on Your Computer Without Your Consent to Monitor Or Control Your Computer Use
    Spyware is a type of malware (malicious software) installed on your computer without your consent to monitor or control your computer use. Clues that spyware is on a computer may include a barrage of pop-ups, a browser that takes you to sites you don't want, unexpected toolbars or icons on your computer screen, keys that don't work, random error messages, and sluggish performance when opening programs or saving files. In some cases, there may be no symptoms at all. While the term spyware suggests that software that secretly monitors the user's computing, the functions of spyware extend well beyond simple monitoring. Spyware programs can: Collect information stored on the computer or attached network drives, Collect various types of personal information, such as Internet surfing habits, sites that have been visited Collect user names and passwords stored on your computer as well as those entered from the keyboard. Interfere with user control of the computer Install additional software on the computer Redirect Web browser activity. Change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs. The best defense against spyware and other unwanted software is not to download it in the first place. Here are a few helpful tips that can protect you from downloading software you don't want: Update your operating system and Web browser software, and set your browser security high enough to detect unauthorized downloads. Use anti-virus and anti-spyware, as well as a firewall software, and update them all regularly.
    [Show full text]
  • 2016 Wrap-Up Cybercrime Tactics and Techniques
    Cybercrime tactics and techniques 2016 wrap-up TABLE OF CONTENTS 01 Executive summary 02 Windows malware 05 Early 2017 Windows malware predictions 06 Mac malware 06 Early 2017 OS X malware predictions 07 Exploit kits 08 Early 2017 exploit kit predictions 09 Phishing and malspam 10 Early 2017 phishing and malspam predictions 11 Potentially Unwanted Programs 11 Early 2017 PUP predictions 12 Tech support scams 13 Early 2017 tech support scam predictions 14 Conclusion Introduction Last year was interesting for malware distribution and development. While we still experienced a flood of ransomware and immense distribution of malware using malspam/phishing/exploit kits, some major players, such as TeslaCrypt and Angler EK, vanished, while some new names dominated. In our first wrap-up of the threat landscape, we are going to cover the trends observed during the last few months of 2016, take an analyst’s view of the threats, and offer some predictions for the beginning of 2017. Moving forward, every quarter we will bring you a view of the threat landscape through the eyes of Malwarebytes researchers and analysts. Executive summary Ransomware dominated in 2016 and continued to do so However, it’s market share and capabilities are not quite into 2017. We expect to see very little variation in this at par with Angler, though this is likely going to change in early 2017, and if anything, it is getting worse. The as we expect to observe an increase in exploit kit most notable ransomware families of the end of 2016 activity by the middle of 2017. While late 2016 showed were Locky and Cerber, two very similar ransomware a decrease in the amount of malicious spam/phishing families that took the number one slot multiple times attacks targeting users in the wild, we are seeing greater during the last part of the year.
    [Show full text]
  • Lesson 6: Hacking Malware
    LESSON 6 HACKING MALWARE Lesson 6: Malware WARNING The Hacker Highschool Project is a learning tool and as with any learning tool there are dangers. Some lessons if abused may result in physical injury. Some additional dangers may also exist where there is not enough research on possible effects of emanations from particular technologies. Students using these lessons should be supervised yet encouraged to learn, try, and do. However ISECOM cannot accept responsibility for how any information herein is abused. The following lessons and workbooks are open and publicly available under the following terms and conditions of ISECOM: All works in the Hacker Highschool Project are provided for non-commercial use with elementary school students, junior high school students, and high school students whether in a public institution, private institution, or a part of home-schooling. These materials may not be reproduced for sale in any form. The provision of any class, course, training, or camp with these materials for which a fee is charged is expressly forbidden without a license including college classes, university classes, trade-school classes, summer or computer camps, and similar. To purchase a license, visit the LICENSE section of the HHS web page at http://www.hackerhighschool.org/licensing.html. The HHS Project is an open community effort and if you find value in this project we ask that you support us through the purchase of a license, a donation, or sponsorship. 2 Lesson 6: Malware Table of Contents WARNING....................................................................................................................................................2
    [Show full text]
  • Detecting Malware in TLS Traffic
    IMPERIAL COLLEGE LONDON DEPARTMENT OF COMPUTING Detecting Malware in TLS Traffic Project Report Supervisor: Author: Sergio Maffeis Olivier Roques Co-Supervisor: Marco Cova Submitted in partial fulfillment of the requirements for the MSc degree in Computing Science / Security and Reliability of Imperial College London September 2019 Abstract The use of encryption on the Internet has spread rapidly these last years, a trend encouraged by the growing concerns about online privacy. TLS (Transport Layer Security), the standard protocol for packet encryption, is now implemented by every major websites to protect users’ messages, transactions and credentials. However cybercriminals have started to incorporate TLS into their activities. An increasing number of malware leverage TLS encryption to hide their communications and to exfiltrate data to their command server, effectively bypassing traditional detection platforms. The goal of this project is to design and implement an effective alternative to the unpractical method of decrypting TLS packets’ payload before looking for signs of malware activity. This work presents a highly accurate supervised classifier that can detect malicious TLS flows in a company’s network traffic based on a set of features related to TLS, certificates and flow metadata. The classifier was trained on curated datasets of benign and malware observations, which were extracted from capture files thanks to a set of tools specially developed for this purpose. We detail in this report the complete development process, from data collection and feature extraction to model selection and performance analysis. ii Acknowledgments I would like to particularly thank Marco Cova and Sergio Maffeis, my project su- pervisors, for their valuable and continuous suggestions and for their constructive feedbacks on this project.
    [Show full text]
  • Financial Crime in the Twenty-First Century: the Rise of the Virtual Collar Criminal
    Financial crime in the twenty-first century: the rise of the virtual collar criminal REID, Alan <http://orcid.org/0000-0003-2019-5629> Available from Sheffield Hallam University Research Archive (SHURA) at: http://shura.shu.ac.uk/22836/ This document is the author deposited version. You are advised to consult the publisher's version if you wish to cite from it. Published version REID, Alan (2018). Financial crime in the twenty-first century: the rise of the virtual collar criminal. In: RYDER, Nic, (ed.) White collar crime and risk: Financial crime, corruption and the financial crisis. Palgrave Studies in Risk, Crime and Society . London, Palgrave Macmillan, 231-251. Copyright and re-use policy See http://shura.shu.ac.uk/information.html Sheffield Hallam University Research Archive http://shura.shu.ac.uk Financial crime in the 21st Century: The rise of the Virtual Collar Criminal Alan S Reid, Senior Lecturer in Law, Sheffield Hallam University Abstract This chapter introduces the phenomenon of virtual collar crime, that is quintessentially white collar crimes that are perpetrated entirely in cyberspace. Trust, trust dependency, high skill base criminals and opportunity zones were, and are, the hallmarks of white collar crime. The emerging paradigm of virtual collar crimes negates the requirement that perpetrators be highly skilled. Computer sagacity is no longer the sine qua non for cybercriminals - the phenomenon of 'Crime as a Service' has outsourced the skill requirement to third party providers of the required technological knowhow. Alongside the cascading down of such technical knowledge, twenty-first century society has driven headlong down the information superhighway, with hardly any area of human activity left unexposed to the effects of the ether.
    [Show full text]
  • Belden Intrusion Detection System
    SOLUTION BRIEF Belden Intrusion Detection System Defense-in-Depth Approach Belden IDS Protecting the security of an industrial site depends on the organization’s Customer Benefits ability to detect attacks quickly and efficiently. Intrusion detection systems » Advanced Technology (IDS) monitor network traffic and detect malicious activity. When the - Monitors 100+ industrial IDS detects a threat, it notifies the network administrator quickly so that protocols, more regularly appropriate remediation steps can be taken before disruption occurs. added Therefore, an IDS is a crucial part of the defense-in-depth approach to - Regular upgrades cybersecurity, which aims to harden industrial networks and increase provide performance improvements network uptime. » Ease of Use - Intuitive and easy-to-use How do Intrusion Detection these systems can readily detect new interface Systems work? attacks. Modern systems combine both - No additional Intrusion Detection Systems employ approaches for a better detection and configuration required different strategies to monitor network fewer false positives. after installation traffic. » Cost Effective » Signature-based IDS look for Different Types of IDS - Lower cost compared signatures of known attacks. One » A host intrusion detection system to competitors in the drawback is that these systems (HIDS) runs on all computers or market generally cannot detect new attacks. devices in the network. HIDS may be - Efficient solution, » Anomaly-based IDS detect anomalies able to detect anomalous network custom-made for or deviations from normal behavior packets that originate from inside the industrial networks in network traffic. With this strategy, organization and malicious traffic that originates from the host itself, such as FOUNDATIONAL CONTROLS FOR SECURITY, COMPLIANCE & IT OPERATIONS when the host has been infected with How Does Belden IDS Work in kill chain”—from early reconnaissance malware and is attempting to spread activity to later-stage attacks designed to other systems.
    [Show full text]
  • Hardware-Based Anti-Malware Computer Security Device
    HARDWARE-BASED ANTI-MALWARE COMPUTER SECURITY DEVICE SCILock is self-contained and • Works with all major operating systems functions independently of host • Uses no host system CPU or memory resources • Can be used across different computing platforms • Does not affect system software or application user operation SCILock is undetectable and • Presents no hardware or software signature invisible to intruders • Requires no device drivers • Fits industry standard drive bays (3.5” or 2.5”) SCILock protects against external • No program or OS running on the host can detect, reconfigure, or disable SCILock and internal threats • Requires a physical key to authorize system changes, restricting system maintenance to authorized and trusted professionals • Provides the illusion of successful attack – intruders are not alerted to blocked attempts to implant malware. • Allows for quick recovery against an attempted attack (per DoD 8500.01) – simply reboot to a known malware-free state. SCILock eliminates playing • Does not require a database of known malware to operate (as done by virus scan software) catch-up with OS or application • No product updates required software patches • No recurring or annual fees • Continues to perform after software support ends (e.g. WinXP) SCILock protects your investment • Future proofed against software/OS updates and discontinued support • Based on industry-standard SATA drive and interface protocols • Able to “recode” authentication for new deployments • Use standard hardware and software drive tools to create new system images or clean drives The CRU SCILock (a Secure Cyber Internal Lock, pronounced “sky-lock”) hardware device defends a computer system against malware, viruses, worms, spyware, and future zero-day attacks.
    [Show full text]