DOCSLIB.ORG

Cybersecurity Landscape

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Cybersecurity Landscape Paul Love Chief Information Security Officer, CO-OP Financial Services Topics § Impact § Motivations § How § The Future § Open Q&A Cybercrime Stats Cybercrime economy is In the past year, security SMB’s are targeted 43% of expected to grow to at least breaches have increased by the time in cyber attacks 1.5 Trillion each year >11% and by 67% in the last five years Ransomware attacks to Ransomware attacks Cybercrime kits can be increase 5x by 2021 occur every 14 seconds purchased for as little as $1 on the dark web and online marketplaces Impact Average cost of a malware attack Average cost per record of a breach on a company Source: IBM 2018 Cost of a Data Breach Source: Accenture By 2021, damage related to cybercrime is projected to hit Annually Source: Cybersecurity Ventures Motivations Vernacular of Hacking Motivation Labels Skill Labels Motivation/Support § Hacker (white hat) § Elite Hacker § Lone attacker § Grey Hat § Script Kiddie § Hacktivist § Bad Hacker (black hat) § Neophyte/Noob § Nation State § Blue Hat § Organized Criminal Gangs (OCG) History 1989 1992 2001 2013 First Ransomware 1260 Polymorphic Code Red Target/Yahoo detected (PC Cyborg) Virus 2003 2014 1993 Blaster Sony 1988 First DEFCON Morris Worm Conference 2005 CardSystems 2015 1994 Solutions Ashley Madison Citibank 1986 Computer Fraud 1996 2007 2016 and Abuse Act Cryptovirology TJ Maxx Bangladesh (basis of Modern Bank Robbery Ransomware) 2009 1983 2000 Conficker Wargames ILOVEYOU 2010 Movie Worm Stuxnet 1950 1960 1970 1980 1990 2000 2010 Late 50’s – Late 70’s Late 80’s – Late 90’s 2000’s and Beyond Phreaking/System Hacking Increases Monetary/Political attacks Exploration Nation State Why § Money § Resources (medical) § Impersonation for non monetary (criminal arrest) § Extension of Political goals § Other (prestige, etc.) How Cybercrime Business Model PAST CURRENT Individual or small team who § (Cybercrime as a Service or CAAS) created malware, delivered § Project Manager malware and exploited malware. § Coder/Malware developer § Bot herder (as needed) § Intrusion Specialist § Data Miner § Money Specialist These roles can be further specialized to component parts, initial access tools all the way to full service models High Level Overview One third of all security incidents began with a phishing email Source: Trend Micro Cybercrime as a Service (CAAS) Can consist of specializations Malware as a service Counter AV as a Service Ransomware as a service Fraud as a service Escrow Services Drop Services And others Costs Type Amount Server Hacking Approximately $250 Home Computer Hacking Approximately $150 Creating Malware Approximately $200 Bulk Stolen Data depending on gigabytes stolen Hack Service Rental (depending on size) $200 - $1000 Varies depend and can include fixed fee Full project hack (end to end) or portion of proceeds Tools Networks Approaches § Deep Web § Watering Hole attacks § Dark Web/Darknet § Malvertisements § Public/Internet/Clearnet § DDOS § Botnets § Ransomware § Malware BlackHat – DefCon Security Conference § Hacker conference discussing new trends, attacks and intelligence sharing § Approximately 25,000-30,000 attendees from law enforcement, InfoSec and hacker communities. § Key learnings § Crime as a Service is growing § IoT, Vehicles and Voting Machines can be hacked in minutes § Thermostats and other IoT are susceptible to ransomware § Mobile wallets are a target. One attacker showed how a hacker could make fraudulent payments through Samsung Pay1. § Mag Stripes are susceptible to guessing (brute force) allowing attackers to create mag stripe cards on the fly for POS, hotel rooms and other uses2. 1 http://www.itproportal.com/2016/08/10/fraudulent-payments-through-samsung-pay-are-real/ 2 http://www.esecurityplanet.com/hackers/hacking-hotel-keys-and-point-of-sale-systems-at-defcon.html Information Sharing Source: https://www.hackaday.com Security Testing Tools Available Source: https://www.hak5.org/ Resource for All Skill Levels Source: https://www.darknet.org.uk/popular-posts/ The GozNym Criminal Network: How It Worked 1 Sourcing the Malware The leader of the criminal network The developer (from Orenburg, Russia) worked with coders (from Tbilisi, Georgia) leased access to create GozNym, a sophisticated piece of malware to steal to the malware from a developer. online banking credentials from victims’ computers. 2 Recruiting Accomplices The leader recruited other cybercriminals with specialized skills and services which they advertised on underground, Russian-speaking online criminal forums. 3 Covering Their Tracks The leader and his technical assistant (from Kazakhstan) worked with ’crypters’ (including one in Bali, Moldova) to crypt the malware so antivirus software would not detect it on the victims’ computers. Crypters 4 Distribution and Infection Spammers Spammers (including one in Moscow, Russia) sent phishing emails to hundreds of thousands of potential victims. The emails were designed to appear as legitimate business emails and contained a malicious link or attachment When clicked, the victims’ computer was redirected to a malicious domain on a server hosting a GozNym executable file. This file downloaded GoxNym onto the victims’ computers. Many Sites to Support Attackers Remote Administration Spreaders Other Services § Full fledged services (MAAS) § Marketing services § Training § Support Philadelphia RaaS Example (criminals) run their business the same way a legitimate software company does to sell its products and services. While it sells Philadelphia on marketplaces hidden on the Dark Web, it hosts a production-quality “intro” video on YouTube, explaining the nuts and bolts of the kit and how to customize the ransomware with a range of feature options. Source: https://nakedsecurity.sophos.com/2017/12/13/5-ransomware-as-a-service-raas-kits-sophoslabs-investigates/ Phishing as a Service Example The Fake-Game website offers VIP account for high costs (with more services available) Some statistics from this site were a total of around 60,000 subscribers and almost 680,000 credentials stolen (2016 data) Source - https://www.fortinet.com/blog/threat-research/fake-game-the-emergence-of-a-phishing-as-a-service-platform.html Ransomware as a Service Example Source: https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/free-ransomware-available-dark-web Emerging Business Models Tox – is free and only takes 20% of the ransom as it’s business model Subscription access to popular backdoor services — attacks that get around traditional security mechanisms like firewalls and other forms of authentication — can now be found for as little as 40 or 50 dollars a month. Subscriptions to phishing attacks are even cheaper, with some going for as low as just a few dollars a month. Source - https://securingtomorrow.mcafee.com/other-blogs/mcafee- Source: https://www.recordedfuture.com/crimeware-as-a-service-affordability/ labs/meet-tox-ransomware-for-the-rest-of-us/ The Future § Nation State § More sophisticated criminal networks § More focus on small to medium sized businesses as targets of opportunity How to Protect Yourself and Company § User education § Don’t click on links in emails you weren’t expecting § Don’t download or click on attachments in emails § If it feels suspicious, assume it is and contact your security team § Keep systems and antivirus patched Thank You. Paul Love Chief Information Security Officer [email protected].
Recommended publications
  • The Evolution of Ransomware

    The Evolution of Ransomware

    The evolution of ransomware SECURITY RESPONSE The evolution of ransomware Kevin Savage, Peter Coogan, Hon Lau Version 1.0 – August 6, 2015 Never before in the history of human kind have people across the world been subjected to extortion on a massive scale as they are today. CONTENTS OVERVIEW ..............................................................................3 Key information ......................................................................5 Types of ransomware .............................................................5 How ransomware has evolved ...............................................7 Targets for ransomware .......................................................13 Systems impacted by ransomware ......................................14 Ransomware: How it works ..................................................18 Ransom techniques ..............................................................27 How widespread is the problem of ransomware .................33 What does the future hold for ransomware? .......................37 Conclusion ............................................................................45 Appendix ..............................................................................47 Mitigation strategies ............................................................51 Symantec detections for common ransomware families 54 Resources .............................................................................56 OVERVIEW Never before in the history of human kind have people across the world been
  • Cyber Crime and Cyber Terrorism Investigator's Handbook

    Cyber Crime and Cyber Terrorism Investigator's Handbook

    CHAPTER Cybercrime classification and characteristics 12 Hamid Jahankhani, Ameer Al-Nemrat, Amin Hosseinian-Far INTRODUCTION The new features of crime brought about as a result of cyberspace have become known as cybercrime. Cybercrime is growing and current technical models to tackle cybercrime are in- efficient in stemming the increase in cybercrime. This serves to indicate that further preventive strategies are required in order to reduce cybercrime. Just as it is important to understand the characteristics of the criminals in order to understand the motiva- tions behind the crime and subsequently develop and deploy crime prevention strate- gies, it is also important to understand victims, i.e., the characteristics of the users of computer systems in order to understand the way these users fall victim to cybercrime. The term “cybercrime” has been used to describe a number of different concepts of varying levels of specificity. Occasionally, and at its absolute broadest, the term has been used to refer to any type of illegal activities which results in a pecuniary loss. This includes violent crimes against a person or their property such as armed robbery, vandalism, or blackmail. At its next broadest, the term has been used to refer only to nonviolent crimes that result in a pecuniary loss. This would include crimes where a financial loss was an unintended consequence of the perpetrator’s actions, or where there was no intent by the perpetrator to realize a financial gain for himself or a related party. For example, when a perpetrator hacks into a bank’s computer and either accidentally or intentionally deletes an unrelated depositor’s account records.
  • Address Munging: the Practice of Disguising, Or Munging, an E-Mail Address to Prevent It Being Automatically Collected and Used

    Address Munging: the Practice of Disguising, Or Munging, an E-Mail Address to Prevent It Being Automatically Collected and Used

    Address Munging: the practice of disguising, or munging, an e-mail address to prevent it being automatically collected and used as a target for people and organizations that send unsolicited bulk e-mail address. Adware: or advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. Some types of adware are also spyware and can be classified as privacy-invasive software. Adware is software designed to force pre-chosen ads to display on your system. Some adware is designed to be malicious and will pop up ads with such speed and frequency that they seem to be taking over everything, slowing down your system and tying up all of your system resources. When adware is coupled with spyware, it can be a frustrating ride, to say the least. Backdoor: in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device. A back door is a point of entry that circumvents normal security and can be used by a cracker to access a network or computer system. Usually back doors are created by system developers as shortcuts to speed access through security during the development stage and then are overlooked and never properly removed during final implementation.
  • Crimeware on the Net

    Crimeware on the Net

    Crimeware on the Net The “Behind the scenes” of the new web economy Iftach Ian Amit Director, Security Research – Finjan BlackHat Europe, Amsterdam 2008 Who Am I ? (iamit) • Iftach Ian Amit – In Hebrew it makes more sense… • Director Security Research @ Finjan • Various security consulting/integration gigs in the past – R&D – IT • A helping hand when needed… (IAF) 2 BlackHat Europe – Amsterdam 2008 Today’s Agenda • Terminology • Past vs. Present – 10,000 feet view • Business Impact • Key Characteristics – what does it look like? – Anti-Forensics techniques – Propagation methods • What is the motive (what are they looking for)? • Tying it all up – what does it look like when successful (video). • Anything in it for us to learn from? – Looking forward on extrusion testing methodologies 3 BlackHat Europe – Amsterdam 2008 Some Terminology • Crimeware – what we refer to most malware these days is actually crimeware – malware with specific goals for making $$$ for the attackers. • Attackers – not to be confused with malicious code writers, security researchers, hackers, crackers, etc… These guys are the Gordon Gecko‟s of the web security field. The buy low, and capitalize on the investment. • Smart (often mislead) guys write the crimeware and get paid to do so. 4 BlackHat Europe – Amsterdam 2008 How Do Cybercriminals Steal Business Data? Criminals’ activity in the cyberspace Federal Prosecutor: “Cybercrime Is Funding Organized Crime” 5 BlackHat Europe – Amsterdam 2008 The Business Impact Of Crimeware Criminals target sensitive business data
  • 7/26/2018 1 Grand Prize Don't Forget to Fill out Your Card! Overview

    7/26/2018 1 Grand Prize Don't Forget to Fill out Your Card! Overview

    The information provided here is for informational and educational purposes and current as of the date of publication. The information is not a substitute for legal advice and does 7/26/2018 not necessarily reflect the opinion or policy position of the Municipal Association of South Carolina. Consult your attorney for advice concerning specific situations. Anatomy of a Ransomware Attack Presented by Matt Hooper Session #1 Grand Prize Don't forget to fill out your card! 2 Overview Ransomware attacks are unfortunately common. Learn what they are, how to avoid an attack and what to do if your city is targeted. 3 1 7/26/2018 Security Breach Statistics . The government vertical in the US has become the largest group to suffer loss due to data breaches . On average, 57 confidential records are lost every second ...that’s 4,924,800 records per day . Almost 1.5 billion were lost in the month of March 2018 . The average cost for organizations reporting data breaches was $3.62 million dollars per breach . Security experts believe the majority of data breaches are either undetected or unreported! 4 What is Ransomware? Ransomware is a type of malicious software from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.
  • Comptia® Security+ SY0-601 Cert Guide

    Comptia® Security+ SY0-601 Cert Guide

    CompTIA® Security+ SY0-601 Cert Guide Omar Santos Ron Taylor Joseph Mlodzianowski A01_Santos_Fm_pi-plii_1.indd 1 01/06/21 2:49 pm CompTIA® Security+ SY0-601 Cert Guide Editor-in-Chief Copyright © 2022 by Pearson Education, Inc. Mark Taub All rights reserved. No part of this book shall be reproduced, stored in Product Line Manager a retrieval system, or transmitted by any means, electronic, mechanical, Brett Bartow photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the Executive Editor information contained herein. Although every precaution has been taken in Nancy Davis the preparation of this book, the publisher and author assume no respon- Development Editor sibility for errors or omissions. Nor is any liability assumed for damages Christopher A. Cleveland resulting from the use of the information contained herein. ISBN-13: 978-0-13-677031-2 Managing Editor ISBN-10: 0-13-677031-2 Sandra Schroeder Library of Congress Control Number: 2021935686 Senior Project Editor ScoutAutomatedPrintCode Tonya Simpson Copy Editor Trademarks Chuck Hutchinson All terms mentioned in this book that are known to be trademarks or ser- vice marks have been appropriately capitalized. Pearson IT Certification Indexer cannot attest to the accuracy of this information. Use of a term in this book Erika Millen should not be regarded as affecting the validity of any trademark or service mark. Proofreader Abigail Manheim Warning and Disclaimer Technical Editor Every effort has been made to make this book as complete and as accurate Chris Crayton as possible, but no warranty or fitness is implied.
  • Malware to Crimeware

    Malware to Crimeware

    I have surveyed over a decade of advances in delivery of malware. Over this daVid dittRich period, attackers have shifted to using complex, multi-phase attacks based on malware to crimeware: subtle social engineering tactics, advanced how far have they cryptographic techniques to defeat takeover gone, and how do and analysis, and highly targeted attacks we catch up? that are intended to fly below the radar of current technical defenses. I will show how Dave Dittrich is an affiliate information malicious technology combined with social security researcher in the University of manipulation is used against us and con- Washington’s Applied Physics Laboratory. He focuses on advanced malware threats and clude that this understanding might even the ethical and legal framework for respond- ing to computer network attacks. help us design our own combination of [email protected] technical and social mechanisms to better protect us. And ye shall know the truth, and the truth shall make you free. The late 1990s saw the advent of distributed and John 8:32 coordinated computer network attack tools, which were primarily used for the electronic equivalent of fist fighting in the streets. It only took a few years for criminal activity—extortion, click fraud, denial of service for competitive advantage—to appear, followed by mass theft of personal and financial data through quieter, yet still widespread and auto- mated, keystroke logging. Despite what law-abid- ing citizens would desire, crime does pay, and pay well. Today, the financial gain from criminal enter- prise allows investment of large sums of money in developing tools and operational capabilities that are increasingly sophisticated and highly targeted.
  • Zerohack Zer0pwn Youranonnews Yevgeniy Anikin Yes Men

    Zerohack Zer0pwn Youranonnews Yevgeniy Anikin Yes Men

    Zerohack Zer0Pwn YourAnonNews Yevgeniy Anikin Yes Men YamaTough Xtreme x-Leader xenu xen0nymous www.oem.com.mx www.nytimes.com/pages/world/asia/index.html www.informador.com.mx www.futuregov.asia www.cronica.com.mx www.asiapacificsecuritymagazine.com Worm Wolfy Withdrawal* WillyFoReal Wikileaks IRC 88.80.16.13/9999 IRC Channel WikiLeaks WiiSpellWhy whitekidney Wells Fargo weed WallRoad w0rmware Vulnerability Vladislav Khorokhorin Visa Inc. Virus Virgin Islands "Viewpointe Archive Services, LLC" Versability Verizon Venezuela Vegas Vatican City USB US Trust US Bankcorp Uruguay Uran0n unusedcrayon United Kingdom UnicormCr3w unfittoprint unelected.org UndisclosedAnon Ukraine UGNazi ua_musti_1905 U.S. Bankcorp TYLER Turkey trosec113 Trojan Horse Trojan Trivette TriCk Tribalzer0 Transnistria transaction Traitor traffic court Tradecraft Trade Secrets "Total System Services, Inc." Topiary Top Secret Tom Stracener TibitXimer Thumb Drive Thomson Reuters TheWikiBoat thepeoplescause the_infecti0n The Unknowns The UnderTaker The Syrian electronic army The Jokerhack Thailand ThaCosmo th3j35t3r testeux1 TEST Telecomix TehWongZ Teddy Bigglesworth TeaMp0isoN TeamHav0k Team Ghost Shell Team Digi7al tdl4 taxes TARP tango down Tampa Tammy Shapiro Taiwan Tabu T0x1c t0wN T.A.R.P. Syrian Electronic Army syndiv Symantec Corporation Switzerland Swingers Club SWIFT Sweden Swan SwaggSec Swagg Security "SunGard Data Systems, Inc." Stuxnet Stringer Streamroller Stole* Sterlok SteelAnne st0rm SQLi Spyware Spying Spydevilz Spy Camera Sposed Spook Spoofing Splendide
  • Phd Husam G201301950.Pdf

    Phd Husam G201301950.Pdf

    ©Husam Suwad 2018 iii Dedication To my Father and my Mother To my Wife and my kids Sama, Laya and Issa To my Brother and my Sisters To my homeland Halhul For the spirit of Martyrs iv ACKNOWLEDGMENTS All praise is due to ALLAH, the lord and sustainer of the worlds, for his countless favour and seeing me this far in life. I appreciate the support and prayers of my parents all through my life and specially in this work. To my family and relatives, I say thank you all for being there for me. My profound gratitude goes to my academic father Dr. Farag Azzedin for his constructive criticism, guidance, and the assistance he offered me throughout my thesis journey. I thank all my committee members Prof. Shokri Z. Selim, Dr. Mohammad Alshayeb, Dr. Moataz Ahmed, and Dr. Marwan Abu- Amara for their comments and support. Finally, I appreciate the help and efforts of Mr. Turki Al-hazmi. My special thanks go to my dear wife, and our children Sama Suwad, Laya Suwad, and Issa Suwad, for their love, care, understating, patience, and thoughts throughout the entire Phd program. To my special friend Mr. Ahmad Azzedin, my friends, and all Shami Community in KFUPM, I wish you all the best. I would like to Acknowledge KFUPM for giving me this opportunity. v TABLE OF CONTENTS ACKNOWLEDGEMENT v LIST OF TABLES xi LIST OF FIGURES xiii ABSTRACT (ENGLISH) xv ABSTRACT (ARABIC) xvi CHAPTER 1 INTRODUCTION 1 1.1 Attacks Economy Impact . .2 1.2 Need for Security . .4 1.3 Adaptive Security Life Cycle .
  • Ethical Hacking

    Ethical Hacking

    Ethical Hacking Alana Maurushat University of Ottawa Press ETHICAL HACKING ETHICAL HACKING Alana Maurushat University of Ottawa Press 2019 The University of Ottawa Press (UOP) is proud to be the oldest of the francophone university presses in Canada and the only bilingual university publisher in North America. Since 1936, UOP has been “enriching intellectual and cultural discourse” by producing peer-reviewed and award-winning books in the humanities and social sciences, in French or in English. Library and Archives Canada Cataloguing in Publication Title: Ethical hacking / Alana Maurushat. Names: Maurushat, Alana, author. Description: Includes bibliographical references. Identifiers: Canadiana (print) 20190087447 | Canadiana (ebook) 2019008748X | ISBN 9780776627915 (softcover) | ISBN 9780776627922 (PDF) | ISBN 9780776627939 (EPUB) | ISBN 9780776627946 (Kindle) Subjects: LCSH: Hacking—Moral and ethical aspects—Case studies. | LCGFT: Case studies. Classification: LCC HV6773 .M38 2019 | DDC 364.16/8—dc23 Legal Deposit: First Quarter 2019 Library and Archives Canada © Alana Maurushat, 2019, under Creative Commons License Attribution— NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) https://creativecommons.org/licenses/by-nc-sa/4.0/ Printed and bound in Canada by Gauvin Press Copy editing Robbie McCaw Proofreading Robert Ferguson Typesetting CS Cover design Édiscript enr. and Elizabeth Schwaiger Cover image Fragmented Memory by Phillip David Stearns, n.d., Personal Data, Software, Jacquard Woven Cotton. Image © Phillip David Stearns, reproduced with kind permission from the artist. The University of Ottawa Press gratefully acknowledges the support extended to its publishing list by Canadian Heritage through the Canada Book Fund, by the Canada Council for the Arts, by the Ontario Arts Council, by the Federation for the Humanities and Social Sciences through the Awards to Scholarly Publications Program, and by the University of Ottawa.
  • Welcome to the Jungle:1 the State Privacy Implications of Spam, Phishing and Spyware

    Welcome to the Jungle:1 the State Privacy Implications of Spam, Phishing and Spyware

    February 2005 Welcome to the Jungle:1 The State Privacy Implications of Spam, Phishing and Spyware Section I: An Overview It’s a Jungle Out There: In an environment in which 53% of all reported fraud complaints to the Federal Trade Commission (FTC) in 2004 were Internet-related, the Internet and email threats of spam, phishing and spyware all are real threats with real consequences.2 They are increasingly used by criminals, instead of just novice teenage hackers3 and can be lucrative alone or in furthering a larger criminal enterprise. Armed with these incentives, spammers, phishers and spyware purveyors are motivated and possess the expertise to avoid the attempts of law enforcement, industry and others to bring these threats in hand. Moreover, while banks, financial institutions, ISPs (Internet Service Providers) and even online auction site users have borne the initial brunt of threats like phishing, other sectors are becoming targets as the first wave of targeted sectors puts in place more effective security measures. This could place government and citizen information at risk of unauthorized disclosure and could lead to serious consequences, such as the release of sensitive homeland security and critical infrastructure information or personal information that could result in identity theft. In addition, spam, phishing and spyware infringe upon citizens’ perceived “right to be left alone” while surfing the Internet and using email. The fact that so many individuals’ privacy has been impacted to varying extents by these threats has compounded their significance. For example, a 2004 phishing attack spoofed4 an email from the FDIC (Federal Deposit Insurance Corporation).
  • Cryptovirology: Extortion-Based Security Threats and Countermeasures

    Cryptovirology: Extortion-Based Security Threats and Countermeasures

    Crypt ovirology : Extortion-Based Security Threats and Countermeasures* Adam Young Moti Yung Dept. of Computer Science, IBM T.J. Wi3tson Research Center Columbia University. Yorktown Heights, NY 1.0598. Abstract atomic fission is to energy production), because it al- lows people to store information securely and to con- Traditionally, cryptography and its applications are duct private communications over large distances. It defensive in nature, and provide privacy, authen tica- is therefore natural to ask, “What are the potential tion, and security to users. In this paper we present the harmful uses of Cryptograplhy?” We believe that it is idea of Cryptovirology which employs a twist on cryp- better to investigate this aspect rather than to wait tography, showing that it can also be used offensively. for such att,acks to occur. In this paper we attempt By being offensive we mean that it can be used to a first step in this directioin by presenting a set of mount extortion based attacks that cause loss of access cryptographiy-exploiting computer security attacks and to information, loss of confidentiality, and inform,ation potential countermeasures. leakage, tasks which cryptography typically prevents. In this paper we analyze potential threats and attacks The set of attacks that we present involve the that rogue use of cryptography can cause when com- unique use of strong (public key and symmetric) cryp- tographic techniques in conjunction with computer bined with rogue software (viruses, Trojan horses), and virus and Trojan horse technology. They demon- demonstrate them experimentally by presenting an im- strate how cryptography (namely, difference in com- plementation of a cryptovirus that we have tested (we putational capability) can allow an adversarial virus took careful precautions in the process to insure that writer to gain explicit access control over the data the virus remained contained).