Cyber Crime Trends
Iain Campbell
iain@criticalid.net
The New Landscape
• Deperimeterisation
• Social Media:
Miracle or Menace?
• Where is my data?
The Rise of the Targeted attack
www.criticalid.net
Types of Cyber Attacks
Nuisance
Economic
Espionage
Objective
Launch
Points,
nuisance
Economic
Advantage,
theft of IP
Financial
Gain
Defamation,
Publicity
Example
Botnet, Spam
Advance
Persistent
Threat
Credit Card
Theft
Anonymous
Targeted
X
√
√
√
Persistent
X
√
√
X
www.criticalid.net
Organised Hacktivists
Crime
2013 Data Breach Investigations Report
http://www.verizonenterprise.com/DBIR/2013/
www.criticalid.net
2013 Data Breach Investigations Report
http://www.verizonenterprise.com/DBIR/2013/
www.criticalid.net
Who wants my data?
19th February 2013: APT1: Exposing
One of China's Cyber Espionage Units
Mandiant tracked Comment Crew for 6yrs
identifying 141 attacks called APT 1
3000 indicators (domain, IP, MD5) to
identify attack source all led to Pudong
district of Shanghai, outside HQ of unit
61398
Comment Crew launched RSA attack
the volume and sophistication of the
attacks so intense that they threaten
the fundamental relationship
between Washington and Beijing.
Unit 61398 of the People’s Liberation Army,
tasked with ”computer network operations”.
http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf
www.criticalid.net
Who else wants my data?
Utah Data Center
• Every cell phone call in Bahamas “archived”
• Call records of almost everyone inside the United States “collected”
• Gmail “backdoor access”, Microsoft encryption weakened, denies data center access
• RSA received $10 million to weaken encryption
• Truecrypt mysteriously goes offline
www.criticalid.net
Next Generation attacks
Google's security team reported Heartbleed on April 1
Affects OpenSSL
April 2014
17% of the Internet's secure web servers were vulnerable,
at time of disclosure on 7th April
Bug deemed as catastrophic, and incidents included:
Canada Revenue Agency, Community Health Systems (US),
Massive password changes required including Akamai,
Ars Technica, Bitbucket, BrandVerity, Freenode, GitHub, Mojang,
Mumsnet, Pinterest, Reddit, SourceForge, Tumblr, etc...
Shellshock: 'bigger than Heartbleed' 25 September 2014!
www.criticalid.net
What about South Africa?
Bank card details leaked - PASA
“There are indications at this stage that only a
limited number of card details have been accessed
by outside organisations, and as a result limited
fraud has been perpetrated" – Payment Association
of South Africa,
CEO Walter Volke
“The card data emanating from these online
transactions seems to have been stored in a manner
which does not meet the stringent security
standards expected by PASA”
There was no need for “undue concern”
www.iol.co.za/news/south-africa/bank-card-detailsleaked-pasa-1.1420656
www.criticalid.net
November 9 2012
What about South Africa?
Dexter infects Point of Sale terminals
PASA, card schemes and SA’s major banks have
taken immediate steps to prevent a further
leakage of card details because of a security
lapse at a company processing transactions.
“All the fast-food retailers have been cleaned
out as far as possible, and certainly no one will
be out of pocket [as the banks will honour
losses].”
Unique variant used in SA, original emerged in
December 2012.
How did the data get out? & who is liable?
http://www.techcentral.co.za/sa-banks-in-massivedata-breach/44338/
www.criticalid.net
October 15 2013
Designed to elicit disclosure of timely, comprehensive, and accurate
information about risks and events that a reasonable investor would consider
important to an investment decision.
Should review, the adequacy of their disclosure relating to cybersecurity risks
and cyber incidents, if the costs or consequences with one or more known
incidents or the risk of potential incidents represent a material event
(i.e. may reasonably be expected to affect the company's stock price)
Estimate the impact of cyber incidents and the consequences of failing to
implement adequate security. Go beyond privacy, to key operational issues
http://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm
www.criticalid.net
Where is the Risk?
 Market risk:
 Dealstream collapse in 2008
 VOX telecom exposure of R30 million
 Single Stock Futures gives ABSA R1.4 billion liability
 Credit Risk:
 Standard Bank vehicle finance: R504m impairment loss in
FY to June 2014
 African Bank: R6.4 billion
 What about cyber crime losses and risk exposure?
 SABRIC estimates R480 million card fraud losses in 2013
http://www.iol.co.za/dailynews/news/sa-lost-r480m-to-card-fraud-1.1610443
www.criticalid.net
Conclusion
• Payment systems are top target of attacks
• New threat environment:
•
•
•
•
Next generation systemic vulnerabilities
Shellshock: 'bigger than Heartbleed'
25 September 2014!
Encryption is no longer safe?
Changing legal framework
• New legal implications for data breaches
Are you ready for a Security Breach?
www.criticalid.net
THANK YOU
Iain Campbell
iain@criticalid.net
079 015 1905