The CyberCrime: Facts, Reasons, Trends

The CyberCrime:
Facts, Reasons,
Trends
Eugene Kaspersky
Founder & CEO
Kaspersky Lab
[email protected]
Criminal business in the internet
Without using malicious content:
• C
Carding
di
• Web
Web--fraud
• Site
Sit hacking
h ki
Using malicious content:
• Stealing confidential
or private
i t data
d t
• DDoS
DDoS--attacks
• Spam
S
• Phishing
• Etc.
Et
This is not our expertise
The Rogues’ Gallery – The Script Kiddies
Chen IngIng-Hau – 24
(Taiwan)
Jeffrey Lee Parson –
18 – (USA)
Sven Jaschan – 18 –
(Germany)
Arrested September 21
21,,
2000 for the CIH virus
Arrested August 29
29,, 2003
for the Lovesan
Lovesan..b virus
Arrested May 7, 2004 for
NetSky and Sasser viruses
The Rogues’ Gallery – Binary Thieves
Jeanson James
Ancheta – 20 (USA)
Farid Essebar -18 (Morocco), Atilla Ekici – 21
(Turkey)
Arrested November 3, 2005
for creating zombie
networks and leasing them
for spam mailing and DDoS
attacks
tt k on websites
b it
Arrested on August 26
26,, 2005 for creating zombie
networks using Mytob and Zotob (Bozori)
Bozori) worms
Reasons for E-Crime
• Profitability
• Easy to do
(technically and morally)
morally)
• Low risk business
• New services that are
profitable to attack
Reasons: Profitability
ƒBank attacks
9 2006
2005:: Nordea
2005
2006:
Sumitomo
bank
bank
(Sweden
Sweden)
– an attempt
) – 1.2
1 2 mln.
mln
to steal
. Euros
$424 mln.
mln.
(failed)
stolen (successful, under investigation)
Yaron Bolondi – 32 (Israel)
Arrested on March 16,
16, 2005 for
breaking into the network of a
London branch of Sumitomo
Bank and attempting to withdraw
£220 million from the bank's
accounts
Reasons: Profitability
ƒDOS attacks
92003 – 2004:
2004 DDoS attack on
British online bookmakers followed
by extortion
9July 20 and 21,
21, 2004 - 9 people
were arrested
t d for
f participating
ti i ti in
i th
the
attack
9October 2006 – 3 hackers from
the group were sentenced to 8
years in jail
Maria Zarubina and Timur
Arutchev organized the attack
and
d are still
ill on the
h Most
M
Wanted List.
The Birth of Ransomware
Criminal Encryption
It would take a 2.2 GHz computer 30 years to find the key
using brute force
Botnets
Massively-Multiplayer Online Games (MMORPG)
Reasons: Easy to do
• Many trojans are technically simple, easy to create and
use
• Malware is sold openly
• No feeling of guilt – the criminal doesn’t
doesn t see the victim
9 Psychologically it’s easier to steal $1000 out of a virtual
pocket than out of a real one
Reasons: Low risk business
Cybercriminals feel relatively safe because:
because:
ƒ There are gaps in some countries’ legislation
ƒ Legal authorities aren
aren’tt acting quickly enough
ƒ Victims rarely inform police about crimes
ƒ Insignificant damages – incidents are not
interesting to police (despite the huge number
of these crimes)
crimes)
ƒ The crimes are international,
international, while there’s no
Internet--Interpol
Internet
Reasons: New services
•
•
•
•
•
Internet--money and online banking
Internet
Personal and confidential data
Online games and virtual characters
Stock--exchange online agencies
Stock
And more to come…
Each new service is a new cybercrime
y
target
g
Social Networking
• Blogs, forums
• Wiki
• MySpace,
M S
YouTube?
Y T b ?
• Other online communities
CyberCrime is Big Business
• Profitability
• Easy to do
(technically and morally)
morally)
• Low risk business
• New services that are
profitable to attack
Will It Get Any Better?
ƒ Today there’s no reason to
believe
b li
that
th t the
th cybercrime
b
i
situation will improve in the
anytime soon
ƒ It is obvious that the
number of EE-Crimes will
keep growing over time
Malware proliferation in the internet
1200000
1100000
1000000
900000
800000
700000
600000
500000
400000
300000
200000
100000
0
2004
2005
2006
2007 (est.)
(
)
Source: Kaspersky Lab
At least 5 malware samples emerge in the internet every
2 minutes
Automating The Lab
Highly automated antivirus lab, which
utilizes:
ƒ Automatic malware analyzers:
• Sandbox
• Heuristic analyzers
•“Family”
“F il ” recognizer
i
• And more
ƒ Automatic detection
ƒ Automatic updates quality
control and distribution
KL protection: in-lab
180000
160000
140000
120000
100000
80000
60000
40000
20000
0
2004
2005
2006
2007
(forecast)
The number of new signatures, added into KL databases
every year
Developing State-of-the-Art Technologies
We employ standard & additional
protection technologies ƒ Signature scanner
(with quick reaction time)
ƒ Generic detection routines
(“smart” signatures)
eu st c sca
scanner
e (e
(emulation)
u at o )
ƒ Heuristic
ƒ Behaviour blocker (HIPS)
ƒ Unpacking and unarchiving
Developing State-of-the-Art Technologies
New types of threats require new
protection technologies ƒ Anti-Rootkit
ƒ Anti-Keylogger
g
ƒ Anti-Phishing
ƒ Anti-Adware
ƒ Self-Protection
Active infection”
infection healing
ƒ “Active
ƒ Other advances
Banning Together to Fight CyberCrime
Maximum protection against cybercriminals
requires:
ƒ Internet-Interpol
Needs time and concordance between all involved countries
ƒ Educating users to defend themselves
New services and new types of attacks require constant education
ƒ Effective protection technologies and products
The most effective method
Questions?
Eugene Kaspersky
Founder & CEO
Kaspersky
p
y Lab
[email protected]