|
|
|
|
|
|
| ISP Resources |
| ISP-Lists ISP Glossary ISP News The List ISPCON Events Free Newsletters |
|
|
|
||
| internet.commerce | ||
|
Partner With Us |
WSTA Threat Seminar:
Cybercrime
"I'm working to identify the people who might attack you," he said, before telling how he does it and who they are.
|
|
|
The Wall Street Technology Association (WSTA) on Threat Management and Information Security featured many speakers. John Ramsey, CTO of Atlanta, Ga.-based security service provider SecureWorks.
"I'm working to identify the people who might attack you," he said.
Know the past before you look at the future
But first, a little history. He identified four generations of attackers:
Generation one was people who acted to destroy. They were acting out. They were juvenile and often put their names in the viruses they spread. This made it easy to find them.
Generation two were theorists. They did proof of concept attacks. They were still amateurs.
Generation three saw the emergence of the cybergang. The most notorious at the moment is the gang that was recently sentenced to Siberia. Ramsey said their leader is still at large.
Generation four is the arrival of organized crime. The notorious case of Yeron Belondi is one such. Ramsey said that Belondi and an accomplice had agreed to work for a gangster and tried to take some of the money for themselves. When the accomplice was murdered in a gang hit, Belondi realized he'd be safer in jail and turned himself in to the police. Usually, generation four doesn't get caught.
A new generation
Because organized criminals, or people who hope to do business with organized crime, are behind the latest generation of attacks, the latest attacks are designed to be unseen. "It doesn't disable anti-malware software anymore; it reports the attempts of the anti-malware software to disable it," he said.
The new generation is building an underground market for criminal acts. There are social networks, there are auction sites, and there are other innovations. Ramsey said that police recently obtained a 3.3 GB hard drive containing about 10,000 accounts from several hundred machines obtained over seven days. The machine was set up as a website and criminals could log in and purchase accounts on an open market. He called this a "drop box."
Attackers are hijacking trusted sites and injecting attack vectors into them (most famously, this happened to the Miami Dolphins' stadium website last year).
"A credit card number is worth $1 to $6, a Skype account is worth $12, and a World of Warcraft Account is worth $10. A PayPal account with a verified balance can sell for $50 to $500."
Defense
So how do we stop this new generation? "In order to prevent today's more targeted attacks, we need to know what malware is being used and what vulnerabilities are targeted. We do this (working with law enforcement) by infiltrating chat rooms, for example. We identify the people who are going to attack you."
Conducting this reconnaissance is vital to winning this generation of the war. Who knows what they'll think of next?
— End
| Related articles: | ||
| [Feb. 14, 2008] | Wall Street Technology Association: Threat Management Overview |
|
| [Dec. 18, 2007] | Cisco and IronPort: Filters Are Not Enough | |
| [Aug. 11, 2005] | Editorial: Joy at the Death of a Spammer | |
|
|
|
| Best of ISP-Planet | ||
|---|---|---|
|
ISP-Planet
Guide
ISP-Planet's Principal Studies Directories:
Q2 2008 Top U.S. ISPs by Subscriber (Updated 08/29/2008)
ISP-Planet's Blogroll | ||
ISP-Planet's
RSS feed
