BSides DC 2015 - Anatomy of Black Markets in 2015 – Strategies and Mitigation

all right i think we're going to get started a couple minutes earlier uh so got too many slides and uh actually trying to fit in live demo if everything works as well uh well hopefully everybody had a good lunch um and uh i would not uh think of uh anything else to do on sunday afternoon uh besides being here so thank you very much my name is alex holden i i work for a company called security we do lots of fun different things but what we are probably most known we are tracking the biggest breaches in the world if you heard of adobe bridge target bridge or jpmorgan chase bridge these are all findings of my company

and we know a lot about hackers at the same time we have uh normal daily stuff we do auditing we do a whole bunch of other things the coolest thing that uh we found this year in vulnerability testing for one of our clients is a way to exfortrate uh the data uh via vulnerability in that uh software that delivers faxes so we were able to do remove file inclusion um on um the way that the fax is being delivered and we can ask for uh the server to access any file from a server it's really fun it's it works it gave us lots of configuration files my fax bill was very very high but i thought that was very very cool

um it's taking the old technology and using the newest methods you can steal data however uh hackers they don't go for that they go for the easiest way to steal the information i started my career uh about 20 years ago on help desk and uh with help desk i had a lot of fun stories in the mid 90s where computers were not as prevalent i had one person call in and read me an error message i was on autopilot i said go ahead and close the window and will get started the person actually got up closed the window he was very confused why i asked him to do it but definitely not very familiar technology we had

another person who called in uh he did not have computer at all he just wanted to have an experience he want to learn and you know computer or absence of one didn't stop him from spending an hour on the phone with a help desk well just last week we have been tracking a hacker who does not have a computer he doesn't even have a phone he wanders from france house to friend's house and logs in just uh on uh uh really uh tablet that he uses only for chats and he trades on data and he's buying information in one place and they're reselling it immediately before even the transaction completes the way he talks and he the way he thinks is

definitely malicious he's trading tons of information he is selling at um a huge database of stolen uh credit cards for only two thousand dollars and he's reselling it for about uh 20 000 without ever having a computer hackers are evolving they're different and they're completely not what we think about this is kind of my idea who the hacker can be who um you know how they think and you know their masterminds but in many cases um they're not brains they're not even pinkies in uh their set of mind let's take a look and see who they are and um who can can they be they can be very scary they can be working for an enemy state uh they can

be corporate sponsored having infinite resources and really seeing uh their what they do as a job the way to get paid to feed their families and not having any afterthoughts about victims we got hacktivists the people who hacked ashley madison they didn't ask for money they asked for recognition isis syrian electronic army and others they make political statements or are they driven by social agendas but for the most part the hackers are profit seekers it's a very easy way to get rich not doing much but using other people's gains they're not particularly stupid in doing that but they're only hell bent on making money there's a good amount of people who do malicious things on

computers for revenge and then we also have that weakest link the employees your friends your family uh you know the hackers call them meatware but these people knowingly or not may cause a lot of damage so besides showing you pictures of uh masterminds when i think about hackers nowadays i sometimes think about a young man like this sitting apparently without pants in a lobby of a hotel room hacking an atm machine from the main perspective hackers different from us they look at things that you don't usually look at when they go to a website they don't read the privacy statement of terms of service they don't understand if you have a pci compliance statement on your website

or if your site has been tested by symantec and certified to be secure for the most part they don't even speak english so they won't understand this even if they care to read it they're semi-educated they're smart enough to do certain things but they're not smart enough to create a huge web of uh crimes for the most part because uh what happens right now is that you don't have a single person who is really good at doing 20 30 different things compared to militarization ability to get into various systems and being able to do something really really good comes up with specialization of hackers and each one of them wants to do something really good in a

small domain some of them can steal credit cards it says does it speak english it says in russian that's exactly the point um but exactly um the hackers are semi-educated they're smart enough to do the crimes but that they're not uh smart enough to come up with a big uh idea they're lazy they don't try to do something uh new if they can use an old method to steal information they're also all about money they're driven for the most part by something and money usually one of their uh major drivers addictions drugs alcohol gambling you name it the modern hackers also failed quite a bit about a year ago we monitored a hacker who broke into us a

retail chain pos server he was able to dump 1.5 gigabytes of financial data some of them were unencrypted credit card numbers for some reason he was uh asking the informer he was communicating he was asking questions very simple questions what does this sequel server how do i get the data out of it what do i do with the credit card at the end at the very end of his journey he was able to create a dump file 1.5 gigabytes in size of that sql server millions of financial records last statement on this uh on uh that forum that he made is he said you know what my flash drive only has half a gigabyte free space i'm not going to download it

he closed his connection he left so looking at the crime like that it's uh really comical what's not funny is the plight of that company if a system administrator finds a data dump of entire database they see definitely the tracks left by an amateur they have to declare disaster and often at the because they don't have a way to prove that the data was never transferred from a server they definitely don't know the size of the guy's flash drive but when they get to that investigation they have to declare a total loss they have to notify the victims they have to go through remediation and that's all for not because we know for sure this guy

stopped that in its tracks so what hackers do and uh where they fail sometimes it causes immeasurable amount of pain for the companies the hackers also running away from the law even though they may be outside of a jurisdiction of the countries that they violate versus the old they still on the run from the local law because sometimes they infringe on the laws of local countries and they're extremely scared they run from competition successful hackers unknown in the community and they try to keep their dentists hidden because they've been number of uh incidents where uh the virtual crime uh and competitors led to physical violence between the hackers themselves and then also they're afraid of street

gangs in some countries like in eastern europe it's really a good thing to steal from a thief because they consider it to be not a crime street gangs know that hackers can steal much more money virtually than they can do physically and they just find these people they blackmail them they beat them up quite severely to get them to work usually give making them give the three games hundred percent of the ill gains so these hackers on the mo for the most part are scared and they're scared for good reason here's an example for of this young man who's uh solely responsible for writing malware that uh caused so much pain with a target this young man got into hacking for one

reason he got in to meet women so what lots of people do get into hacking for various things uh he is more or less unique what he figured out being an awkward teenager was a funky hairdo he found out that approaching girls in public is difficult and the girls online don't like didn't like him either so he decided to use his i.t skills to help the girls break into accounts of their significant others he used his significant skills to break into russian involvement of facebook into email systems providing the ladies with dirt on their significant others he got lots of attention from the opposite sex unfortunately as soon as the girls got what they wanted they turned a cold

shoulder by the time he figured out that that was a losing proposition for him he was already well connected to the hacker community he was recruited almost full time to work on this target project writing more he was more interested in writing exceptions and making sure that his software works across all the terminals that it does not crash the exits gracefully even if there is a problem then actually about stealing the money he uh tried to find a job a normal job based on his uh posting on freelance at that through his salary requirement was only 12 bucks an hour he didn't find a job but he caused quite a bit of grief we're dealing with

not only um enemies who try to get rich they also see us as cultural enemies and they see it um completely opposite this person is an fbi's most wanted a cyber criminal list in the private conversation back in 2010 he actually admits that he sees americans and western europeans as cultural enemies he absolutely hates us because he thinks that we all drive rolls royces and live a million dollar houses but at the same time he would not uh go against polish uh bank because he considers the his brothers the slavs uh to be righteous in that fight so this ideological war led him being uh to being a part of a gang that stole over 220 million dollars from the west

but i'm here to give you uh this kind of rundown of hackers uh fall fashions for 2015. what's cool what's not why is it interesting why is it difficult i did put this uh presentation uh together in the last couple days uh just uh for the most uh important reason to show you things that are relevant you will see the dates on some of those uh these uh screenshots that you'll see next as a couple hours ago a couple of days ago this is all real this is all very scary some of the data was altered to protect the innocent so as you take pictures if you do be very cognizant that some information may

belong to the victims uh but i'm going to talk about a couple different directions of the hackers what they do what pace and how they get around it carding is not as a big deal right now after the target breach after uh home depot breach we have a number of different individuals who stole a lot of credit cards and banks got smarter the credit cards are much better protected the bank accounts are much better protected there is a big scrutiny if 10 years ago you can steal 10 credit cards you can max out most of them within minutes to the limit and you can possibly get cash out of it nowadays you cannot get much these credit cards uh i believe the

this number is about 60 600 000 credit cards that being offered for sale um only go between one and five dollars not that much because the market is over over saturated with stolen credit cards and these stone credit cards being flagged by banks almost immediately hackers know that if they try to steal uh a thousand credit cards and and let's say each credit card has a limit of thousand dollars it's not that they stole a million dollars if they're lucky they will be able to cash them out at the tune of a thousand or two thousand dollars and paying a one dollar per card is not really a good business proposition for them and we are winning on that war

uh we are winning in this mass abuse of credit cards because credit cards stepped up to the plate but individual scams people buying one or two credit cards they still can go on the radar because they can understand whose credit card they stole they can mimic the behavior and they can most likely steal all the money from that credit card not directly they can't get cash out but can they buy goods and services around it some of the banks still allow changes of the address so the hackers go in and try to compromise those accounts they try to steal enough information to change address change the phone number and then when there is confirmation coming from credit card or bank it

actually goes to the source carding is not out completely it still um causes a lot of headache but mass exportation of credit cards is rapidly on decline something else that's been on and off for a while is identity theft identity theft is always been a big deal because individuals feel completely violated when their information is stolen at the same time the hackers actually ask for information they try to steal information as much as possible about the people so from my perspective evolution of identity theft is being automated to a degree that you wouldn't believe they finally developing apis for identity theft they have services that allows hackers other hackers to do normal queries into the database along

with the payment information along with specific information and they can get information like social security numbers date of birth sometimes credit reports we standard query via api it can be automated that density theft is getting much easier there is another concept in the credit card theft you can do it virtually you can do it physically you can steal credit card information installing schemers on the bank machines atms payment terminals and the hackers go around and they try to get the actual scheming devices installed where do they go well they go to a shop they go online and fill up their shopping cart with skimming devices and shipping is free they deliver via fedex ups usps and dhl

right to your house um they don't accept credit cards as payment um but at this at the same time they actually accept uh western union bitcoins web money perfect money and whole bunch of other uh things it's really uh scheming made easy in my practice um you know personally when i go uh to any terminals uh you know when i insert my card i kind of try to wiggle that uh terminal see if it comes off you know i'm always kind of self-conscious about that but then um about a month ago i saw this video uh this is actually a scheming machine and uh uh it really scared me so um let me see if

she plays the video so this is a insert that hackers put inside of those terminals that actually sits inside of the atm terminal or a payment terminal and as you can see it's actually allowing us to insert the card and it schemes on the inside of the atm it steals uh all the information it shows how easy the card will go and going out without any type of interaction it would steal the credit card information and at the end you would see that hackers can really seamlessly move around and insert these type of devices and remove them uh toward the end so when i saw this video i realized that i'm [ __ ] you know it's uh

there is no easy way to protect yourself against the skimmers because they're so good and they're so advanced this is how easy it is to take it out and it's so small it's uh really invisible so um the scheming is on the rise and it's been made very easy um one of the ways to deal with stone crackers is really to uh buy something get it shipped to you and uh enjoy the goods so you know really it's up that you want to buy the credit cards uh from these uh type of operations you know you can go on amazon and use american credit card and get delivery to a middle of november moldova just you can't

but the hacker is getting smarter they employ people uh in united states uh to receive the goods from amazon from other stores and they actually allow this delivery to these people um these people get labels printed from usps by fedex by ups and uh they reattach a label on the uh the box and since then they send them abroad hackers have fun with this this is a screenshot of a forum it's a guadiary gladiators arena they actually consider themselves a royalty they consider themselves people who being entertained by these gladiators uh people who reship stuff and they compete with each other who can ship more using these gladiators which gladiator will survive longer and keep

these operations um going from one perspective it's sad that they actually using human beings and they preying on the interest at the same time they actually turn this into a game and if uh gladiator is not fun enough they also have shops like this this is a russian shop not gonna translate everything but they actually consider their uh drops the reshippers uh they put i know homer simpson on their profile so you know from gladiators to uh homer simpson uh they have fun they actually steal information and they um they use uh people's gullibility and uh if anything these individuals who reship the infamy the goods are the ones maybe found liable for being complacent in the crime

the crime is also going in mass production we look we are living in age of max exploitation hackers break into the web development applications like wordpress and joomla in bulk we recently seen a list of 6.5 million wordpress sites that being targeted and successfully exploited at least 33 usernames for some kind of vulnerability but also likely to steal passwords this size of mass exploitation is easy so these uh signs being converted into pansies uh on the right uh you can see a list of uh shells the backend connections uh that these guys uh selling or even distributing for free on sites like facebook the hackers are auditing the internet they are trying to steal weak passwords across

every single ip out there they put in uh automated rdp or ssh testers and they find thousands of um vulnerable machines sometimes they find passwords that i don't didn't think were possible but their brute forcing systems are very good hackers actually enjoy reward programs they found out a while ago that hackers can move my frequent flyer miles or car rental points and they can sell it to legitimate users so if i want to take a flight uh to let's say australia and the ticket costs one thousand dollars each way it may be very expensive hackers can steal somebody else's points and they don't take much they may take a thousand points from each account so people won't

even notice anything missing but then they can buy this ticket using points and sell it to me for five hundred dollars for an entire ticket yes they're taking a huge loss um but it's not their money they're gambling with then you know if uh the reward program actually noticed that uh something was uh done fraudulently they're gonna take away the ticket of a person who wants to buy who bought that ticket so they may show up at the airport but they won't have a flight um or sit on a plane at the same time the hacker already has information of that poor sub who gave them their credit card number that was legitimately billed for

500 but now they can use that credit card or sell it in black market the reward program is getting in ridiculous space apparently uh subway restaurants in uk has a program as you spend more dollars on at subway you can get with i think three thousand all so points a free sub six inch sub for free hackers sell those coupons on the internet yes hackers like my mom do clip coupons but at the same time they sell free sub cubans with 10 to 50 cents a piece on the black market and somebody's buying them because they're saying that they sold over 10 000 coupons like that the amount the size of uh crime or criminal activity is varied and

it always surprises me hackers break into paypal or ebay accounts they establish uh something fraudulently and they have manuals uh to go through this they're very simple to use uh manuals translating the application uh word for word uh to paypal on ebay because uh apparently these sites now detect uh switching languages so they would walk out your account faster if you use something other than english so they're getting smarter they go around systems and then also this brute forcing hackers buy thousands or millions of user id and passwords and they try against various sites where they think they can profit they do more and more with same type of resources because technology is very easy

i want to spend like 30 seconds talking about the ugly uh crimes of drug trafficking you have a website actually operated in russia and it's offering based on your locale ability to buy drugs that have been stored by uh this dealers inside of um just normal everyday location so what you go do is go on this website you pick your physical location your neighborhood and then you pay the fee which is uh rather reasonable and all you get is a picture like the one on the right it basically gives you a geographical address a picture where the drugs are hidden and they offer money back if for some reason this is not it's not there

the ratings are pretty much uh along the signs of anxious list the drug dealers being really um rated based on how good they are how honest they are and how much information how often the people find their loads and uh how good the drugs are so this is very simple and it's um you know this is example in russia where they try to sell sex and drugs at the same time but these sites exist all over the world and the dealers never exposing themselves to the buyers just putting these things on the deep web and selling it in the store uh there are even instructions on how to buy uh and where to pay for these things

um in russia they have kiwi which is uh their local electronic payment system so you can actually go pay your bills and buy your drugs in the same place i want to spend some time talking about botnets botnets are things that really steal more information today than any anywhere else viruses that been built by hackers still find the home and many people get infected with on their computers uh these botnets or viruses are responsible for the biggest breaches of our time including target but hackers are getting smarter they're building better wires as they build building better botnets this is a screenshot probably very difficult to see but uh uh this this is basically a service

to uh encrypt your virus so it's not being recognized by antivirus program and place it in different locations so the victim machines can download it faster from their geographical locale you pay based on that type of encryption and a number of downloads so this is basically encrypting service what hackers are doing right now with viruses is that they don't really care about the antivirus programs because antivirus programs if they only matching on the signature the hackers are faster than antiviruses they take their militia software and they check against 20 30 40 different antivirus software every single minute they check if the signature is detectable if it is detectable because it will be eventually they don't have to upload anything else

because they have another version of the virus with a different signature already sitting on that victim's computer and all they have to do is to send a signal switch and when that happens it's very easy there are also sleepers you have backup and you have backup to backup that knows that if it's does not get communications from its main operators it will switch itself on every 24 hours and just double check if the wires have been removed so they don't really the hackers no longer disable antiviruses in some cases one hacker said that they're so much faster than antivirus why turn off good piece of software that will prevent that allows them to filter for the competition

so the information they steal is unique on people's computers mobile botnets um this is a screenshot of uh infection uh rates uh from well everything up to to date uh today um i think uh several loads that being um hidden as apks uh for android platform being distributed through uh some kind of mower campaign in amount of infections is just staggering they have basically easy grasps for the hackers themselves to monitor that progress their gains they steal anything else that you can imagine from a phone not only your payment information but sometimes your text messages sometimes it's application data sometimes it's your friends list they control horizontal and vertical they can turn on your front camera back

camera uh make volume louder so they can hear your conversation and it's all automated you can do it on a much bigger scale so let me try some to do something i have done this couple times before with various degrees of success i'm going to show you a live botnet so i'm going to try to switch over here obviously

oh here we go

so we're looking through life.net here it's location and other information is being hidden to avoid any kind of recognition um it's a botnet that was able to steal 21 million records from about 3 000 computers it gives very friendly very nice statistics for the end users it shows you how many new computers been infected their locale most of this coming from russia and ukraine it gives you very easy statistics allowing you to break it down even by a different botnet that's being operated you can look at infection rates by operating system looking at windows 7 and xp still bigger victims but windows 8 i don't see windows 10 here but i also see a couple servers

being affected as well you can look at what kind of uh bots are out there what computers being affected you can search you can re do a fair amount of research so for example if i'm going to look for servers i'm going to see a number of computers that have a server in their name i can look for pos register or something like that and now i have something to research i can uh use scripts that's where i was talking about updates and uh special uh combinations of uh applications and uh what you would be uploading what you're gonna be exporting for if you will be stealing information uh directly from the computer or if you would be using it

uh for some kind of attacks you can set up uh url uh triggers so and uh that will be delivered to you instantly via a jabber via sucks or you can even pop up in your uh remote session so you set up basically wild cards this one mostly around australia italy canada uh and walmart um but uh as information is being stolen is being delivered real time to the hackers no matter where these guys are and then there is an easier quick way to search information you can search based on already created reports cookies http https if you can find ftp logins pop3 smtp credentials vnc connections ready to use and so on and so on and so forth it's very simple it's

user friendly it's been in development for a number of years and it makes it easy to show you that the data is real i'm going to do a quick search here for a little bit of time this account is actually disabled the one that will come up but i can put a search term for example like facebook and when i do a search it comes up almost immediately with information that uh had been stolen it shows you the date it shows you uh information about uh the exploited machine it shows what's being accessed you can look at the user input you can look at what's being sent via the browser at the end you can get

all kinds of information including user ids and passwords of people who actually act submit this information it's user friendly it's uh completely removed from the users but at the same time when you look at this data you can see everything that's been stolen from that machine you can do more and more research you can see where this machine had been on our side on the good guy side where we get this information we can actually tell the company exactly oh individuals what had been stolen from them bit by bit and we can do one better we can tell them that not only it was stolen but we can also tell them that if a hacker ever actually looked at this

type of data

see

yes how can you verify that the hacker didn't look at the data there is a report you can generate was this information ever been seen in the report was it triggered or was it uh ever downloaded so um every single bit of this information is sitting in the database and the database actually had has a flag seen or not seen retrieved or not retrieved it's done so the hackers can actually share the data so they don't attack the same account over and over but at the same time it actually gives us an idea that if somebody's actually consciously seen this data or was it just a stone so it's very interesting way to quantify it

as well

so that was more or less good demo uh i want to talk about defenses i want to talk about uh what you know with all these scariest things that hackers are doing what can we do as security professionals to prevent these activities and we have technology on our side we have lots of technology that do different things and uh if used correctly it's going to make these bad guys job extremely difficult we have uh like never before uh created so many tools that almost uh certainly would stop cybercrime we just don't throw them out in the right places at the right time we don't always look at the information that they collect and in some cases we are so

afraid to break our business processes that we don't apply them at all then the next line of defense we have people we have everybody now watching the news understanding what's going on and trying to see uh what they can do to not be in the news if cybercrime happens at the same time the awareness of cyber security is high um but the hackers are still succeeding i think the last line of defense is our compliance programs we got laws we got regulations we have rules and we are improving our ability to set rules for good computing practices like never before from the top 10 list of things that we should be watching looking out for because a

number of different uh cyber crimes that i didn't mention because uh they're so prevalent but not as popular as others uh if we try to minimize viruses reuse or theft of credentials if we patch our systems and create some kind of uh safe zones for uh service providers who have our data to our customers who give us their data we would be significantly better off and this is quite a bit of undertaking a lot of companies that i talked to say that yes we have antivirus program that get catches 99 of the viruses and these customers have tens of thousands computers if you factor what 99 means it means that they have may have hundreds of computers

who still don't have up-to-date antiviruses they may still have these viruses that can operate with antivirus running without ever detecting it so we see a lot of things that you know when we focus on things we focus on different pain of the day but believe me when i tell you that these four things lead to more breaches than anything else i want you to start looking at the quantitative analysis i understand that most people deal with uh log aggregators and a lot large amounts of quantitative data analysis but uh from my perspective if you look at adobe systems sony pictures uh ashley madison breach these companies supposedly lost all their data every single bit of data that

the hackers found to be important they were able to access without any problems not only that they were able to exfortrate it uh from there the company so you know if you equate it to kind of a security of a building you you can imagine that somebody can break into your garage without much problem without ever being it at the same time when you look at the uh if amount of information was stolen from these companies it sounds like you know while everybody was in the house the bad guys managed to steal grand piano and take it out from the front door without anybody ever noticing and that's very alarming figure out statistics what's normal for

you what's that investigate it because uh in many cases when you're dealing with very sophisticated enemies like in case of a anthem breach the information that was extradited maybe completely seamlessly because the hackers were very very sophisticated but at the same time they couldn't full network statistics there would be still spikes with large amounts of information showing up in some logs so become a friend of statistics understand it embrace it because even if you can stop the crime you can identify it fast enough and fix it the other good hint is start embracing the honey pots and honey pots maybe not the systems that just attract hackers build honeypots within your components of website if

your website has a sql database behind it and you audit it make sure that there's no sql injection you probably should put a sql injection a vulnerability there not a very simple one but rather complicated and you watch if somebody finds it make sure that it doesn't expirate the data from your system but make sure that it's uh it will trigger something but that somebody is looking at your website trying to steal information and when they find something you can learn about their techniques and you can proactively defend your database against those ip addresses against those techniques if you don't have anything and just think that your database is completely secure you may be in for a big surprise

credential honeypots you guys may have large databases that have uh hundreds of thousands or millions of credentials put in a couple credentials that only you guys know about make sure they're valid and they lead nowhere that way if somebody steals that data and ever uses those credentials you know your data been stolen put these type of credentials different type different credentials obviously the ones in the batches that you give to your vendors so when you see a specific account set up for honeypot being exploited with your vendor that you gave to your vendor you definitely know what's going on some of our clients create one email account a day on their system so they know exactly

when the data was stolen because in some cases you won't see it even basic features like cross-site scripting you can control and artificially insert on your systems and you can see if somebody's trying to exploit them we've seen one company building cross-site scripting honeypot where it worked very well for anybody who's trying to build a cross-site scripting attempt but it doesn't work for anybody else from different ipads hackers were flabbergasted when they sent out their exploitation phishing email and uh it only worked uh for on their test machines it didn't for any users because uh it couldn't work only it worked for the hackers very simple hands very simple to implement but at the same time it's

actually helps quite a bit also look at your culture this chart here showing maturity level of your security program was not designed in last 10 years in fact it was designed back in 1977 i believe in carnegie mellon this concept still stands where you go from basic level of security to control standardized optimized and now you can start innovations it's very interesting that when you ask a lot of stakeholders where you are in the security process they're going to point you toward the right some of the technical people will point you toward the left figuring out where you are would help you actually create a vision of where you want to be speaking of vision you have to actually

try to see who the bad guys are we spend a good portion of this presentation looking at their gains their systems are sophisticated they spend a lot of time and resources building those systems they have i.t departments they have marketing people they have anything even graphic artists they have to help them to sell their services to a full number of people understand the landscape understand what's pertinent right now who is attacking you and why why would definitely help you to defend your infrastructure much better go for simplicity hackers though hackers for the most part would go for something simple and if you can detect that simple you can defend yourself against the the most sophisticated exploits that will follow

i'd like to use word for enemies in my presentation not because lindsay lohan coined that term but also uh because frenemies are very important we have everybody in our environment who tries to attach pieces of data uh all over it's uh our i.t departments it's our marketing it's our research it's uh vendors partners customers and our perimeter is so big don't 100 trust all these treat them as free enemies because a lot of breaches a lot of hacker activities are being helped sometimes without knowing by your friends people who have access to your system take control over systems that you have try to proactively defend and lastly look at feasible solutions most likely you have a lot of

tools already within your infrastructure help you build some of these defenses to catch some of these things some of them not being used to their full potential because of various reasons but we find that when the company looks at their infrastructure they if they come up with a good feasible way to combat things they actually show results we see a lot of security becoming a way to recover the losses it's uh in some cases in large organizations they have a keep spending money but security saving money and actually producing roi that's all i had to share with you today hopefully this was useful any questions

is there uh do you see any mechanisms for these actives authenticating their

absolutely some of those places that hackers operate they restrict you by ip address they require you to have a browser certificate for example and even when you have a browser certificate you can bypass ip restrictions it asks you not only for your username and password it also gives you a passphrase that only you would remember and it will like uh you know 20 years ago when you buy a video game it would say open to page five give me the first letter of the second word so they put a lot of things uh that make extremely difficult for security researchers to follow them and that's always an ongoing battle hackers are very sophisticated if we go to a forum

and they have uh patterns of how a person goes through a forum if we try to download all the data from the forum that's the last time i use that account because the hackers actually detect the human behavior versus machine behavior that tries to download the data how big is fishing in your presentation we saw going after credit cards we saw going after identity but are they they want it to be easy their work to be easy so are they is there only a small sect that's not fishing or is it the games the a lot of information being gathered from fishing fishing usually how the viruses get a new system uh besides a false web

advertising phishing is number one um way for these viruses to distribute themselves uh so that mobile botnet that had up to 18 000 infections in a single day it's actually all done for phishing so it's a huge vehicle for hackers still to infect people i need to be the last question in defenses you didn't mention white listing of applications at all or if you did that i was looking at the camera when you did what would you like to talk about that is the last question white listing is a difficult task it works for pos quite easily if you have a point of sale system and it only does pos you can definitely write list

everything in very dynamic environment it's rather difficult at the same time you have to have a lot of vehicles to whitelist you have to whitelist email websites you have to might list browser plugins you have to white list applications hackers find the easiest way the one that works and white listing works it's just such a difficult task especially for a larger company thank you