Global Internet Threats and APWG Initiatives To Fight ... · Poland jumped to 2nd in global ranking...
Transcript of Global Internet Threats and APWG Initiatives To Fight ... · Poland jumped to 2nd in global ranking...
© 2014 APWG
Global Internet Threats and Global Internet Threats and APWG Initiatives
To Fight Cyber-Crime and Fraud
F ShiFoy ShiverDeputy Secretary-General
APWG
© 2014 APWG
APWG In A NutshellAPWG In A Nutshell• Founded in 2003 to focus on the new “Phishing” problemFounded in 2003 to focus on the new Phishing problem• Over the past 11 years we have grown to cover all types of
Cybercrime and fraud• Currently more than 2000 companies, NGOs, government, law
enforcement, research and treaty organizations globally• Membership restricted to cybercrime stakeholdersMembership restricted to cybercrime stakeholders• Efforts bring together experts in diverse fields to focus on:
– Data Sharing– User Awareness– Public Policy
Research– Research
© 2014 APWG
APWG: 11 years of StatisticsAPWG: 11 years of StatisticsAPWG Phishing Activity Trends Reportg y p
• Published since February 2004• Initially monthly, now quarterly or semi-annually• An in depth review of the ongoing state of Phishing• An in-depth review of the ongoing state of Phishing
Global Phishing Survey: Trends and Domain Name Use• Published since 2H 2007• Semi-annual attempt to understand trends and their
significances by quantifying the scope of attacks with a focus on DNS
Mobile Threats and the Underground Marketplace• New for 2013• Attempt to defines the malware markets and demonstrates • Attempt to defines the malware markets and demonstrates
the modus operandi of an industry that is self-funding, prosperous, vertically stratified and agile.
© 2014 APWG
Phishing Trends ReportQ3 2014
Th b f i hi hi t b itt d t APWG • The number of unique phishing reports submitted to APWG decrease 5%
• A total of 549 brands were targeted by phishers in Q4, up from g y p Q , pthe 531 targeted in the second quarter
• In July, phishers set their sights on Polish servers, this resulted in Poland jumped to 2nd in global ranking hosting phishing sitesPoland jumped to 2nd in global ranking hosting phishing sites
• The United States continued to be the top country hosting phishing sites
• Over 20 million new malware samples were discovered in Q3, at an average of 227,747 new malicious items every day
• The United States remained the top country hosting phishing• The United States remained the top country hosting phishing-based Trojans and downloaders
© 2014 APWG
Looking at Future ThreatsLooking at Future Threats• Internet was never designed to be secureInternet was never designed to be secure• Many challenges dealing with a malicious,
adaptive and well funded opponentadaptive and well funded opponent• Features vs Security
– Internet of Things– High connectivity/complexity/data volume = high
vulnerabilityvulnerability
• Targeted attacksSt t d• State sponsored
• Ransomware
© 2014 APWG
Mobile Device/App RiskMobile Device/App Risk
• Data Leakage– Individual Appsd dua pps– Between Apps
P i• Privacy• Account Takeover• Device Takeover
M l• Malware
© 2014 APWG
Current Mobile Threat VectorsThreat iOS Android
Phishing
Spear-Phishing
SMS-Phishing
App-Phishing App Phishing
App-Mining (including corporate directories)
Jailbreak, Rooting, Jammers
SSL Vulnerabilities
Hostile Configuration Profiles
Unencrypted Email Attachments yp
Ransomware
Backup Hijacking
OS F t ti OS Fragmentation
Sideloading Apps
Harvest Phone Call Logs & SMS Logs
© 2014 APWG
Android FragmentationAndroid Fragmentation
© 2014 APWG
APWG’ Q tiAPWG’s Question:How Does a World of How Does a World of
Localities Engage a Problem Localities Engage a Problem of Global Dimensions Like
Cybercrime and Respond as U ifi d A th it ?a Unified Authority?
© 2014 APWG
Data Logistics as Cybercrime g yResponse Instrument
The design and optimization of processes to manage the movement and presentation of data to enable pcrybercrime responders and forensic analsysts to take action – or receive analsysts to take action or receive data – at a time and place for a specific counter cybercrime applicationcounter-cybercrime application
© 2014 APWG
Examples of APWG f i iCybersafety Data Logistics
• Phishing Repository & URL Block List• eCrime Exchange• Malicious Domain Suspension System• Bot-Infected System Alerting and Notification
S tSystem• The Stop. Think. Connect. Messaging Convention
• The IODEF Extensions for Electronic Crime Reporting (IETF RFC 5901)
• eCrime Classification System• Phishing Education Landing Pages
© 2014 APWG
APWG C i E hAPWG eCrime Exchange:A Member Network
For Collaborative eForensics
© 2014 APWG
Organizational Objective of eCX
Ganging Up on the Bad GuysGanging Up on the Bad Guys
• Exchanging Data Programmatically Exchanging Data Programmatically Consolidating data across industries and geographies for more effective security routinesgeographies for more effective security routinesExample: URL Block List
• Teaming Around eCrime Events• Teaming Around eCrime EventsEnterprises and groups recognizing they face common adversaries can combine data and common adversaries can combine data and insights needed to neutralize the attackers
© 2014 APWG
Phishing Repository and URL Block List
• APWG Phishing Attack Data Repository– 8+ million historical entries
Informs research and development of counter eCrime – Informs research and development of counter-eCrime technology
• Phishing URL Block List (UBL)g ( )– Updated constantly– Informs browser warning systems and anti-phishing tool bars– Signaling systems for security teams – CERTs, brand-holders, telecom companies, security
companies software developers and the publiccompanies, software developers and the public
© 2014 APWG
APWG Malicious Domain Suspension Process (AMDoS)
World’s First and Only Auditable, Scalable Malicious Domain Name Suspension Request System for p q y
Professional Interveners and the Registrys
© 2014 APWG
What are we trying to li h?accomplish?
C l t ( t i t) t d • Complement (not circumvent) court orders or legal instruments to allow
ibl ( d ) i i – Responsible (and transparent) action in – A timeframe measured by hours rather than
d k th d t days, weeks, or months and to – Hold reporting parties to a standard of practice
and accountabilityand accountability• Replace historical ad hoc processes used to
suspend domains with a uniform auditable suspend domains with a uniform, auditable process based
© 2014 APWG
Trusted Introducer SystemTrusted Introducer System
Accredited IntervenerAccredited Intervener [AMDoS][AMDoS] Registry
AuthorityRegistry AuthorityIntervenerIntervener AuthorityAuthority
formal, auditable communications channel
© 2014 APWG
APWG Malicious Domain Suspension Process
• AMDoS mediates formal correspondence between an Accredited Intervener and a Registry Authority
d i d / d h l – trusted-introducer/trusted-channel system – a medium for transmission of suspension requests
f b i d i for abusive domains • Objectives
E h d d l bilit f i t ti – Enhance speed and scalability of interventions – Provide formal tracking
P id t bilit t– Provide accuracy, accountability. transparency
© 2014 APWG
Registry Authority owns process
• Registry Authorities participate voluntarily– Under no obligation to participate or act– Registry can assess request against explicit
criteria before making a decision to suspend• Expectation is that
– A signed attestation from – A vetted reporting party with– Documentation that demonstrates criminal use
will be persuasive
© 2014 APWG
Other AMDoS GoalsOther AMDoS Goals
• Metrics• Shame bad registries/registrars into Shame bad registries/registrars into
being good registries/registrars
© 2014 APWG
� Bot-Infected System Alerting and Notification System (BISANS)
• Biggest threat to users is falling victim to social engineering and their systems becoming infected
• Once infected, most users do not technology aware enough to know something is wrongC i i l th t t t l d t d h t • Criminals use these systems to steal data and host robust Botnets for other criminal purposes
• BISANS is an attempt to identify infected systems • BISANS is an attempt to identify infected systems and notify the owner or responsible parties
© 2014 APWG
The Bot-Infected Systems Alerting d N tifi ti S tand Notification System
BISANS routes bot node reports to
owner/operatoowner/operators, enabling
programmatic interventionsinterventions
Beta code working and
recently integrated into eg a ed o
eCX
© 2014 APWG
Online Cybersafety Awareness Messaging
• Problem: How do you raise awareness in • Problem: How do you raise awareness in the largest number of people without heroic effort or costheroic effort or cost
• Logistics imperative: Reach customers and citizen where they are – and through channels they already trust
• Solution: Unify messaging across trusted-parties with shared, and therefore parties with shared, and therefore unified, messaging instruments
© 2014 APWG
STOP. THINK. CONNECT.STOP. THINK. CONNECT.• Re-animates the oldest logistical schema: standardizationg
• Over 20 international companies founded the project
• Rigorously informed, crafted and tested messaging g y g ginstrumentation offered at no cost
• Repurpose communications avenues and networks of all the M i C ti ti i tMessaging Convention participants
• Leverage every web page, ATM receipt, account statement and communications instrument communications instrument to deliver awareness messaging
© 2014 APWG
Step Up and Help EveryoneStep Up and Help Everyone• The Messaging Convention Empowers Three Primary RolesThe Messaging Convention Empowers Three Primary Roles
– Commercial Licensee• No-cost license for commercial enterprises who want to integrate
Stop Think Connect Messaging Convention messaging instruments Stop. Think. Connect. Messaging Convention messaging instruments into their own online safety education programs
– Non-commercial STC Messaging Convention Content User• Pre-packaged Stop Think Connect online safety education materials • Pre-packaged Stop. Think. Connect. online safety education materials
for educational agencies and ministries and NGOs to instruct their constituencies
– International Program PartnersInternational Program Partners• National and regional governments, multilateral treaty organizations,
NGOs who recruit licensees and users within an industrial sector or polity
© 2014 APWG
Hemispheric UnificationHemispheric Unification• USA and Canada using content in French and English• Recently Japan Panama Paraguay and Uruguay have • Recently Japan, Panama, Paraguay and Uruguay have
adopted the campaign as their national cybersecurity awareness messaging program– Other nations in South America and Africa in the works
News coming soon.• Other languages being added constantlyOther languages being added constantly
– English, Spanish, French, Portuguese, Russian, Japanese• Organization of American States entered into an agreement
in 2012 to propagate STC among OAS member nations• In discussions now with Organisation internationale de la
Francophonie (OIF)Francophonie (OIF)
© 2014 APWG
Upcoming Events 2015p g
eCrime Researchers eCrime Researchers Symposium
Hosted by CaixaForumHosted by CaixaForumBarcelona, Spain
May 26 – 29