Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs...
-
Upload
santino-wesley -
Category
Documents
-
view
214 -
download
0
Transcript of Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs...
![Page 1: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/1.jpg)
Indian Cybercrime Scene
Vinoo Thomas Rahul MohandasResearch Lead Research ScientistMcAfee Labs McAfee Labs
Caught In the Cross-Fire
![Page 2: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/2.jpg)
Agenda
2
• Knowing the enemy – Who’s at your front door?• India in the information age• World “Wild” Web – Indian users caught in the cross fire• India’s contribution to worldwide Spam, Botnet and DDOS attacks • Regional malware • Targeted attacks• The future
![Page 3: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/3.jpg)
http://www.internetworldstats.com/stats3.htm
India’s Growing Cyber Population
![Page 4: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/4.jpg)
http://www.intgovforum.org/cms/2008/press/Worldwide%20Internet%20usage%2008.pdf
Why do Indians go online?
![Page 5: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/5.jpg)
http://www.google.com/insights/search/#
What do Indians search online?
![Page 6: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/6.jpg)
Breaking news? Think Malware
• Malware authors make use of breaking news or popular search terms to ensure a higher return on investment.
• Popular news items that were misused include:– Searches for Michael Jackson’s death lead to malware– Benazir Bhutto assassination, Bangalore Blasts– Indian celebrities and cricketers
![Page 7: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/7.jpg)
Riskiest Indian Celebrities
7http://www.hindustantimes.com/cinema-news/mirchmasala/Ash-more-dangerous-than-Katrina/Article1-451587.aspx
![Page 8: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/8.jpg)
Popular Indian Sites Compromised to Serve Malware
8
![Page 9: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/9.jpg)
World “Wild” Web
• Risks on the Web are constantly changing. A site that is safe one day, can be risky the next.
• It’s not always easy for consumers to identify which site is safe. Even experienced users can be deceived if a trusted site was compromised to serve malware.
• Thousands of legitimate web sites are compromised every day to serve malware to unsuspecting users.
• High-profile Indian sites that been compromised to serve malware include banks, security vendors, portals, businesses, as well as educational and government sites.
![Page 10: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/10.jpg)
Payload and impact of users getting infected
Payload
•Bots•Backdoors•Keyloggers•Password Stealers•Rogue Antivirus Products•Rootkits
Symptoms
•Infected machine become part of a botnet•Abused to send Spam, DDOS, host exploits, and act as launch pad for more attacks.•Infected users often have no clue
Compromised users on a limited bandwidth Internet plan can end up getting a huge bill at the end of month – for no fault of theirs!!
![Page 11: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/11.jpg)
W32/Conficker in India vs. rest of world
11
![Page 12: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/12.jpg)
Conficker world infection map
12http://www.confickerworkinggroup.org/wiki/uploads/ANY/conficker_world_map.png
![Page 13: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/13.jpg)
W32/Conficker.worm - Infection Data
http://www.team-cymru.org/Monitoring/Malevolence/conficker.html
![Page 14: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/14.jpg)
Twitter-Facebook Episode
• Twitter, Facebook, Live Journal, YouTube, Fotki–what do they have in common?
• Hosted an account of a pro-Georgian blogger who went under the nickname cyxymu (taken after Sukhumi, the capital of Abkhazia, one of Georgia’s pro-Russian breakaway republics).
• They all suffered a massive distributed denial-of-service (DDoS) attack. The attack that was able to take down Twitter for several hours and significantly slow down connectivity to YouTube, Live Journal and Facebook .
http://www.avertlabs.com/research/blog/index.php/2009/08/07/collateral-damage/
![Page 15: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/15.jpg)
India’s Contribution to DDoS
• India’s Contribution was 8%
http://www.avertlabs.com/research/blog/index.php/2009/08/07/collateral-damage/
![Page 16: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/16.jpg)
India’s Spam Contribution
http://www.trustedsource.org`
United States 35%
Brazil 7%
India 7%South Korea
5%
China 4%
Russia 3%
Turkey 3%
Thailand 2%
Romania 2%
Poland 2%
Others30%
Q2 2009
United States 34%
Brazil 7%
China 5%India
4%Russia
4%
Turkey 4%
South Korea 4%
Spain 2%
United Kingdom 2%
Colombia 2%
Others32%
Q1 2009
![Page 17: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/17.jpg)
Phishers target Indian Banks
• Uses pure Social engineering to deceiveusers
• Stolen credentials make itsway to underground forumsand sold there
• Commercial Do-It-YourselfPhish kits available forIndian banks
• Increase in phish emailsobserved during Verified by Visa and MasterCard SecureCode campaign.
17
![Page 18: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/18.jpg)
Malware source code freely available
18
![Page 19: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/19.jpg)
Malware is localized and targeted
![Page 20: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/20.jpg)
• Exploits using MSWord, Excel,PowerPoint, WordPad areincreasingly popular
• Multiple zero-day vulnerabilities in office discovered and exploited in 2009.
• Mostly spammed to users or hosted on malicious website
• Attachment claims to contain sensitive information on Pakistani Air force.
• Exploits a patched vulnerabilityin Microsoft ms06-028 bulletin.
Targeted Attacks: Microsoft Office
20
![Page 21: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/21.jpg)
Targeted Attacks: Adobe PDF
21
• >80% users have Adobe Acrobat installed
• Easy to social engineer useras it’s considered trustworthy
• Over 5 new exploits releasedthis year alone includingzero-days.
• Most exploits use JavaScript to spray shellcode on heap
• Heavily deployed in webattack toolkits.
![Page 23: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/23.jpg)
Cyber Crime Altering Threat Landscape
23
•Over 1,500,000 unique malware detections in 2008
⁄ 1H09 up 150% from 1H08
•Malware is heavily obfuscated with packers and compression technologies
•80% of threats are financially motivated, up from 50% two years ago with password stealing Trojans being rampant
•6500+ new variants analyzed daily
2006 2007 2008 2009 1st Half0
200,000
400,000
600,000
800,000
1,000,000
1,200,000
1,400,000
1,600,000
78,381
271,197
1,500,000
1,200,000
Unique Malware Detections
![Page 24: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/24.jpg)
Why take to cybercrime?
Low Risk+ High Reward + Opportunity
=Safer than traditional crime
![Page 25: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/25.jpg)
25
Cyber Crime – India Statistics
– India: 63% of businesses have seen an increase in threats from 2008 to 2009
– India: 40% of businesses in India had an incident that cost an average of $13,543 to fix and recover from and causing revenue loss.
– India is the 14th most dangerous domain for web surfing with 3.07% of Indian websites rated Red or Yellow by McAfee Site Advisor.
http://economictimes.indiatimes.com/Infotech/Internet/Chasing-the-cyber-criminal/articleshow/5166638.cms
![Page 26: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/26.jpg)
Summary - What does this mean to you?
• The malware problem is here to stay – threats are becoming more region specific and sophisticated.
• Monetary reward is the primary motivation for malware authors.
• India’s growing cyber population makes an attractive target.
• Need to improve user education and awareness at grassroots level.
26
![Page 27: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/27.jpg)
McAfee In Action
27http://www.dsci.in/images/stories/mcafee_announces_grant_of_rs._2.5_mn_for_dsci.pdf
McAfee Initiative to Fight Cybercrimehttp://www.mcafee.com/us/about/corporate/fight_cybercrime/
![Page 28: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/28.jpg)
28
McAfee Security Resources
Web Sites– McAfee: http://www.mcafee.com– Threat Center: http://www.mcafee.com/us/threat_center/default.asp– Submit a Sample: http://vil.nai.com/vil/submit-sample.aspx– Scan Your PC: http://home.mcafee.com/Downloads/FreeScanDownload.aspx
Notifications– Security Advisories: http://www.mcafee.com/us/threat_center/securityadvisory/signup.aspx
Word of Mouth– Blog: http://www.avertlabs.com/research/blog/– Podcasts: http://podcasts.mcafee.com/
![Page 30: Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs Caught In the Cross-Fire.](https://reader038.fdocuments.us/reader038/viewer/2022110205/56649c755503460f94929852/html5/thumbnails/30.jpg)