SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket...
Transcript of SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket...
![Page 1: SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket #vulnerability #0day #apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos #stressers](https://reader034.fdocuments.us/reader034/viewer/2022042122/5e9c85275111b96fae616f48/html5/thumbnails/1.jpg)
Systemic Analyser In Network Threats
This work is performed within the SAINT Project (Systemic Analyser in Network Threats), with the support of the European Commission and the Horizon 2020 Program, under Grant Agreement No 740829.
Computer Technology Institute“DIOPHANTUS”
SAINT: Mapping the Cybercrime
Vasileios Vlachos: vsvlachos :https://www.linkedin.com/in/vsvlachos/ :https://vsvlachos.blogspot.gr/
![Page 2: SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket #vulnerability #0day #apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos #stressers](https://reader034.fdocuments.us/reader034/viewer/2022042122/5e9c85275111b96fae616f48/html5/thumbnails/2.jpg)
Systemic Analyser In Network Threats
What is the Cost of Cybercrime?
• What is the value of our digital assets? How can we accurately measure the cost of cybercrime?
• After a hack most victims tend to underestimate the damage, but most security firms usually overestimate losses
• Estimate the strength of a security technology by learning what cybercriminals are willing to pay to bypass it and / or obtain the data
![Page 3: SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket #vulnerability #0day #apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos #stressers](https://reader034.fdocuments.us/reader034/viewer/2022042122/5e9c85275111b96fae616f48/html5/thumbnails/3.jpg)
Systemic Analyser In Network Threats
SAINT CyberCrime Observatory – SCCO
• Create a pricelist – stock list of various digital goods
• Monitor price fluctuations
• Detect outliers
• Check cross-correlations and cross impacts between
different indexes
• Raise alarms and provide early warning notifications
• Provide input for the economic analysis module
![Page 4: SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket #vulnerability #0day #apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos #stressers](https://reader034.fdocuments.us/reader034/viewer/2022042122/5e9c85275111b96fae616f48/html5/thumbnails/4.jpg)
Systemic Analyser In Network Threats
Deep Web
A Deep Web Crawler (DWC): • Automatic Data Collection when
possible o More challenging than the a simple
Web Crawler
Analysis of Black Markets:• Automatic via DWC• Manual (Designated Researchers)• Archives (TBs of data already
available)
World Wide Web
Open Source Intelligence (OSINT): • Malware• Bug Bounties• Search Engines• Security Updates• Spam• Vulnerabilities
![Page 5: SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket #vulnerability #0day #apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos #stressers](https://reader034.fdocuments.us/reader034/viewer/2022042122/5e9c85275111b96fae616f48/html5/thumbnails/5.jpg)
Systemic Analyser In Network Threats
Deep Web Crawler
• Two different instances:• Clearnet Crawler tool
• Deep & Dark Web Crawler tool
• Clearnet Crawler sub-instances: some of the ENISA TOP 15 threats (Malware,
Botnets, Spam, Phishing, DDoS, Web Based Attacks, Ransomware)
Bug Bounties (prices, entities)
• Deep & Dark Crawler sub-instances:• Vulnerability Markets
• Cybercrime activity
Tor related usage information 5
![Page 6: SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket #vulnerability #0day #apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos #stressers](https://reader034.fdocuments.us/reader034/viewer/2022042122/5e9c85275111b96fae616f48/html5/thumbnails/6.jpg)
Systemic Analyser In Network Threats
SAINT CyberCrime Metrics: UndergroundDark Market Analysis
• Stolen Data:o Hacked Accountso Credit Cards
• CaaS: Crime as a Service:o Botnets o Spam o Hackers for hireo Malwareo Bulletproof providerso Pharma programs
• General Black Market Activity:o Postso Members
Deep Web Probes
Online:• Markets• Forums• Vendor Shops
Offline:• Cybercrime
Statistical Data • Archived of
Black Markets
![Page 7: SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket #vulnerability #0day #apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos #stressers](https://reader034.fdocuments.us/reader034/viewer/2022042122/5e9c85275111b96fae616f48/html5/thumbnails/7.jpg)
Systemic Analyser In Network Threats
SAINT CyberCrime Metrics: Malware
• New malware strains (AV effectiveness)
• Price of custom malware (AV effectiveness & OS Security)
• Number of new signatures (AV effectiveness)
• Safe Browsing blacklists (AV effectiveness & Browser Security)
• Malware hosting domains (AV effectiveness & Web Server Security)
• Top Malware lists – phylogenetic models (AV effectiveness)
• Number of AV solutions (AV effectiveness)
• Number of new IDS rules (new attacks)
![Page 8: SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket #vulnerability #0day #apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos #stressers](https://reader034.fdocuments.us/reader034/viewer/2022042122/5e9c85275111b96fae616f48/html5/thumbnails/8.jpg)
Systemic Analyser In Network Threats
• Spamlists: blocked domains / IPs (spamfilterseffectiveness)
• Spam merchandise pricelist: drugs, software, replicas (anticounterfightsolutions)
• Spam keywords blacklists (spamfilters effectiveness)
• Spam honeypots (spamfilters effectiveness)
SAINT CyberCrime Metrics: Spammers
![Page 9: SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket #vulnerability #0day #apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos #stressers](https://reader034.fdocuments.us/reader034/viewer/2022042122/5e9c85275111b96fae616f48/html5/thumbnails/9.jpg)
Systemic Analyser In Network Threats
Google Hacking Results: Automatic queries (time normalized)“…asslistpasslist.txt (a better way) passwdpasswd / etc (reliable) people.lstpsyBNC config files pwd.dbserver-dbs "intitle:index of" signin filetype:urlspwd.db / passwdfiletype:sql "insert into" (pass|passwd|password) filetype:sql ("values * MD5" | "values * password" | "values * encrypt") filetype:sql +"IDENTIFIED BY" -cvsfiletype:sql password filetype:url +inurl:"ftp://" +inurl:";@" filetype:xls username password email htpasswdhtpasswd / htgrouphtpasswd / htpasswd.bakintext:"enable password 7" intext:"enable secret 5 $" …/”
SAINT CyberCrime Metrics: Search Engines
Shodan Hacking Results: “…• apache city:”Berlin”• nginx country:"DE”• Apache city:”Brussels"
port:"8080" product:"ApacheTomcat/Coyote JSP engine”
• "Server: gws" hostname:"google”
• cisco net:”195.170.0.0/24"
![Page 10: SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket #vulnerability #0day #apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos #stressers](https://reader034.fdocuments.us/reader034/viewer/2022042122/5e9c85275111b96fae616f48/html5/thumbnails/10.jpg)
Systemic Analyser In Network Threats
SAINT CyberCrime Metrics: Trends
![Page 11: SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket #vulnerability #0day #apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos #stressers](https://reader034.fdocuments.us/reader034/viewer/2022042122/5e9c85275111b96fae616f48/html5/thumbnails/11.jpg)
Systemic Analyser In Network Threats
SAINT CyberCrime Metrics: Applications
• New security updates && patches && bugfixes
• Number of vulnerabilities && bugs && exploits
• Security Contests ($$$)
• Bug bounties ($$$)
• 0-days pricelist ($$$)
• Minor application versions aa.bb
![Page 12: SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket #vulnerability #0day #apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos #stressers](https://reader034.fdocuments.us/reader034/viewer/2022042122/5e9c85275111b96fae616f48/html5/thumbnails/12.jpg)
Systemic Analyser In Network Threats
ENISA Top 15 Indicators (2017)1. Malware
2. Web-based attacks
3. Web application attacks
4. Phishing
5. Spam
6. Denial of Service
7. Ransomware
8. Botnets
9. Insider threat
10. Physical manipulation/damage/theft/loss
11. Data Breaches
12. Identity Theft
13. Information leakage
14. Exploit kits
15. Cyber-Espionage 12
![Page 13: SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket #vulnerability #0day #apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos #stressers](https://reader034.fdocuments.us/reader034/viewer/2022042122/5e9c85275111b96fae616f48/html5/thumbnails/13.jpg)
Systemic Analyser In Network Threats
Web Based Attacks I: http://lists.blocklist.de/lists/all.txt
Server content List of IPs scraped
13
JSON formatted document objects
Web Based Attacks II: http://feeds.dshield.org/block.txt -
page infoscraping content
![Page 14: SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket #vulnerability #0day #apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos #stressers](https://reader034.fdocuments.us/reader034/viewer/2022042122/5e9c85275111b96fae616f48/html5/thumbnails/14.jpg)
Systemic Analyser In Network Threats
DDoS: https://www.exploit-db.com/google-hacking-database/12/
main page
scraping for further information of each threat instance
14
JSON formatted document objects
main page
Phishing: https://www.phishtank.com/scraping for further information of each threat instance
JSON formatted document objects
![Page 15: SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket #vulnerability #0day #apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos #stressers](https://reader034.fdocuments.us/reader034/viewer/2022042122/5e9c85275111b96fae616f48/html5/thumbnails/15.jpg)
Systemic Analyser In Network Threats
Malware: https://mirror.uce.edu.ec/malwaredomains/ -
15JSON formatted document objects
Botnets: http://osint.bambenekconsultingcom/feeds/c2-ipmasterlist.txt
![Page 16: SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket #vulnerability #0day #apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos #stressers](https://reader034.fdocuments.us/reader034/viewer/2022042122/5e9c85275111b96fae616f48/html5/thumbnails/16.jpg)
Systemic Analyser In Network Threats
SAINT – Threats database collections -MongoDB (NoSQL schema database &JSON Big Data)
16
![Page 17: SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket #vulnerability #0day #apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos #stressers](https://reader034.fdocuments.us/reader034/viewer/2022042122/5e9c85275111b96fae616f48/html5/thumbnails/17.jpg)
Systemic Analyser In Network Threats
Social Network Analysis (SNA):
Twitter hastags frequency monitoring: #bugs #bounties #malware#hacking #spam #osint #deepweb #darkmarket #vulnerability #0day#apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos#stressers #backfoor #logicbomb #dox #shell #blackhat #spoof#socialengineer #trojan #rawsomware #crimeware #resolver#scriptkiddie #root #rootkit #deface #XSS #SQLinjection#bufferoverflow #hactivism
SAINT CyberCrime Metrics: Social Networks
![Page 18: SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket #vulnerability #0day #apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos #stressers](https://reader034.fdocuments.us/reader034/viewer/2022042122/5e9c85275111b96fae616f48/html5/thumbnails/18.jpg)
Systemic Analyser In Network Threats
Cybersecurity Social Network Analyzer - CSNA
18
![Page 19: SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket #vulnerability #0day #apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos #stressers](https://reader034.fdocuments.us/reader034/viewer/2022042122/5e9c85275111b96fae616f48/html5/thumbnails/19.jpg)
Systemic Analyser In Network Threats
19
SAINT CyberCrime Metrics: Global Security Maphttp://globalsecuritymap.com/#
![Page 20: SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket #vulnerability #0day #apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos #stressers](https://reader034.fdocuments.us/reader034/viewer/2022042122/5e9c85275111b96fae616f48/html5/thumbnails/20.jpg)
Systemic Analyser In Network Threats
• A SAINT CyberCrime Observatory for European citizens, stakeholders, legislators, security researchers, scientists and law enforcement officers
• Basic Early Warning Services for imminent threats
• A toolbox of methodologies and prototype applications to analyze ΙΤsecurity trends and cybercrime activity
• A set of cybercrime metrics to evaluate the financial impact of existing cybersecurity technologies
SAINT CyberCrime Metrics: Outcomes
![Page 21: SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket #vulnerability #0day #apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos #stressers](https://reader034.fdocuments.us/reader034/viewer/2022042122/5e9c85275111b96fae616f48/html5/thumbnails/21.jpg)
Systemic Analyser In Network Threats
Saint EU Project Home: https://project-saint.eu/
21
https://vimeo.com/246975321
![Page 22: SAINT: Mapping the Cybercrime · 2018-04-20 · #hacking #spam #osint #deepweb #darkmarket #vulnerability #0day #apt #rat #bot #c&c #zombiepc #exploit #carders #phising #ddos #stressers](https://reader034.fdocuments.us/reader034/viewer/2022042122/5e9c85275111b96fae616f48/html5/thumbnails/22.jpg)
Systemic Analyser In Network Threats
22
Q&AVasileios Vlachos
Assistant Professor
Department of Computer Science and Engineering
Technological Educational Institute (TEI) of Thessaly
: vsvlachos :https://www.linkedin.com/in/vsvlachos/ :https://vsvlachos.blogspot.gr/