Embed Size (px)
Citation preview
dddd
What people think hackers do?
What hackers actually do?
Social Engineering 4ever
Statistics
Ransomware
• Searches for files with certain extensions: doc, docx, wps, xls, xlsx, ppt, pptx, pdf, jpg, dng, psd, raw, cer, crt, pfx, wallet …• Doesn’t touch system directories• Encrypts files with a 2048-bit RSA key pair• Paying the ransom results in decryption of the files• No way to decrypt the files without the private key• Ransomware done right!
Crypto Lockers
Mobile ransomware
Mobile ransomware
Android/Lockerpin
Android/SimplockerAndroid/Locker
Mobile ransomware Android/Koler
Big companies under attack
Locky
What about money?
Statistics
“Traffic today has varied between 1 new endpoint each second, to up to 5 per second. I estimate by the end of the day well over 100,000 new endpoints will be infected with Locky, making this a genuine major cybersecurity incident — 3 days in, approximately a quarter of million PCs will be infected”.
February 17, 2016
Pay or not to pay?“The ransomware is that good,” said Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office. “To be honest, we often advise people just to pay the ransom.”
Motto – “be opened to the world”
One of cases
One of cases
Hacker database
Hacked account
TOP login names
More then 11days, 68 ip, 21 countries94.23.170.170 45.32.83.236 89.184.84.84 195.154.209.174 190.10.9.246
212.83.168.145 193.34.8.158 178.22.50.250 109.237.89.107 46.175.191.254
104.45.28.180 96.11.19.194 12.139.34.20 97.65.80.4 94.136.45.239
46.98.123.93 74.208.153.91 62.205.128.83 76.79.234.170 212.48.66.50
195.138.198.199 94.158.46.227 178.238.92.22 212.57.114.159 109.107.232.75
89.179.244.173 78.37.97.102 91.223.180.250 78.85.33.136 89.151.134.231
163.158.144.184 77.232.25.22 172.245.123.14 188.247.66.213 92.253.126.26
134.249.149.96 176.36.19.10 5.53.117.49 113.160.199.25 74.208.112.162
83.110.216.111 80.82.64.117 91.218.19.12 85.238.100.202 64.38.204.98
61.182.72.16 185.28.110.35 199.189.254.245 179.111.212.254 37.152.8.236
39.109.19.1 37.122.210.243 91.243.29.89 195.70.37.67 211.141.150.55
198.74.113.208 217.73.91.183 24.97.22.154 195.175.104.78 81.176.239.250
14.147.145.218 78.63.234.219 93.75.39.135 190.10.8.29 5.134.114.154
Deanonymization?
Deanonymization?
Revenue?Expectations Reality
How to stay secure?
Software updates
and patches
SecurityAwareness
Low privilege access
Backups
Antivirus/Antispam
How to secure your 1C with RDP?
• Regural backups.• Regural EXTERNAL backups• Access control for own IP addresses/networks.• VPN/IPSec• Password policy• Antibruteforce policy• Don’t use usuals logins (admin/alex/manager).
Skype: ghost-bel
OWASP Lviv Team
