© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1

Ricardo Rivera E.Business Development Manager

Security & Mobility

Cisco Borderless Security

2

Cisco Security Intelligence Operations

Agenda

Cisco Cybercrime ROI Matrix

Cisco ARMS Race Index

Cisco Borderless Security Vision

Q&A

3

Some numbers…

4

Some numbers…

5

Cisco Cybercrime ROI Matrix

How are criminals making the most money?

Where are they divesting?

What’s next on the threat landscape?

What are the most promising new techniques?

6

Cisco Cybercrime ROI Matrix

7

Zeus: Banking Trojan prime example

“$10 million lost in one 24-hour period.”

“…[C]riminals have used the Internet to steal more than $100 million from U.S. banks so far this year and they did it without ever having to draw a gun or pass a note to a teller…I've seen attacks where there's been $10 million lost in one 24-hour period.”

-Sean Henry, an assistant director of the FBI in charge of the bureau's cyber division.

8

Automation of Targeted & Blended Attacks

9

Why Zeus?

10

What Happened in Kentucky?

County treasurer had Zeus malware on his PCCriminals stole credentials and logged in to bank accounts from treasurer’s PC

Reconnaissance used to plan theft

Mule recruitment pretending to be Careerbuilder.com

Created mules as fictitious employees

Mules receive $9700 and sent $8700 to Ukraine via Western Union

More than 25 <$10,000 wire transfersTotal of $415k stolen

11

Screen Injection

Courtesy Silver Tail Systems

Your browser NOT on Zeus:

Your browser on Zeus:

12

Statistics

784 Zeus Botnets tracked by Zeus TrackerEstimate of 1.6M bots in Zeus botnets1130 brands targeted 960 estimated financial targets (85%)Top 5 US banks EACH targeted by over 500 Zeus botnets

12

Source: Zeus Tracker

13

Social Networking Exploits

Most important communications tool of the decade.Builds on email, IM.

Big crowds = big targets.Facebook hit 350M users in 2009.

…and criminals have automated how to best penetrate our trust networks

14

15

Targeted Social Networking Attacks

16

17

18

Bringing it all together…Koobface

Links are posted to (or sent from) hijacked social networking accounts

The link leads to a fake video site that ask the user to install a new Flash player / codec to view the video

19

Fake video site that delivers malware

20

Introducing The Cisco ARMS Race Index

21

Introducing The Cisco ARMS Race Index

Global Adversary Resource Market Share (ARMS) Index

Designed to be a barometer of the current level of computing and network resources under criminal control and means for tracking over time.

Derived from leading botnet tracking stats, stats for total PCs worldwide, home/work infection rates.

22

ARMS Race Index

23

Cisco ARMS Race Index: Dec-2009

24

Recommendations for 2010

User education and security awareness training remain top priority

Maintain defenses for “Cash Cow”threats

Evaluate security practices and investments for “Rising Star” threats

Develop security architecture for mobility and consumerization of IT

25

Cisco Security Intelligence Operations www.cisco.com/security

Cisco Security Blog blogs.cisco.com/security

For More Information

The Cisco 2009 Annual Security Report

www.cisco.com/go/securityreport

26

Cisco