![Page 1: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/1.jpg)
![Page 2: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/2.jpg)
50 SHADES OF CRIMEWAREManu Quintans // Frank Ruiz
![Page 3: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/3.jpg)
ABOUT US
Frank Ruiz - Threat Intelligence Analyst at Fox IT y miembro de la organización sin animo de lucro mlw.re.
❝❞
Manu Quintans - Threat Intelligence Manager at Buguroo / Deloitte, miembro fundador de la organización sin anímo de lucro mlw.re focalizada en combatir amenazas en Internet.
❝
❞
![Page 4: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/4.jpg)
Index
What we know about Cyber-Crime ?!
It’s Time Back To Reality!
Understand Cyber-Crime activities!
Previously on… 2013!
Reality Bites!
Cyber-Crime Evolutions 2013-2014!
New trends at Cyber-Crime!
Examples (We have a Target) :) !
Intelligence!
Infrastructures!
DEMO TIME!!
Bye bye!!
![Page 5: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/5.jpg)
WHAT WE KNOW ABOUT!CYBER-CRIME?
![Page 6: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/6.jpg)
Conventions
ciber-. 1. Elemento compositivo prefijo, creado por acortamiento del adjetivo cibernético, que forma parte de términos relacionados con el mundo de las computadoras u ordenadores y de la realidad virtual.
SEÑORA! Soy un T800, he venido del futuro a robarle la tarjeta monedero….
![Page 7: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/7.jpg)
WHAT WE KNOW ABOUT CYBER-CRIME?!
27.000 SMS INTERCEPTADOSARAB WINTER
![Page 8: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/8.jpg)
WHAT WE KNOW ABOUT CYBER-CRIME?!
• 1.580,00 WEBSITE LOGIN CREDENTIALS!• 320,000 EMAIL ACCOUNTS!• 41,000 FTP ACCOUNT CREDENTIALS!• 3.000 RDP!• 3.000 SSH ACCESS
MOAR PONY!
![Page 9: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/9.jpg)
WHAT WE KNOW ABOUT CYBER-CRIME?!
• Obama runs first law about cybersecurity.
• CISPA (Cyber Intelligence Sharing and Protection Act) is runing again
• Mandiant, presents at RSA Conference new SOC.
APT1
Securestate talk at 2005 about this group and there tools…
![Page 10: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/10.jpg)
WHAT WE KNOW ABOUT CYBER-CRIME?!
![Page 11: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/11.jpg)
WHAT WE KNOW ABOUT CYBER-CRIME?!
APT1
![Page 12: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/12.jpg)
It’s time back to “reality”
![Page 13: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/13.jpg)
It’s time back to “reality”
![Page 14: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/14.jpg)
It’s time back to “reality”
![Page 15: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/15.jpg)
It’s time back to “reality”
![Page 16: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/16.jpg)
Understand !Cyber-Crime activities
![Page 17: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/17.jpg)
Understand Cyber-Crime activitiesLA
YER
#1
The Undercoat!Just for kiddies
Indetectables!
HackForums!
ExploitIN!
DamageLabs!
Antichat!
DarkC0de!
![Page 18: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/18.jpg)
LAYE
R #1
Understand Cyber-Crime activities
![Page 19: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/19.jpg)
LAYE
R #1
Understand Cyber-Crime activities
![Page 20: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/20.jpg)
LAYE
R #1
Understand Cyber-Crime activities
![Page 21: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/21.jpg)
LAYE
R #1
Understand Cyber-Crime activities
![Page 22: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/22.jpg)
LAYE
R #2
The Limbo!Semi Pro
Verified!
CCPRO!
Pustota!
Infraud!
Understand Cyber-Crime activities
![Page 23: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/23.jpg)
LAYE
R #2
Understand Cyber-Crime activities
![Page 24: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/24.jpg)
LAYE
R #2
Understand Cyber-Crime activities
![Page 25: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/25.jpg)
LAYE
R #3
The Heaven’s door!Gang’stha!
Korovka!
Commuizn!
Maza!
TopSecurity
Understand Cyber-Crime activities
![Page 26: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/26.jpg)
LAYE
R #3
Understand Cyber-Crime activities
![Page 27: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/27.jpg)
LAYE
R #3
Understand Cyber-Crime activities
![Page 28: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/28.jpg)
LAYE
R #4
Private!From russia with love!
Sinowall!
ZeusP2P!
Cryptolocker!
Gozi
Understand Cyber-Crime activities
![Page 29: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/29.jpg)
WHAT WE KNOW ABOUT CYBER-CRIME?!FI
NA
L SC
ENA
RIO
The Undercoat!Just for kiddies
DamageLabs!
Antichat!
DarkC0de!
Indetectables!
HackForums!
ExploitIN!
The Limbo!Semi Pro
Verified!
CCPRO!
Pustota!
Infraud!
The Heaven’s door!Gang’stha!
Korovka!
Commuizn!
Maza!
TopSecurity
Private!From russia with love!
Sinowall!
ZeusP2P!
Cryptolocker!
Gozi
![Page 30: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/30.jpg)
Previously on…!
![Page 31: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/31.jpg)
Previously
Previously on…• First year, without new Banking Trojans. (Except’s KINS aka Kasper)!• Symlink Arrested (January)!• Paunch Arrested (BlackHole Exploit Kit) (OCTOBER)!• FBI shut down SilkRoad and they arrest Ross Willian Ulbrich. (OCTOBER)!• Target Breach. :-) – (NOVEMBER/DECEMBER)!• FBI With Spanish Police Cooperation take’s down Liberty Reserver and arrest CEO.– (MAY 2013)!
• ZeusP2P (Game Over) and CryptoLocker Take down. - (MAY/JUN 2014)
![Page 32: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/32.jpg)
Previously
Has been a special year in the volition of the industry of cyber-Crime
!!
• The feeling of impunity begins to disappear. !• Groups midlevel begin to close and professionalize their assets. !• Ironically, the vetted gang’s start to show some gaps.
![Page 33: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/33.jpg)
Previously
These Changes are due to!• Detentions.!• Proliferation of bloggers / twitters 'investigating' cybercrime scene. (Pr0n stars)!• Insider Researchers.!• Leaks (Pasties, services…)
![Page 34: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/34.jpg)
SWOT ANALYSIS
Conclusions!The “industry” of
Cyber-Crime,!now are more than
closed !than ever.
![Page 35: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/35.jpg)
New trends
![Page 36: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/36.jpg)
OUR SERVICES
New Trends at Cyber-Crime IndustryPOS Malware - POINT OF SALES SYSTEMPOS01
01
NEW MOBILE MALWARE (EG: TOR BASED)!TOR BASED02
02 Bitcoin, Litecoin, DogeCoin just Crypto Malware Miners!CRYPTOCURRENCIES0303
![Page 37: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/37.jpg)
OUR SERVICES
The lack of a Banking Trojan for sale and the large increase in demand for cards has moved many players in this business.Citadel users move there business to this new system.
Grows offer POS malware sales.
POS POINT OF SALE, !BUT WHY?
![Page 38: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/38.jpg)
OUR SERVICES
POS POINT OF SALE, !What we found on markets?
The Beauty, !the Bad, !the Ugly !and !Guest start
Alina Malware01Dexter Malware02BlackPos03Soraya04
![Page 39: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/39.jpg)
OUR SERVICES
POS POINT OF SALE, !Sofware as Service? of course!
![Page 40: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/40.jpg)
OUR SERVICES
Mobile Malware
Increase of injections with support for mobile malware.
Mobile malware for sale:!
• iBanking (as Service).!
•Perkele!
Uses new resources like TOR.
![Page 41: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/41.jpg)
OUR SERVICES
IBanking Malware
![Page 42: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/42.jpg)
OUR SERVICES
Perkele Malware
![Page 43: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/43.jpg)
CryptoCurrencies
![Page 44: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/44.jpg)
CryptoCurrencies
![Page 45: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/45.jpg)
CryptoCurrencies
![Page 46: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/46.jpg)
OUR SERVICES
CryptoCurrencies
TOTAL HASH RATE 24H HASH RATE
![Page 47: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/47.jpg)
Examples!
![Page 48: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/48.jpg)
Examples
Example!!Brian Krebs!18/Dec/2013: Sources: Target Investigating Data Breach!20/Dec/2013: Cards Stolen in Target Breach Flood Underground Markets!22/Dec/2013: Non-US Cards Used At Target Fetch Premium!24/Dec/2013: Who’s Selling Credit Cards from Target?!10/Jan/2014: Target: Names, Emails, Phone Numbers on Up To 70 Million Customers Stolen!15/Jan/2014: A First Look at the Target Intrusion, Malware!16/Jan/2014: A Closer Look at the Target Malware, Part II!29/Jan/2014: New Clues in the Target Breach!04/Feb/2014: These Guys Battled BlackPOS at a Retailer!05/Feb/2014: Target Hackers Broke in Via HVAC Company!12/Feb/2014: Email Attack on Vendor Set Up Breach at Target!19/Feb/2014: Fire Sale on Cards Stolen in Target Breach!25/Feb/2014: Card Backlog Extends Pain from Target Breach
TimeLine
![Page 49: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/49.jpg)
Examples
Example
![Page 50: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/50.jpg)
Examples
Example
![Page 51: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/51.jpg)
INTELLIGENCE
![Page 52: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/52.jpg)
Intelligence
INTELLIGENCE
![Page 53: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/53.jpg)
INTELL!
INTELLIGENCE+• Emerging threat research
• Strategic partnerships to share intelligence • Tailored threat focus areas • Live, dynamic intelligence feeds with advanced • Actively tracking of cybercrime element • Daily emerging threat reviews • Awareness of the changing technology and business environment • Metrics and rending data for multiple key threat indicators • Recommendations on improved and refined processes
+• Botnet monitoring and analysis • Malware reverse engineering • Social media monitor • Reputation scans • Deep web monitoring • Social engineering threats • Spoofed websites • All Source Intelligence •
• Emerging tech review • Loss management • Vendor management • Executive identity monitoring
… and remember
IN-TE-LLI-GEN-CE
![Page 54: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/54.jpg)
INFRASTRUCTURES
![Page 55: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/55.jpg)
OUR SERVICES
Simple Botnet
BOTNETINTERNET
![Page 56: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/56.jpg)
OUR SERVICES
Simple Botnet With Proxy
BOTNETINTERNET
![Page 57: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/57.jpg)
OUR SERVICES
Botnet With Double Proxy
BOTNET
INTERNET
VICTIMS
PROXY - 1
PROXY - 2
![Page 58: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/58.jpg)
OUR SERVICES
FAST FLUX + C&C
FASTFLUX
VICTIMHTTP GET
RESPONSE CONTENT
GET REDIRECT
RESPONSE CONTENT
![Page 59: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/59.jpg)
OUR SERVICES
FAST FLUX + PROXY+ C&C
FASTFLUX
VICTIMHTTP GET
RESPONSE CONTENT
GET REDIRECT
RESPONSE CONTENT
![Page 60: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/60.jpg)
OUR SERVICES
BulletProft Hosters
BP HOSTERINTERNET
VICTIMS
Backend Server
![Page 61: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/61.jpg)
OUR SERVICES
OWN INFRASTRUCTURES
INTERNET
IPIP Tunel
OpenVPN Server
VPN Client
Backend Server
Backend Server
Backend Server
VICTIMS
![Page 62: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/62.jpg)
OUR SERVICES
TOR INFRASTRUCTURES
INTERNET
Web Panel
TOR Network
VICTIMS
![Page 63: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/63.jpg)
INTERNET
P2P Network
Web Panel
Backup Server
VICTIMS
OUR SERVICES
P2P INFRASTRUCTURE
![Page 64: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/64.jpg)
DEMO TIME
![Page 65: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/65.jpg)
DEMO Concept
BUILD POS ENVIROMENTSWIPE OUR CREDIT CARDBREATHE DEEPLY
CALM DOWNPWN THE BOTNET AND GET OUR MONEY BACK!
INFECT OUR POS
![Page 66: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/66.jpg)
DEMO RESULTS
Me robo mi tarjeta…
Yo quemé su botnet…
![Page 67: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/67.jpg)
THANKS!
![Page 68: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/68.jpg)
WARING! SPAM IS COMING!
![Page 69: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/69.jpg)
THANKS!!
![Page 70: 50 SHADES OF CRIMEWARE - OWASP · 50 SHADES OF CRIMEWARE ... now are more than closed ! than ever. New trends. OUR SERVICES New Trends at Cyber-Crime Industry POS Malware - POINT](https://reader034.vdocuments.mx/reader034/viewer/2022042910/5f3e17ad28db2f3034095d34/html5/thumbnails/70.jpg)
Q/A