El Cibercrimen Trasnacional ISACA 50 AÑOS El Cibercrimen Trasnacional Tendencias Mundiales Adrian ACOSTA
El crimen está cambiando Desde el mundo físico Al Ciberespacio
Actores detrás de la escena Criminales Online Hacktivistas Terroristas Intrusos maliciosos Estados Nacionales Actores detrás de la escena
Attaques IoT DDoS y Criptoactivos Robo a Bancos y BEC TENDENCIAS DEL CIBERCRIMEN Ransomware Attaques IoT DDoS y Criptoactivos
Ataques IoT DDoS y Criptoactivos Robo a Bancos y BEC TENDENCIAS DEL CIBERCRIMEN Ransomware Ataques IoT DDoS y Criptoactivos
Robo a mano armada de forma tradicional Robo de Bancos Convencionales
Estadisticas de Robo a Bancos En 1992 : 847 casos En 2016 : 75 casos Estadisticas de Robo a Bancos
Estadisticas de Robo a Bancos En 1992 : 115 casos En 2015 : 33 cases www.moj.go.jp/housouken/houso_hakusho2.html www.nitibousai.or.jp/j_naiyou06_03kankobutu.html Estadisticas de Robo a Bancos
Estadistica de Robo a Bancos En 2003 : 7,644 cases En 2016 : 4,251 cases https://www.fbi.gov/stats-services/publications/bank-crime-statistics-2003 https://www.fbi.gov/file-repository/bank-crime-statistics-2016.pdf/view Estadistica de Robo a Bancos
Estadisticas de Robo a Bancos En total desde 2004 5 casos http://m.todayonline.com/singapore/lookback-past-bank-robberies-rarity-singapore Estadisticas de Robo a Bancos
Fraude Bancario Online
Una red segura, estandarizada y fiable Ciber Robo a Bancos
Una red segura, estandarizada y fiable Ciber Robo a Bancos
Referido ataque fue perpetrado empleando el archivo dimens Referido ataque fue perpetrado empleando el archivo dimens.exe el cual el día del ataque (9 de enero de 2018 ) aún era del tipo día 0, es decir no existían incidencias previas de este malware en las bases de firmas de antivirus o soluciones de seguridad. Este malware denominado TROJ_KILLDISK.IUB, fue alojado el día 09 de enero de 2018 fecha del ataque, en 456 computadoras de un total de 788 (57% afectadas) Pertenecientes a la red bancaria de México, 10 minutos antes de realizar las transacciones ilegítimas, una vez alojado, se ejecuta de manera automática y forzar el reinicio, de esta manera deja inservible el sistema operativo de la máquinas afectadas provocando que la atención principal fuera hacia este incidente pasando en ese momento desapercibidas las transacciones ilegitimas al sistema SWIFT. Ciber Robo a Bancos
Una red segura, estandarizada y fiable Ciber Robo a Bancos
SimSwap 2008 - 2018
SimSwap 2008 - 2018
BEC BUSINESS EMAIL COMPROMISED Comprometiendo el correo electrónico a través de la ingeniería social, el phishing Uso de malware no sofisticado, por ejemplo, Keylogger BUSINESS EMAIL COMPROMISED Una red de criminales que concreta el plan Monitor de intercambio de correo electrónico o toma de cuenta Comprensión del modelo de negocio, actividades, relaciones, etc. Enviar correo electrónico para solicitar una transferencia de fondos A través de una cuenta de correo electrónico comprometida o correo electrónico falso Dinero transferido a través de la red de mulas monetarias Transferido el pago A la cuenta designada de Criminal BEC So lets look at the anatomy of a business email compromise. The essential element is the criminal actors taking advantage of an established email relationship rather than sending out emails at random as per the traditional 419 scams There are many variations on this but ‘Payment Diversion Fraud’ is what appears to be the most common. In this variant, two companies in different countries are usually involved, one as the supplier and the other as the buyer. Another common variant of BEC is ‘CEO Fraud’ where an email account relating to a CEO or senior executive of a company is compromised. Essentially this is a hybrid of both 'pure' cyber crime (an unauthorised access) and fraud. Of course there are still ‘pure’ frauds going on as well but the IDCC is not focusing on them Social engineering to get a buyer or employee to change the normal process slightly Typically we are seeing the case of a seller in India or China and the buyer in a Western country (US, Australia and Europe) with the money transferring through South East Asian banks to China. In every case where we have identified the actors behind these compromises they have turned out to be Nigerians To give an indication of the money involved in these cases, a typical example of a CEO Fraud was referred to the IDCC by the US FBI last month. In that case, the CFO of a Norwegian company, received an email purportedly from a US law firm representing the CEO of the Norwegian company, instructing him to transfer funds in the amount of US$62millon to two bank accounts in China and Hong Kong, purportedly for an acquisition. Within a couple of days the Norwegian executives realized the emails were fraudulent (sent by unknown criminals instead of the lawyer) and made reports in Norway and US. They were able to cancel one wire transfer of US$23million. However, transfers of US$25million to an account in Hong Kong and US$14million to an account in China were completed. This became a time critical situation, needing to stop the funds from further transfers or withdrawals; otherwise, it would be almost impossible to recoup the money. It was at this stage that the IDCC was contacted. Upon learning of the case, IDCC staff contacted the Hong Kong bank’s Headquarters in Singapore immediately. The bank had their internal Fraud Team in Hong Kong confirm the transfers were invalid and froze the US$25million in full (on a Saturday night).
Business E-mail Compromise Vendedor/Asegurador de confianza Comprador/Empleado Servicio de Lavado de Dinero BEC 2008 - 2018 So lets look at the anatomy of a business email compromise. The essential element is the criminal actors taking advantage of an established email relationship to commit a fraud rather than sending out scam emails at random as per the traditional 419 scams There are many variations on this but ‘Payment Diversion Fraud’ is what appears to be the most common. In this variant, two companies in different countries are usually involved, one as the supplier and the other as the buyer. Another common variant of BEC is ‘CEO Fraud’ where there are ‘trusted’ emails from a CEO or senior executive of a company asking for things to be done. Start CLICKING Email compromise, very believable fraudulent email to socially engineer someone to transfer money and a money laundering scheme at the end of the trail. Essentially this is a hybrid of both 'pure' cyber crime (an unauthorised access) and fraud. Of course there are still ‘pure’ frauds going on as well but the IDCC is not focusing on them Typically we are seeing the case of a seller in India or China and the buyer in a Western country (US, Australia and Europe) with the money transferring through South East Asian banks to China but we have seen many different combinations, even a case involving Afghanistan and Turkey. However, in every case where we have identified the actors behind these compromises they have turned out to be Nigerians To give an indication of the money involved in these cases, a fairly typical example of a CEO Fraud was referred to the IDCC by the US FBI last month. In that case, the CFO of a Norwegian company, received an email purportedly from a US law firm representing the CEO of the Norwegian company, instructing him to transfer funds in the amount of US$62millon to two bank accounts in China and Hong Kong, purportedly for an acquisition. Within a couple of days the Norwegian executives realized the emails were fraudulent (sent by unknown criminals instead of the lawyer) and made reports in Norway and US. They were able to cancel one wire transfer of US$23million. However, transfers of US$25million to an account in Hong Kong and US$14million to an account in China were completed. This became a time critical situation, needing to stop the funds from further transfers or withdrawals; otherwise, it would be almost impossible to recoup the money. It was at this stage that the IDCC was contacted. Upon learning of the case, IDCC staff contacted the Hong Kong bank’s Headquarters in Singapore immediately. The bank had their internal Fraud Team in Hong Kong confirm the transfers were invalid and froze the US$25million in full (on a Saturday night).
BEC Country A Country D Country B Country C Country F Seller/Trusted Insider Buyer/Employee Country B Country A Country D Country F Country C BEC 2008 - 2018 Compounding the ease with which new actors can enter the cyber crime market the jurisdictional issues for this type of cyber crime are about as bad as they get. This reduces another ‘cost’ to the criminals – the likelihood of getting caught and getting locked up and I know professional criminals do assess that cost. Country A: Compromised Business Partner (a pure cybercrime but no financial loss) Typically there will be no police notification let alone an investigation. Assuming the victim even knows they have been compromised. Certainly no Forensic Examination to obtain evidence or retrieve the Malware Country B: Victim of the fraud This is typically the victim that makes a Police Report Beneficiary Account Number Maybe IP address of Fraudulent Email Country C: Destination of Fund Money Laundering Investigation Only Best Result: Arrest Money Mule. Return Deceived Fund – Our Hong Kong example shows what can be done However, it is not really solving the problem, as there are too many money mules and too many transactions. I know some Legats in certain countries could be doing this as a full time job and not scratch the surface This is further compounded by the money laundering schemes used which may actually involve multiple transit countries for the money Country D: Source of Crime It is often very difficult to link the fraud reported in Country A to the actor in Country D Even worse for the original compromise in Country B Country E: Evidence of Scam Email Evidence with Private Service Providers Country F: Evidence of Hacking The keyloggers we are will often send stolen data to designated ‘Drop Zone’ Again evidence with Private Service Providers For Countries E and F there will usually be a need for an MLAT to seize email accounts, domains Who makes the request to them? Now I need to apologies before the next slide. Anyone who hates puns should look away now.
Ataque IoT DDoS y Criptoactivos Robo a Bancos y BEC TENDENCIAS DEL CIBERCRIMEN Ransomware Ataque IoT DDoS y Criptoactivos
Demanda de Rescate Convencional Secuestro a la “manera tradicional” Demanda de Rescate Convencional
Estadisticas Ransomware Pago Ransomware Rescate Promedio Exigido US$ 1,5 billion (2018) US$ 1000 (2018) x 63 x 3 US$ 24 million (2015) US$ 295 (2015) http://www.nbcnews.com/tech/security/ransomware-now-billion-dollar-year-crime-growing-n704646 https://securityintelligence.com/an-evolving-threat-ransomware-in-2017/ Estadisticas Ransomware
Forma de cobro de Ransomware Como los Cibercriminales ganan dinero? SMS / CALL a un número de móvil de tarifa superior Generic Ransomware Enero 2008 Apple Itunes gift card Android Ransomware Abril 2016 Amazon Gift Card “TrueCript”Ransomware Abril 2016 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 MoneyPak / Ukash /Paysafe Ransomware de la Policía Febrero 2012 Bitcoins Crypto Ransomware Mayo 2015 Monero “Kirk” Ransomware Marzo 2017 Dash “GandCrab” Ransomware Enero 2018 https://securelist.com/kaspersky-security-bulletin-2016-story-of-the-year/76757/ Forma de cobro de Ransomware
IoT DDoS Attack y Criptoactivos Robo a Bancos y BEC TENDENCIAS DEL CIBERCRIMEN Ransomware IoT DDoS Attack y Criptoactivos
IoT
Mirai (Malware para IoT) CCTV Camera TV Video Recorder Router Hay cientos de miles de dispositivos IoT que utilizan los ajustes por defecto de fábrica. Mirai Factory Default Usernames Factory Default Passwords https://www.theguardian.com/technology/2016/oct/21/ddos-attack-dyn-internet-denial-service Mirai (Malware para IoT)
Ataque DDoS contra el sector bancario 23 Jan 2017 https://www.theguardian.com/business/2017/jan/23/lloyds-bank-accounts-targeted-cybercrime-attack http://www.zdnet.com/article/alleged-mirai-botnet-creator-forced-back-to-british-shores/ Lloyds bank accounts targeted in huge cybercrime attack Lloyds Banking Group sufrió un ataque en línea de 48 horas cuando los ciberdelincuentes intentaron bloquear el acceso a 20 millones de cuentas en el Reino Unido. Se entiende que en ese momento se le pidió a Lloyds que pagara unas 75.000 libras esterlinas para que se suspendiera el ataque. El banco no hizo ningún pago a los ciberataques. La red de botnet Mirai se utilizó para perpetrar ataques DDoS contra el banco.. 2017 2016 2015 Ataque DDoS contra el sector bancario Several other major British banks have been hit by service outages. January 2016 (UK) HSBC’s internet banking facility July 2015 (UK) Royal Bank of Scotland’s online service
https://criptonoticias https://criptonoticias.com/sucesos/comerciante-argentino-acusado-lavar-dinero-bitcoins-cartel-mexico/#axzz4tQMhWx9x Criptoactivos
Criptoactivos 08/12/2019
Criptoactivos 08/12/2019
Criptoactivos
Hola Puede que no me conozca y probablemente este preguntándose por que esta recibiendo este correo electrónico ¿correcto? En este momento piratee tu cuenta. tengo pleno acceso a tu dispositivo! De hecho, coloque un malware en el sitio web de videos para adultos (material pornográfico) y usted sabe que, usted visito este sitio web para divertirse (ya sabe a que me refiero) Mientras estaba viendo clips de video. Su navegador de Internet comenzó a funcionar como un RDP (escritorio remoto) que tiene un registrador de teclas que me proporciono acceso a su pantalla y también a su cámara web. Inmediatamente después, mi programa de software reunión todos sus contactos desde su Messenger, redes sociales y correo electronico Criptoactivos
Criptoactivos ¿Qué hice? Hice un video de doble pantalla. La primera parte muestra el video que estabas viendo (tienes un buen gusto ya veces extraño), y la segunda parte muestra la grabación de tu cámara web. ¿Exactamente que deberías hacer? Buen. Creo que $250 es un precio justo para nuestro pequeño secreto. Realizara el pago con Bitcoin (si no lo sabe, busque “como comprar bitcoin” en Google) Dirección de BTC 1LK3rTeknewch84FtmvMsXGEnque. (Es muy sensible, así que cópielo y péguelo) Criptoactivos
Criptoactivos Nota: Tienes 2 días para hacer el pago. (Tengo un pixel especifico en este mensaje de correo electronico, y en este momento se que ha leído este mensaje de correo electronico) Si no obtengo los Bitcoins, definitivamente enviare su grabación de video a todos sus contactos, incluidos familiares, compañeros de trabajo, etc. Sin embargo si pagas, destruiré el video inmediatamente. Si desea pruebas, responda con “¿SI!” y enviare tu grabación de video a tus 3 amigos. Esta es la oferta no negociable, asi que no pierda mi tiempo personal y el suyo respondiendo a este mensaje de correo electronico La próxima vez ten cuidado Adios.. Criptoactivos
Criptoactivos
Criptoactivos
Criptoactivos
Malware que generalmente compromete los sitios web públicos para posteriormente obtener el poder de procesamiento de los visitantes del sitio, sin que lo sepan, y utiliza esa potencia para extraer criptoactivos a través de técnicas de minería de datos. Crypto Jacking 08/12/2019
II. Crimen del Futuro
Smart Car Smart Home Smart City Smart Nation Futuro brillante