{Webinar Notes}: Threat Demo:
Behind the Business of Hacking

computer-security
Webinar Sponsor:

Sophos

Webinar Presentor(s):

James Lyne

Webinar Description:

When hackers get together, bad things happen. Check out this webcast to learn how you can protect yourself from gangs of cyber criminals.

{ Attend Webinar }

Registration with TechRepublic is required to view the webcast.
You can also download the presentation slides.


My Notes

1st way of viruses:

    • More like pranks

2nd ways of viruses:

    • Nigerian scams
    • steal credit card #’s
    • involved Brittney Spears photos

3rd wave of viruses:

    • bad guys making hacking products to sell to bad guys

Advanced Persistent Tweets (APT)

    • people are still being clueless, stupid and careless

IZATION

    • designed for criminals by criminals
    • allow you to upload and manage your viruses
    • show you how to better avoid AV detection

Crimepacks

    • a collection of hacking packages from various completing, organized cybercrime gang
    • web-based UI
    • crime dashboard — actively tracking hacking campaigns for you
      • user, browser and other stats breakdowns
      • help you manage your hacking campaigns
    • can detect forensic actions
      • can redirect investigator to an harmless URL instead
A lot of fake AV looks more sophisticated than real AVs
Hacking campaigns: lots of social engineering involved

One of biggest cybercrime myths:

    • You don’t get infected just from porn site
    • you CAN get infected via legit sites
      • most people get infected via legit sites

One hacking method:

    • pretend to you IT dept, asks you to install “patch”
    • after “patch” is installed, virus encrypted all your files on your system
    • in order for you to decrypt your files, you’re required to buy a decryption code from the hackers
    • you might or might not be able to recover your files, even if you contacted the hacker
    • It’s important to keep backups of your files

Bad guys even outsource the code writing to India

    • set the malicious code to run only at a certain time to avoid detection

Bad guys don’t just target big companies

    • they target ANYONE whose system and website has vulnerability
    • they don’t care whether you’re a small company or just a personal blog
It’s easy to get your hands on hacking tools – hardware and software

Web attack chain-of-event:

    • legit site get infected with malicious code
    • redirect you to bad sites when visiting legit site
    • malicious code run and infect your system

Better attack prevention:

    • many layers of protection
      • use common sense
      • patching (from the clean resource)
      • use AVs
      • use encryptions

Live Thread Demo on YouTube:
http://www.youtube.com/watch?v=8vhD6lWyS0I&feature=youtu.be

Presentation in PDF:
http://wcc.on24.com/event/41/15/24/rt/1/documents/resourceList1332435204038/mainppt.pdf