By Tim ‘TK’ Keanini
On the Internet, where everything is just data, the valuation of data is an important property of what should be protected. As defenders become more effective at protecting themselves and their businesses, the adversaries, in a co-evolutionary manner, innovate and find new and novel methods to grow their business of cybercrime. The fundamentals of cost/benefit analysis holds true and through this lens we look at two types of data: Credit Card dumps and Social Media Account Credential.
Monetizing these credit card dumps at scale is a complex process that involves both the information and physical world. Credit card track information in these dumps are written to new plastic and quickly disseminated to people who are called cash mules that use the cards until they are detected and shutdown. As defenders have gotten timelier in the detection and remediation, this business has gotten much more expensive to operate given the overhead. These criminals don’t change careers, they just find other ways of doing business.
When thinking like the adversary, what other more strategic data can they steal that has a lower probability of being detected and while not directly monetized like credit cards, can open up more capabilities to other data sets that can be monetized.
How about that person’s digital identity on social media? The theft of a person’s identity in social media means that you now have trusted access to hundreds if not thousands of people for a small window of time during which you can instruct them cleverly to download crimeware that will in turn steal more credentials to not only credit card data but any financial system. If this crimeware is installed correctly, you not only have access to credit card data, you have access to any and all credit cards over the lifetime of that installation. Individuals go years without detecting these types of malware installations and it is over this lifetime that not just credit card data but all data can be accessed.
Like the credit card companies, Twitter is also in a co-evolutionary role with the threat. Twitter’s countermeasure is to have users enable their two factor authentication. This effectively puts stolen twitter credentials vendors out of business but the problem is that this is still optional to the twitter user and the bias with the community is that they don’t enable it. As with most information security issues, changing human behaviour is always the most difficult. As this threat vector grows, I could see Twitter implementing the policy whereby if you have over a certain number of followers, let’s say 500, that two factor authentication is mandatory. As always, things need to get worse before they get better.
Whether defending your personal information or your company’s information, you need to think like the adversary and that adversary is a part of a complex and highly effective supply chain. The data they want to take has value in some part of that supply chain and it may not be obvious because you don’t see it as directly monetized like a credit card dumps.
This is why we must continuously monitor and adapt to the changing threat environment as they in turn do the same to our defences. Over the coming years, these darkmarkets are going to be more visible because 1) they are interesting and newsworthy and 2) it is where the business of cyber security is being invented and practiced. The business paradox they face is to become more visible and grow their market share or remain dark and exclusive slowing their revenue growth. The adversaries are treating cyber security as a business problem and it is about time that their victims do the same.
About the author
About TK – TK Keanini brings nearly 25 years of network and security experience to the CTO role. He is responsible for leading Lancope’s evolution toward integrating security solutions with private and public cloud-based computing platforms. TK is also responsible for developing the blueprint and solution that will help Lancope’s customers securely benefit from the promise of software-defined networking (SDN). Prior to joining Lancope, Keanini served as CTO for nCircle, driving product innovation that defined the vulnerability management and configuration compliance market. Before joining nCircle, he served as Vice President of Network Services for Morgan Stanley Online, where he built and secured a highly available online trading system. Previously, Keanini was a systems engineer at Cisco, advising top financial institutions on the design and architecture of their data networking infrastructure. Keanini is a Certified Information Systems Security Professional (CISSP).
About Lancope – Lancope, Inc. is a leading provider of network visibility and security intelligence to defend enterprises against today’s top threats. By collecting and analyzing NetFlow, IPFIX and other types of flow data, Lancope’s StealthWatch® System helps organizations quickly detect a wide range of attacks from APTs and DDoS to zero-day malware and insider threats. Through pervasive insight across distributed networks, including mobile, identity and application awareness, Lancope accelerates incident response, improves forensic investigations and reduces enterprise risk. Lancope’s security capabilities are continuously enhanced with threat intelligence from the StealthWatch Labs research team.
Enterprise customers worldwide, including healthcare, financial services, government and higher education institutions, rely on Lancope for fast, precise incident response and forensic analysis to enable business continuity. Lancope also maintains strong business partnerships with many leaders in networking and security technology, including Cisco Systems, HP and Palo Alto Networks among others.
Founded in 2000, Lancope is continuously innovating to stay ahead of customer demands and marketplace trends, holding seven U.S. patents and more than 130 proprietary algorithms. With Lancope, you can know your network and run your business better.