SlideShare uma empresa Scribd logo
1 de 59
Baixar para ler offline
08/30/13 1
A presentation by
Muktesh Chander IPS
BE, LLB, MA(Cr.), DCL, DHRM, Cert. SQC & OR
FIETE,MCSI
Addl. Commissioner of Police
Traffic, Delhi Police
08/30/13 2
Global Scenario
• Global cyber crime is $ 105 billion industry which
is more than global drug trafficking
• Economic meltdown and recession
• Under employment/unemployment in IT sector
• Cut down on IT security budget likely
08/30/13 3
Indian Scenario
• Booming software and BPO Industry
• IT Revolution Digital Dependence
• National E Governance program
• Very few organisations in India have CISO and
IT Security budget
• No law for privacy
• No compliance laws and breach disclosure
• No law against spamming
• Limitations of IT Act 2000
• Weak and delayed criminal Justice System
08/30/13 4
Indian Scenario
• Very few organisations in India have CISO and
IT Security budget
08/30/13 5
Threats from
• Individuals
• Organised cyber criminals
• Rival organisations
• Non state actors
• Hostile states
• Insiders/ex employees
• Hactivists
• Terrorist
Muktesh Chander
08/30/13 6
Cyber Crime in India
City 2003 2004 2005 2006 2007 Total
Delhi 4 4 10 5 10 33
Bangalore* 7 14 38 27 40 126
Gurgaon 1 - 4  2  5 12
Chennai 6 10 20 7 4 47
Pune 4 6 9 10 14 43
Hyderabad 3 - - - 2 5
Sub-Total 25 34 77 49 70 255
Total India 60 68 179 142 217 666
Crime in India
2007
52.8% increase in 2007
Under IT Act
08/30/13 7
Current Threats in India
Security
Incident
2004 2005 2005 2006
Phishing 3 101 339 392
Network
scanning
Probing
11 40 177 223
Virus,
malicious
codes
5 95 19 358
Total 23 254 552 1237
Source: Cert-in
08/30/13 8
2008 CSI Computer
crime survey
Global
08/30/13 9
Malicious activity by country
• Source: Symantec Corporation
08/30/13 10
Current threats: Malware
• Virus attacks account for more than 50% of
security incidents. (CSI Survey 2008)
• In the last six months of 2007, Symantec
detected 499,811 new malicious codes.
• 136 percent increase over the previous period,
when 212,101 new threats were detected
• 1,122,311 total malicious codes identified by
Symantec as of the end of 2007.
• Two thirds of all malicious code threats currently
detected were created during 2007.
• Any kind of file can be infected (Flash, Adobe
Pdf are the latest)
08/30/13 11
Malware
• Malware toolkits, rootkits easily available
• Malware writing and outsourcing for profit
• Malware for sale
• Blended threats
• Mobile virus (cabir, commw.sis and its variants, curse of silence)
• Flash worm ?
• Scareware
08/30/13 12
Phishing
• Phising/Pharming/Vishing/Smishing
• Every month more than 20,000 unique
phishing websites are detected affecting
more than 200 brands
• Spearphishing attacks emerging
08/30/13 13
Phishing
• Phishing scams showed sharp increase of
1126% over previous year.
• Symantec observes more than 7 million
phishing attempts each day.
08/30/13 14
• E-bay
• Amazon
• Paypal
• ICICI Bank
• UTI Bank
TOP BRANDS AFFECTED BY PHISHING
ATTACKS
08/30/13 15
Electronic Fund Transfer
• Tim Berners Lee the father of WWW was
a victim of online fraud (Computer world)
• In Nov 2008, 100 compromised card
accounts resulted in $ 9 million fraudulent
withdrawals from 130 ATM’s in 49 cities
across the world in 30 minutes
08/30/13 16 16
St. Petersburg
New York
Germany
Israel
Netherlands
Finland
$10 million
London
San Francisco
Vladimir Levin a ,Russian ,stole $ 10 million from Citibank by computer fraud
08/30/13 17
Online grooming ,sexual
exploitation and abuse of children
• Sec 67 B (B),(C) inserted in IT Act
Amendment
08/30/13 18
Cyber Vandalism /graffiti
Source:Cert in
Indian TLD websites defaced during 2007
08/30/13 19
Spam
• Accounts for more than ½ to 2/3 of all
e-mails or even 90% ?
• Responsible for phishing, 419 scams and
spread of malware, identity theft and other
cyber crimes, choking of bandwidth ,wastage
of time
• India is in the top 10 spam sending countries
08/30/13 20
Spam
08/30/13 21
Cyber Pornography
• Cyber pornography accounts for 46% of all
cyber crimes under IT Act (Crime in India 2007)
• Every second - 28,258 Internet users are
viewing pornography
• The pornography industry is larger than the
revenues of the top technology companies
combined: Microsoft, Google, Amazon, eBay,
Yahoo !, Apple, Netflix and EarthLink
Source :http://www.internet-filter-
review.toptenreviews.com/internet-
pornography-statistics.html
08/30/13 22
Cyber Pornography
• is one of the easiest way of installing
malware.
08/30/13 23
Botnets
• Collection of compromised computers
• Centralized control
08/30/13 24
DDOS Attack using BOTS
08/30/13 25
Botnets
• Source: Symantec Corporation 5 million distinct bots
08/30/13 26
Botnet tracked in India
• 25915 from June 2007 to Dec 2007
• Source CERT In
08/30/13 27
Botnet
• In Aug 2008 Dutch police apprehended Leni De
with help from FBI and Brazilian police for
running a botnet of 100,000 computers
• Source CERT In
08/30/13 28
Use of Encryption by
criminals/terrorists
• Strong encryption tools easily available
many for free
• PGP
• Steganography
• Digital signatures (no key escrow in India)
• Sec 69 IT Act is of no use
08/30/13 29
Underground market servers
Source: Adapted from Symantec 2007
08/30/13 30
Industrial Espionage
• Several countries and companies are
indulging in Industrial espionage
clandestinely
• Employees reveal a lot in their personal
E mails and social networking sites
• s
08/30/13 31
Theft of Mobile Devices
• 42 % respondents reported case of laptop
theft (CSI Survey 2008)
• Separate offence created under IT Act
Amendment
08/30/13 32
Threat to Embedded Systems
• Complex and unknown
• Becoming common
• Involve third party
08/30/13 33
Identity Theft
• Estimated more than 9 million incidents
each year (NIJ ,US Report)
• Separate offence created under IT Act
Amendment
08/30/13 34
Insider Abuse
• By disgruntled present of Ex employees
• 44% respondents reported insider abuse
(CSI Survey 2008)
08/30/13 35
Other cyber crimes
• Hacking
• Denial of service attacks
• Data diddling
• Cyber stalking
• Cyber squatting
• IPR Violations
• Mobile cloning (Both GSM and CDMA)
08/30/13 36
Cyber skirmishes
08/30/13 37
2000 Hackers holy war between Israel and Palestine
2001 There was a war between Chinese and American
hackers
08/30/13 38
08/30/13 39
08/30/13 40
08/30/13 41
Cyber terrorism
08/30/13 42 42Muktesh Chander
CII Means
Information & Communication Systems
connected with :
 National Security
 Public Safety
 Public Health
 Critical Sectors of Economy
Critical Information
Infrastructure
08/30/13 43
Likely targets of cyber terrorism
Power grids (nuclear power stations)
Banking and Financial systems
Stock Exchanges
Transportation Control systems
MRTS, ATC, Rail/Airlines reservations
Tele-Communications
Gas / Oil / Water Pipelines control systems
Internet Backbones
Health/Food
Emergency services
Military/Defense Installations Attack on C4 I
08/30/13 44
• Estonia a Baltic nation with population of
only 1.4 million people
• One of the most wired nations
• Pioneer in E Governance
• Almost 100% citizen use online banking
• Every citizen has PKI enabled I card with
embedded chip
• Online elections
Estonia Attack
08/30/13 45
• Govt. relocated 2nd
world war Red Army memorial (a
Bronze statue)
• On April 2007 computers of Estonian Parliament,
banks, ministries, newspapers and broadcasters,
political parties etc.were targets for cyber attack
using DDOs, spam botnets etc.
• Attack continued for three weeks
• Cyberterrorists & defenders both acted in adhoc
manner
Contd..
Estonia Attack
08/30/13 46
• An Estonian court has convicted the first
individual in the 2007 cyber attacks against
Estonia.
• "Dmitri Galushkevich an ethnic Russian used
his home PC to launch a denial-of-service attack
that knocked down the Web site for the political
party of Estonia's prime minister for several
days..."
• He was fined 17,500 kroons (approx. US$
1,642).
Contd..
Estonia Attack
08/30/13 47
• Konstantin Goloskokov(22), an activist with
Russia's Nashi youth group and aide to a pro-
Kremlin member of parliament has admitted
having organised the attack as an act of civil
disobedience. Sergeiei Markov, a Russian State
Duma Deputy has corroborated the facts
(Mar.12,2009,SC Magazine)
Contd..
Estonia Attack
08/30/13 48
Trends
• Prediction in a fast changing and evolving
field is difficult
• Law of exponential return of technological
changes
08/30/13 49
Current Trends in cyber crime
Following trends are clearly visible:-
1. The time to exploit vulnerability is decreasing.
2. Cyber crimes are being committed with financial
gains in mind
3. The attack sophistication is increasing and more
automation can be seen in attacks.
4. The speed of spread of an attacks is increasing.
 
08/30/13 50
Current Trends in cyber crime
5. The attacks are more targetted than before.
6. Phishing is increasing on SMS, Telephone & other
platforms.
7. Coordinated automatic attacks by remotely controlled
Bots for DDoS, for sending SPAM and other such
malicious purposes are showing increasing trend and
will pose biggest threat to Information Security.
08/30/13 51
Current Trends in cyber crime
8. Mobile connectivity using WiFi technology and
convegence of mobile phones with PDAs and other
wireless devices will add another dimension to cyber
crime.
9. There is growing evidence of organized crime and
cyber crime are beginning to overlap with activities of
drug mafia, pedophiles, international money
laundering people who use Internet to coordinate
their activities.  
08/30/13 52
Current Trends in cyber crime
10.Industrial espionage increasing
11.Political ideologists have started using hactivism to
propagate their ideas through Internet and the
electronic civil disobedience activities are
surfacing.
12.Terrorist organizations are increasingly using
Internet communication and cryptography to
secretly communicate and organize their
activities.
13.State sponsored Cyber war
08/30/13 53
Current Trends in cyber crime
14.Cyber crime would increase on social networking
sites
15.Web 2.0
16.Data is becoming primary focus of cyber crime
17.Netbook, Ipod touch, Smart phones, 3G enabled
phones will be affected
18.Used and stolen hardware will be source of data
loss
08/30/13 54
Future
20.Stock market manipulations. Pump and dump
schemes
21.Skimming of Card information directly from ATM
22.SPAM will transform in SPIM and SPIT
08/30/13 55
1.Recent spate of Phishing activities
2.Numbers of cases of data theft from BPO and call
center companies R
3.Risk from third party relationship.
Current Trends in India
08/30/13 56
4.Recent theft of sensitive information in electronic
form from National Security Council Secretariat
has added another dimension to Information
Security in the country.
5.Adequate attention towards management of
information security and a very few companies
have gone for information needed
Current Trends in India
08/30/13 57
6.The most serious gap in implementation of
information security management is threat from
insiders and ex-employees.
7.The widespread absence of even the most routine
security tools and policies has left many Indian
companies vulnerable to serious attack and the
inevitable financial losses that follow.
8.User education and awareness is of utmost
importance in Business to Customers models
such as Internet banking, online auction and
shopping.
Current Trends in India
08/30/13 58
6.Use of Digital signature still rare
Current Trends in India
08/30/13 59
Questions?

Mais conteúdo relacionado

Mais procurados

Cyber crime and issues
Cyber crime and issuesCyber crime and issues
Cyber crime and issuesRoshan Mastana
 
Legal deficiency of cybercrime in nigeria need for urgent legal reform (cha...
Legal deficiency of cybercrime in nigeria   need for urgent legal reform (cha...Legal deficiency of cybercrime in nigeria   need for urgent legal reform (cha...
Legal deficiency of cybercrime in nigeria need for urgent legal reform (cha...Gamaliel Olayiwola Fasuyi
 
Cyber security and threats
Cyber security and threatsCyber security and threats
Cyber security and threatsHarsh Kumar
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security lawsNasir Bhutta
 
Case study on cyber crime
Case study on cyber crimeCase study on cyber crime
Case study on cyber crimeishmecse13
 
Cyber crime and laws
Cyber crime and lawsCyber crime and laws
Cyber crime and lawsAjnish Rana
 
Important issues in Pakistan's Cyber Crime Bill
Important issues in Pakistan's Cyber Crime BillImportant issues in Pakistan's Cyber Crime Bill
Important issues in Pakistan's Cyber Crime BillTeeth Maestro
 
Cybercrime In South Africa and the benefits of public private partnerships
Cybercrime In South Africa and the benefits of public private partnershipsCybercrime In South Africa and the benefits of public private partnerships
Cybercrime In South Africa and the benefits of public private partnershipsJacqueline Fick
 
Cyber Crime and Cyber Law of India BY Vinay
Cyber Crime and Cyber Law of India BY VinayCyber Crime and Cyber Law of India BY Vinay
Cyber Crime and Cyber Law of India BY VinayVinay Pancholi
 
Cyber crime presentation by HuNnY ButT
Cyber crime presentation by HuNnY ButTCyber crime presentation by HuNnY ButT
Cyber crime presentation by HuNnY ButTHamza Khalid
 
ppt on child pornography and cyber crime
ppt on child pornography and cyber crimeppt on child pornography and cyber crime
ppt on child pornography and cyber crime008_Anuj
 
Cyber crime
Cyber crimeCyber crime
Cyber crimedixitas
 
Cybercrimeppt 160421074211
Cybercrimeppt 160421074211Cybercrimeppt 160421074211
Cybercrimeppt 160421074211Andreaa Viv
 
Cybercrime kunal gupta
Cybercrime kunal guptaCybercrime kunal gupta
Cybercrime kunal guptakg19
 

Mais procurados (20)

Cyber crime and issues
Cyber crime and issuesCyber crime and issues
Cyber crime and issues
 
Legal deficiency of cybercrime in nigeria need for urgent legal reform (cha...
Legal deficiency of cybercrime in nigeria   need for urgent legal reform (cha...Legal deficiency of cybercrime in nigeria   need for urgent legal reform (cha...
Legal deficiency of cybercrime in nigeria need for urgent legal reform (cha...
 
Cyber security and threats
Cyber security and threatsCyber security and threats
Cyber security and threats
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security laws
 
Case study on cyber crime
Case study on cyber crimeCase study on cyber crime
Case study on cyber crime
 
Cyber crime and laws
Cyber crime and lawsCyber crime and laws
Cyber crime and laws
 
Important issues in Pakistan's Cyber Crime Bill
Important issues in Pakistan's Cyber Crime BillImportant issues in Pakistan's Cyber Crime Bill
Important issues in Pakistan's Cyber Crime Bill
 
4.report (cyber crime)
4.report (cyber crime)4.report (cyber crime)
4.report (cyber crime)
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cybercrime In South Africa and the benefits of public private partnerships
Cybercrime In South Africa and the benefits of public private partnershipsCybercrime In South Africa and the benefits of public private partnerships
Cybercrime In South Africa and the benefits of public private partnerships
 
Computer crime
Computer crimeComputer crime
Computer crime
 
Cyber fraud
Cyber fraudCyber fraud
Cyber fraud
 
Cyber crime
Cyber crime Cyber crime
Cyber crime
 
Cyber Crime and Cyber Law of India BY Vinay
Cyber Crime and Cyber Law of India BY VinayCyber Crime and Cyber Law of India BY Vinay
Cyber Crime and Cyber Law of India BY Vinay
 
Cyber crime presentation by HuNnY ButT
Cyber crime presentation by HuNnY ButTCyber crime presentation by HuNnY ButT
Cyber crime presentation by HuNnY ButT
 
ppt on child pornography and cyber crime
ppt on child pornography and cyber crimeppt on child pornography and cyber crime
ppt on child pornography and cyber crime
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cybercrimeppt 160421074211
Cybercrimeppt 160421074211Cybercrimeppt 160421074211
Cybercrimeppt 160421074211
 
Cybercrime kunal gupta
Cybercrime kunal guptaCybercrime kunal gupta
Cybercrime kunal gupta
 
Present Trend of Cyber Crime in Bangladesh
Present Trend of Cyber Crime in BangladeshPresent Trend of Cyber Crime in Bangladesh
Present Trend of Cyber Crime in Bangladesh
 

Semelhante a Current threats and trends

Acw stewart brown-cybercrime-presentation-feb-2018
Acw stewart brown-cybercrime-presentation-feb-2018Acw stewart brown-cybercrime-presentation-feb-2018
Acw stewart brown-cybercrime-presentation-feb-2018bhagyasri patel
 
A Study on the Cyber-Crime and Cyber Criminals: A Global Problem
A Study on the Cyber-Crime and Cyber Criminals: A Global ProblemA Study on the Cyber-Crime and Cyber Criminals: A Global Problem
A Study on the Cyber-Crime and Cyber Criminals: A Global Problemijbuiiir1
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & securityMehediHasan996
 
A Review Paper On Cyber Crime
A Review Paper On Cyber CrimeA Review Paper On Cyber Crime
A Review Paper On Cyber CrimeJody Sullivan
 
It act and cyber crime
It act and cyber crimeIt act and cyber crime
It act and cyber crimeDheeraj Dani
 
Cyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesCyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesblogzilla
 
Systemic cybersecurity risk
Systemic cybersecurity riskSystemic cybersecurity risk
Systemic cybersecurity riskblogzilla
 
document on cyber terrorism
document on cyber terrorismdocument on cyber terrorism
document on cyber terrorismKirti Temani
 
AN INTRODUCTION TO DIGITAL CRIMES
AN INTRODUCTION TO DIGITAL CRIMESAN INTRODUCTION TO DIGITAL CRIMES
AN INTRODUCTION TO DIGITAL CRIMESijfcstjournal
 
An introduction to digital crimes
An introduction to digital crimesAn introduction to digital crimes
An introduction to digital crimesijfcstjournal
 
"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!amit_shanu
 
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-EgbulemIT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-EgbulemLillian Ekwosi-Egbulem
 
SPEEDA INSIGHTS_Market Prospects for the Security Industry
SPEEDA INSIGHTS_Market Prospects for the Security IndustrySPEEDA INSIGHTS_Market Prospects for the Security Industry
SPEEDA INSIGHTS_Market Prospects for the Security IndustryKyna Tsai
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Chuck Brooks
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
A Survey On Cyber Crime Information Security
A Survey On  Cyber Crime   Information SecurityA Survey On  Cyber Crime   Information Security
A Survey On Cyber Crime Information SecurityMichele Thomas
 
L12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptxL12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptxtalhajann43
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling    Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling    Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...Stefano Maria De' Rossi
 

Semelhante a Current threats and trends (20)

Acw stewart brown-cybercrime-presentation-feb-2018
Acw stewart brown-cybercrime-presentation-feb-2018Acw stewart brown-cybercrime-presentation-feb-2018
Acw stewart brown-cybercrime-presentation-feb-2018
 
A Study on the Cyber-Crime and Cyber Criminals: A Global Problem
A Study on the Cyber-Crime and Cyber Criminals: A Global ProblemA Study on the Cyber-Crime and Cyber Criminals: A Global Problem
A Study on the Cyber-Crime and Cyber Criminals: A Global Problem
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
 
A Review Paper On Cyber Crime
A Review Paper On Cyber CrimeA Review Paper On Cyber Crime
A Review Paper On Cyber Crime
 
It act and cyber crime
It act and cyber crimeIt act and cyber crime
It act and cyber crime
 
Cyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesCyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responses
 
Systemic cybersecurity risk
Systemic cybersecurity riskSystemic cybersecurity risk
Systemic cybersecurity risk
 
document on cyber terrorism
document on cyber terrorismdocument on cyber terrorism
document on cyber terrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
AN INTRODUCTION TO DIGITAL CRIMES
AN INTRODUCTION TO DIGITAL CRIMESAN INTRODUCTION TO DIGITAL CRIMES
AN INTRODUCTION TO DIGITAL CRIMES
 
An introduction to digital crimes
An introduction to digital crimesAn introduction to digital crimes
An introduction to digital crimes
 
"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!
 
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-EgbulemIT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
 
SPEEDA INSIGHTS_Market Prospects for the Security Industry
SPEEDA INSIGHTS_Market Prospects for the Security IndustrySPEEDA INSIGHTS_Market Prospects for the Security Industry
SPEEDA INSIGHTS_Market Prospects for the Security Industry
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
 
A Survey On Cyber Crime Information Security
A Survey On  Cyber Crime   Information SecurityA Survey On  Cyber Crime   Information Security
A Survey On Cyber Crime Information Security
 
L12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptxL12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptx
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling    Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling    Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
 

Último

NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 

Último (20)

NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 

Current threats and trends

  • 1. 08/30/13 1 A presentation by Muktesh Chander IPS BE, LLB, MA(Cr.), DCL, DHRM, Cert. SQC & OR FIETE,MCSI Addl. Commissioner of Police Traffic, Delhi Police
  • 2. 08/30/13 2 Global Scenario • Global cyber crime is $ 105 billion industry which is more than global drug trafficking • Economic meltdown and recession • Under employment/unemployment in IT sector • Cut down on IT security budget likely
  • 3. 08/30/13 3 Indian Scenario • Booming software and BPO Industry • IT Revolution Digital Dependence • National E Governance program • Very few organisations in India have CISO and IT Security budget • No law for privacy • No compliance laws and breach disclosure • No law against spamming • Limitations of IT Act 2000 • Weak and delayed criminal Justice System
  • 4. 08/30/13 4 Indian Scenario • Very few organisations in India have CISO and IT Security budget
  • 5. 08/30/13 5 Threats from • Individuals • Organised cyber criminals • Rival organisations • Non state actors • Hostile states • Insiders/ex employees • Hactivists • Terrorist Muktesh Chander
  • 6. 08/30/13 6 Cyber Crime in India City 2003 2004 2005 2006 2007 Total Delhi 4 4 10 5 10 33 Bangalore* 7 14 38 27 40 126 Gurgaon 1 - 4  2  5 12 Chennai 6 10 20 7 4 47 Pune 4 6 9 10 14 43 Hyderabad 3 - - - 2 5 Sub-Total 25 34 77 49 70 255 Total India 60 68 179 142 217 666 Crime in India 2007 52.8% increase in 2007 Under IT Act
  • 7. 08/30/13 7 Current Threats in India Security Incident 2004 2005 2005 2006 Phishing 3 101 339 392 Network scanning Probing 11 40 177 223 Virus, malicious codes 5 95 19 358 Total 23 254 552 1237 Source: Cert-in
  • 8. 08/30/13 8 2008 CSI Computer crime survey Global
  • 9. 08/30/13 9 Malicious activity by country • Source: Symantec Corporation
  • 10. 08/30/13 10 Current threats: Malware • Virus attacks account for more than 50% of security incidents. (CSI Survey 2008) • In the last six months of 2007, Symantec detected 499,811 new malicious codes. • 136 percent increase over the previous period, when 212,101 new threats were detected • 1,122,311 total malicious codes identified by Symantec as of the end of 2007. • Two thirds of all malicious code threats currently detected were created during 2007. • Any kind of file can be infected (Flash, Adobe Pdf are the latest)
  • 11. 08/30/13 11 Malware • Malware toolkits, rootkits easily available • Malware writing and outsourcing for profit • Malware for sale • Blended threats • Mobile virus (cabir, commw.sis and its variants, curse of silence) • Flash worm ? • Scareware
  • 12. 08/30/13 12 Phishing • Phising/Pharming/Vishing/Smishing • Every month more than 20,000 unique phishing websites are detected affecting more than 200 brands • Spearphishing attacks emerging
  • 13. 08/30/13 13 Phishing • Phishing scams showed sharp increase of 1126% over previous year. • Symantec observes more than 7 million phishing attempts each day.
  • 14. 08/30/13 14 • E-bay • Amazon • Paypal • ICICI Bank • UTI Bank TOP BRANDS AFFECTED BY PHISHING ATTACKS
  • 15. 08/30/13 15 Electronic Fund Transfer • Tim Berners Lee the father of WWW was a victim of online fraud (Computer world) • In Nov 2008, 100 compromised card accounts resulted in $ 9 million fraudulent withdrawals from 130 ATM’s in 49 cities across the world in 30 minutes
  • 16. 08/30/13 16 16 St. Petersburg New York Germany Israel Netherlands Finland $10 million London San Francisco Vladimir Levin a ,Russian ,stole $ 10 million from Citibank by computer fraud
  • 17. 08/30/13 17 Online grooming ,sexual exploitation and abuse of children • Sec 67 B (B),(C) inserted in IT Act Amendment
  • 18. 08/30/13 18 Cyber Vandalism /graffiti Source:Cert in Indian TLD websites defaced during 2007
  • 19. 08/30/13 19 Spam • Accounts for more than ½ to 2/3 of all e-mails or even 90% ? • Responsible for phishing, 419 scams and spread of malware, identity theft and other cyber crimes, choking of bandwidth ,wastage of time • India is in the top 10 spam sending countries
  • 21. 08/30/13 21 Cyber Pornography • Cyber pornography accounts for 46% of all cyber crimes under IT Act (Crime in India 2007) • Every second - 28,258 Internet users are viewing pornography • The pornography industry is larger than the revenues of the top technology companies combined: Microsoft, Google, Amazon, eBay, Yahoo !, Apple, Netflix and EarthLink Source :http://www.internet-filter- review.toptenreviews.com/internet- pornography-statistics.html
  • 22. 08/30/13 22 Cyber Pornography • is one of the easiest way of installing malware.
  • 23. 08/30/13 23 Botnets • Collection of compromised computers • Centralized control
  • 25. 08/30/13 25 Botnets • Source: Symantec Corporation 5 million distinct bots
  • 26. 08/30/13 26 Botnet tracked in India • 25915 from June 2007 to Dec 2007 • Source CERT In
  • 27. 08/30/13 27 Botnet • In Aug 2008 Dutch police apprehended Leni De with help from FBI and Brazilian police for running a botnet of 100,000 computers • Source CERT In
  • 28. 08/30/13 28 Use of Encryption by criminals/terrorists • Strong encryption tools easily available many for free • PGP • Steganography • Digital signatures (no key escrow in India) • Sec 69 IT Act is of no use
  • 29. 08/30/13 29 Underground market servers Source: Adapted from Symantec 2007
  • 30. 08/30/13 30 Industrial Espionage • Several countries and companies are indulging in Industrial espionage clandestinely • Employees reveal a lot in their personal E mails and social networking sites • s
  • 31. 08/30/13 31 Theft of Mobile Devices • 42 % respondents reported case of laptop theft (CSI Survey 2008) • Separate offence created under IT Act Amendment
  • 32. 08/30/13 32 Threat to Embedded Systems • Complex and unknown • Becoming common • Involve third party
  • 33. 08/30/13 33 Identity Theft • Estimated more than 9 million incidents each year (NIJ ,US Report) • Separate offence created under IT Act Amendment
  • 34. 08/30/13 34 Insider Abuse • By disgruntled present of Ex employees • 44% respondents reported insider abuse (CSI Survey 2008)
  • 35. 08/30/13 35 Other cyber crimes • Hacking • Denial of service attacks • Data diddling • Cyber stalking • Cyber squatting • IPR Violations • Mobile cloning (Both GSM and CDMA)
  • 37. 08/30/13 37 2000 Hackers holy war between Israel and Palestine 2001 There was a war between Chinese and American hackers
  • 42. 08/30/13 42 42Muktesh Chander CII Means Information & Communication Systems connected with :  National Security  Public Safety  Public Health  Critical Sectors of Economy Critical Information Infrastructure
  • 43. 08/30/13 43 Likely targets of cyber terrorism Power grids (nuclear power stations) Banking and Financial systems Stock Exchanges Transportation Control systems MRTS, ATC, Rail/Airlines reservations Tele-Communications Gas / Oil / Water Pipelines control systems Internet Backbones Health/Food Emergency services Military/Defense Installations Attack on C4 I
  • 44. 08/30/13 44 • Estonia a Baltic nation with population of only 1.4 million people • One of the most wired nations • Pioneer in E Governance • Almost 100% citizen use online banking • Every citizen has PKI enabled I card with embedded chip • Online elections Estonia Attack
  • 45. 08/30/13 45 • Govt. relocated 2nd world war Red Army memorial (a Bronze statue) • On April 2007 computers of Estonian Parliament, banks, ministries, newspapers and broadcasters, political parties etc.were targets for cyber attack using DDOs, spam botnets etc. • Attack continued for three weeks • Cyberterrorists & defenders both acted in adhoc manner Contd.. Estonia Attack
  • 46. 08/30/13 46 • An Estonian court has convicted the first individual in the 2007 cyber attacks against Estonia. • "Dmitri Galushkevich an ethnic Russian used his home PC to launch a denial-of-service attack that knocked down the Web site for the political party of Estonia's prime minister for several days..." • He was fined 17,500 kroons (approx. US$ 1,642). Contd.. Estonia Attack
  • 47. 08/30/13 47 • Konstantin Goloskokov(22), an activist with Russia's Nashi youth group and aide to a pro- Kremlin member of parliament has admitted having organised the attack as an act of civil disobedience. Sergeiei Markov, a Russian State Duma Deputy has corroborated the facts (Mar.12,2009,SC Magazine) Contd.. Estonia Attack
  • 48. 08/30/13 48 Trends • Prediction in a fast changing and evolving field is difficult • Law of exponential return of technological changes
  • 49. 08/30/13 49 Current Trends in cyber crime Following trends are clearly visible:- 1. The time to exploit vulnerability is decreasing. 2. Cyber crimes are being committed with financial gains in mind 3. The attack sophistication is increasing and more automation can be seen in attacks. 4. The speed of spread of an attacks is increasing.  
  • 50. 08/30/13 50 Current Trends in cyber crime 5. The attacks are more targetted than before. 6. Phishing is increasing on SMS, Telephone & other platforms. 7. Coordinated automatic attacks by remotely controlled Bots for DDoS, for sending SPAM and other such malicious purposes are showing increasing trend and will pose biggest threat to Information Security.
  • 51. 08/30/13 51 Current Trends in cyber crime 8. Mobile connectivity using WiFi technology and convegence of mobile phones with PDAs and other wireless devices will add another dimension to cyber crime. 9. There is growing evidence of organized crime and cyber crime are beginning to overlap with activities of drug mafia, pedophiles, international money laundering people who use Internet to coordinate their activities.  
  • 52. 08/30/13 52 Current Trends in cyber crime 10.Industrial espionage increasing 11.Political ideologists have started using hactivism to propagate their ideas through Internet and the electronic civil disobedience activities are surfacing. 12.Terrorist organizations are increasingly using Internet communication and cryptography to secretly communicate and organize their activities. 13.State sponsored Cyber war
  • 53. 08/30/13 53 Current Trends in cyber crime 14.Cyber crime would increase on social networking sites 15.Web 2.0 16.Data is becoming primary focus of cyber crime 17.Netbook, Ipod touch, Smart phones, 3G enabled phones will be affected 18.Used and stolen hardware will be source of data loss
  • 54. 08/30/13 54 Future 20.Stock market manipulations. Pump and dump schemes 21.Skimming of Card information directly from ATM 22.SPAM will transform in SPIM and SPIT
  • 55. 08/30/13 55 1.Recent spate of Phishing activities 2.Numbers of cases of data theft from BPO and call center companies R 3.Risk from third party relationship. Current Trends in India
  • 56. 08/30/13 56 4.Recent theft of sensitive information in electronic form from National Security Council Secretariat has added another dimension to Information Security in the country. 5.Adequate attention towards management of information security and a very few companies have gone for information needed Current Trends in India
  • 57. 08/30/13 57 6.The most serious gap in implementation of information security management is threat from insiders and ex-employees. 7.The widespread absence of even the most routine security tools and policies has left many Indian companies vulnerable to serious attack and the inevitable financial losses that follow. 8.User education and awareness is of utmost importance in Business to Customers models such as Internet banking, online auction and shopping. Current Trends in India
  • 58. 08/30/13 58 6.Use of Digital signature still rare Current Trends in India

Notas do Editor

  1. 08/30/13
  2. 08/30/13
  3. 08/30/13
  4. 08/30/13
  5. 08/30/13
  6. 08/30/13
  7. 08/30/13
  8. 08/30/13
  9. 08/30/13
  10. 08/30/13
  11. 08/30/13
  12. 08/30/13