Wednesday 4 October 11:30 - 12:00, Green room
Dhia Mahjoub (Cisco Umbrella (OpenDNS))
Jason Passwaters (Intel471)
The money spent defending against cybercrime increases enormously year after year. Yet, cybercrime is a growing multi-trillion-dollar industry that has surpassed even the illicit drug trade. You would think there would be an inverse relationship between spend to defend and cybercrime profits, but evidently this is not the case.
In traditional warfare, an understanding of the adversary is required before a commander can make battlefield decisions. It’s about impacting the enemy. It’s 2017 and our decisions are having little overall impact because we don’t understand our adversary as well as we should. It’s time we started getting to know our enemies so that we can have real impact and make it cost-prohibitive for them to operate.
Our talk will detail multiple sophisticated Eastern European bulletproof hosting (BPH) operations, which are the key enabler of long-lasting, large-scale, and profitable cybercrime campaigns. We’ll discuss their history, networks/ASNs, the actors operating them, their front companies, relationships with other bulletproof hosters, underground marketplace dynamics related to bulletproof hosting, and more. This research is based on exclusive access to vetted closed underground forums and large-scale analysis of network traffic and telemetry. We will demonstrate the importance of both network-centric and actor-centric perspectives to reveal the intricacies of BPH and its close ties to cybercrime at large. Whether you are a security researcher, a threat intelligence analyst, or involved in law enforcement, join us in this talk to understand how BPH works and ultimately how to identify potential pain points where your actions can have real impact.