Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention

transcript

IBM Security

09.15-10.00 Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention

Ori Bach, Senior Security Strategist Trusteer, IBM Security

IBM Security

Agenda

Malware is constantly adapting to the security market

Cybercrime becomes more commoditized & global

Significant events in 2015

Behind the scenes of IBM Trusteer research

www.securityintelligence.com has some great webinars and

blogs to demonstrate all of this

IBM Security

The fraud prevention challenge: Cybercriminals don’t sleep

Fraudoperation costs

Authentication challenges

Transaction delays

Account Suspensions

Malware is constantly adapting to the security market

IBM Security

Malware developers continue to innovate

Neverquest - AV evasion methods / Mobile component

Bugat- Cridex/Dridex/Geodo/Feodo/ Emotet

GameOver Zeus - P2P infrastructure

Dyre – DNS Routing

IBM Security

2FA continues to be breached

IBM Security

Device takeover grows up

From simple RATs to advanced malware – device takeover

was everywhere

PoS attacks target built in remote session solutions

Citadel’s persistent RDP and new targets

Cybercrime becomes more commoditized

IBM Security

Fraud sales and hackers for hire

IBM Security

Cybercriminals Will Rely on Anonymity Networks

Accessing TOR and other networks is becoming easier

Safer cybercrime eCommerce platform

Safer for malware infrastructure (i2Ninja, Chewbacca…)

Also presents challenges

Broader adaptation of anonymity networks and encryption

IBM Security

SMS stealers for sale

User Name + Password

OTP SMS

Credentials

OTP SMS

TOR C&C

IBM Security

Malvertising – The madman of the cybercrime world

Cybercrime continues to go global

IBM Security

Breakdown of boarders – geography and technology

Local variants of global malware

– Bugat variants Dridex , Emotet and Geodo

Cybercriminals are finding new ways to corporate and

overcome cultural differences

IBM Security

Dyre – From local attack to global threat in 6 months

US Department of Homeland

SecurityDyre Alert

October

First reports of attacks against US/UK targets

Attacks against Targets in Australia

and China

December

Over 100 firms targeted

November

Attack againstsalesforce.com

September

Attacks against Romanian,

German and Swiss Banks

October

IBM Security

Dyre campaigns target banks around the globe

Attack Vectors

IBM Security

Major Breaches – your data is out there

There were so many… Does anyone even remember

P.F.Chang and Evernote by now?

If you want the red pill go to http://hackmageddon.com/

Several (not very surprising) reoccurring themes:

– Zero day exploits in common software

– 3rd party hack

– Use of RATs

Source: hackmageddon.com

IBM Security

Mobile Threats

Classic threats migrate to mobile:

– Phishing

– Ransomware

– Overlay

Device takeover malware for mobile

NFC, ApplePay – new targets

Mobile malware will target more than SMS

Significant events in 2015

IBM Security

Issued by The European Central Bank

2015 implementation deadline

Malware detection and protection

specifically recommended for:

• Risk control and mitigation

• Strong authentication

• Transaction monitoring

Recommendations for The Security of Internet Payments

IBM Security

Geo-political and economic situation in Russia & Brazil

IBM Security

Summary

Cybercriminals find cheap ways to circumvent expensive controls

Cybercriminals break borders (technology and geography)

Mobile exploit packs, device takeover, payment targeting and more

late adaptors of ECB security internet payments

Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention

Data & Analytics