Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention

Post on 19-Jul-2015

54 views 0 download

transcript

© 2014 IBM Corporation

IBM Security

1

09.15-10.00 Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention

Ori Bach, Senior Security Strategist Trusteer, IBM Security

© 2014 IBM Corporation

IBM Security

2

Agenda

Malware is constantly adapting to the security market

Cybercrime becomes more commoditized & global

Significant events in 2015

Behind the scenes of IBM Trusteer research

www.securityintelligence.com has some great webinars and

blogs to demonstrate all of this

© 2014 IBM Corporation

IBM Security

3

The fraud prevention challenge: Cybercriminals don’t sleep

Fraudoperation costs

Authentication challenges

Transaction delays

Account Suspensions

5

© 2014 IBM Corporation

Malware is constantly adapting to the security market

© 2014 IBM Corporation

IBM Security

6

Malware developers continue to innovate

Neverquest - AV evasion methods / Mobile component

Bugat- Cridex/Dridex/Geodo/Feodo/ Emotet

GameOver Zeus - P2P infrastructure

Dyre – DNS Routing

© 2014 IBM Corporation

IBM Security

7

2FA continues to be breached

© 2014 IBM Corporation

IBM Security

8

Device takeover grows up

From simple RATs to advanced malware – device takeover

was everywhere

PoS attacks target built in remote session solutions

Citadel’s persistent RDP and new targets

9 © 2014 IBM Corporation

Cybercrime becomes more commoditized

© 2014 IBM Corporation

IBM Security

10

Fraud sales and hackers for hire

© 2014 IBM Corporation

IBM Security

11

Cybercriminals Will Rely on Anonymity Networks

Accessing TOR and other networks is becoming easier

Safer cybercrime eCommerce platform

Safer for malware infrastructure (i2Ninja, Chewbacca…)

Also presents challenges

Broader adaptation of anonymity networks and encryption

© 2014 IBM Corporation

IBM Security

12

SMS stealers for sale

12

User Name + Password

OTP SMS

Credentials

OTP SMS

TOR C&C

© 2014 IBM Corporation

IBM Security

13

Malvertising – The madman of the cybercrime world

14 © 2014 IBM Corporation

Cybercrime continues to go global

© 2014 IBM Corporation

IBM Security

15

Breakdown of boarders – geography and technology

Local variants of global malware

– Bugat variants Dridex , Emotet and Geodo

Cybercriminals are finding new ways to corporate and

overcome cultural differences

© 2014 IBM Corporation

IBM Security

16

Dyre – From local attack to global threat in 6 months

US Department of Homeland

SecurityDyre Alert

October

First reports of attacks against US/UK targets

June

Attacks against Targets in Australia

and China

December

Over 100 firms targeted

November

Attack againstsalesforce.com

September

Attacks against Romanian,

German and Swiss Banks

October

2014

© 2014 IBM Corporation

IBM Security

17

Dyre campaigns target banks around the globe

19 © 2014 IBM Corporation

Attack Vectors

© 2014 IBM Corporation

IBM Security

20

Major Breaches – your data is out there

There were so many… Does anyone even remember

P.F.Chang and Evernote by now?

If you want the red pill go to http://hackmageddon.com/

Several (not very surprising) reoccurring themes:

– Zero day exploits in common software

– 3rd party hack

– Use of RATs

Source: hackmageddon.com

© 2014 IBM Corporation

IBM Security

21

Mobile Threats

Classic threats migrate to mobile:

– Phishing

– Ransomware

– Overlay

Device takeover malware for mobile

NFC, ApplePay – new targets

Mobile malware will target more than SMS

23

© 2014 IBM Corporation

Significant events in 2015

© 2014 IBM Corporation

IBM Security

24

Issued by The European Central Bank

2015 implementation deadline

Malware detection and protection

specifically recommended for:

• Risk control and mitigation

• Strong authentication

• Transaction monitoring

Recommendations for The Security of Internet Payments

© 2014 IBM Corporation

IBM Security

25

Geo-political and economic situation in Russia & Brazil

© 2014 IBM Corporation

IBM Security

26

Summary

Cybercriminals find cheap ways to circumvent expensive controls

Cybercriminals break borders (technology and geography)

Mobile exploit packs, device takeover, payment targeting and more

late adaptors of ECB security internet payments