current threat landscape, global trends and best practices within financial fraud prevention
TRANSCRIPT
![Page 1: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/1.jpg)
© 2014 IBM Corporation
IBM Security
1
09.15-10.00 Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention
Ori Bach, Senior Security Strategist Trusteer, IBM Security
![Page 2: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/2.jpg)
© 2014 IBM Corporation
IBM Security
2
Agenda
Malware is constantly adapting to the security market
Cybercrime becomes more commoditized & global
Significant events in 2015
Behind the scenes of IBM Trusteer research
www.securityintelligence.com has some great webinars and
blogs to demonstrate all of this
![Page 3: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/3.jpg)
© 2014 IBM Corporation
IBM Security
3
The fraud prevention challenge: Cybercriminals don’t sleep
Fraudoperation costs
Authentication challenges
Transaction delays
Account Suspensions
![Page 4: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/4.jpg)
5
© 2014 IBM Corporation
Malware is constantly adapting to the security market
![Page 5: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/5.jpg)
© 2014 IBM Corporation
IBM Security
6
Malware developers continue to innovate
Neverquest - AV evasion methods / Mobile component
Bugat- Cridex/Dridex/Geodo/Feodo/ Emotet
GameOver Zeus - P2P infrastructure
Dyre – DNS Routing
![Page 6: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/6.jpg)
© 2014 IBM Corporation
IBM Security
7
2FA continues to be breached
![Page 7: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/7.jpg)
© 2014 IBM Corporation
IBM Security
8
Device takeover grows up
From simple RATs to advanced malware – device takeover
was everywhere
PoS attacks target built in remote session solutions
Citadel’s persistent RDP and new targets
![Page 8: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/8.jpg)
9 © 2014 IBM Corporation
Cybercrime becomes more commoditized
![Page 9: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/9.jpg)
© 2014 IBM Corporation
IBM Security
10
Fraud sales and hackers for hire
![Page 10: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/10.jpg)
© 2014 IBM Corporation
IBM Security
11
Cybercriminals Will Rely on Anonymity Networks
Accessing TOR and other networks is becoming easier
Safer cybercrime eCommerce platform
Safer for malware infrastructure (i2Ninja, Chewbacca…)
Also presents challenges
Broader adaptation of anonymity networks and encryption
![Page 11: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/11.jpg)
© 2014 IBM Corporation
IBM Security
12
SMS stealers for sale
12
User Name + Password
OTP SMS
Credentials
OTP SMS
TOR C&C
![Page 12: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/12.jpg)
© 2014 IBM Corporation
IBM Security
13
Malvertising – The madman of the cybercrime world
![Page 13: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/13.jpg)
14 © 2014 IBM Corporation
Cybercrime continues to go global
![Page 14: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/14.jpg)
© 2014 IBM Corporation
IBM Security
15
Breakdown of boarders – geography and technology
Local variants of global malware
– Bugat variants Dridex , Emotet and Geodo
Cybercriminals are finding new ways to corporate and
overcome cultural differences
![Page 15: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/15.jpg)
© 2014 IBM Corporation
IBM Security
16
Dyre – From local attack to global threat in 6 months
US Department of Homeland
SecurityDyre Alert
October
First reports of attacks against US/UK targets
June
Attacks against Targets in Australia
and China
December
Over 100 firms targeted
November
Attack againstsalesforce.com
September
Attacks against Romanian,
German and Swiss Banks
October
2014
![Page 16: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/16.jpg)
© 2014 IBM Corporation
IBM Security
17
Dyre campaigns target banks around the globe
![Page 17: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/17.jpg)
19 © 2014 IBM Corporation
Attack Vectors
![Page 18: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/18.jpg)
© 2014 IBM Corporation
IBM Security
20
Major Breaches – your data is out there
There were so many… Does anyone even remember
P.F.Chang and Evernote by now?
If you want the red pill go to http://hackmageddon.com/
Several (not very surprising) reoccurring themes:
– Zero day exploits in common software
– 3rd party hack
– Use of RATs
Source: hackmageddon.com
![Page 19: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/19.jpg)
© 2014 IBM Corporation
IBM Security
21
Mobile Threats
Classic threats migrate to mobile:
– Phishing
– Ransomware
– Overlay
Device takeover malware for mobile
NFC, ApplePay – new targets
Mobile malware will target more than SMS
![Page 20: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/20.jpg)
23
© 2014 IBM Corporation
Significant events in 2015
![Page 21: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/21.jpg)
© 2014 IBM Corporation
IBM Security
24
Issued by The European Central Bank
2015 implementation deadline
Malware detection and protection
specifically recommended for:
• Risk control and mitigation
• Strong authentication
• Transaction monitoring
Recommendations for The Security of Internet Payments
![Page 22: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/22.jpg)
© 2014 IBM Corporation
IBM Security
25
Geo-political and economic situation in Russia & Brazil
![Page 23: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention](https://reader030.vdocuments.us/reader030/viewer/2022032714/55ab542a1a28ab28208b48ae/html5/thumbnails/23.jpg)
© 2014 IBM Corporation
IBM Security
26
Summary
Cybercriminals find cheap ways to circumvent expensive controls
Cybercriminals break borders (technology and geography)
Mobile exploit packs, device takeover, payment targeting and more
late adaptors of ECB security internet payments