Cognitive Security - Finance & Banking Security ('12)

2,033
-1

Published on

Download the original PowerPoint version here: http://gdusil.wordpress.com/2012/06/01/cose-finance-and-banking-security/
Check out my blog "Multiscreen & OTT for the Digital Generation" @ gdusil.wordpress.com.

Bank managers face complex challenges in balancing security spending against the evolving risks of internet commerce.  The criminal community have managed to change the battlefield in the war on cybercrime, to the extent that the enterprise community have not yet realized. Highly intelligent exploit kits, and trojans seemingly bypass layers of security with ease.  To prepare for these new adversaries, new and advanced levels of protection are needed to facilitate current and future security objectives. Expert Security addresses the need to implement more robust and cost effective levels of expertise, and also helps to bridge the gap to more expensive - and often culturally adverse – cloud-based solutions.  It’s no longer about adding many layers of protection that fits within a security budget – it’s ensuring that the layers that exist are clever enough to mitigate against modern sophisticated attacks.  it is paramount in ensure asset protection.  Network Behavior Analysis are the building blocks of Expert Security, and offers a viable solution for state-of-the-art cyber-attacks. This presentation was prepared at Cognitive Security to outline some of these threats and how we are protecting banking clients from future modern sophisticated attacks.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,033
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
56
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Cognitive Security - Finance & Banking Security ('12)

  1. 1. Gabriel DusilVP, Global Sales & Marketing www.facebook.com/gdusil cz.linkedin.com/in/gabrieldusil gdusil.wordpress.com dusilg@gmail.com
  2. 2. • A bug, glitch, hole, or flaw in • Attack developed to take a network, application or advantage of a vulnerability database• Attack on a selection of • Software designed to fix a vulnerabilities to control a vulnerability and otherwise network, device, or asset plug security holes• Attack against an unknown  Methodical, long- vulnerability, with no known term covert attacks, using security fix many tools to steal info Experts in Network Behavior Analysis Page 2, www.cognitive-security.com © 2012, gdusil.wordpress.com
  3. 3. Patch t0before timeExploitExploit t0before timePatchExploitbeforeVulnerability time Experts in Network Behavior Analysis Page 3, www.cognitive-security.com 3 © 2012, gdusil.wordpress.com
  4. 4. Experts in Network Behavior Analysis % breaches / % records Page 4, www.cognitive-security.com*Verizon – ‘11 Data Breach Investigations Report © 2012, gdusil.wordpress.com
  5. 5. 286 million malware variants 75 million samples expected perdetected in ’10 month by the end of ‘11 Experts in Network Behavior Analysis Page 5, www.cognitive-security.com McAfee Threats Report, Q1 ‘11 © 2012, gdusil.wordpress.com
  6. 6. Which of the following sources pose the greatest threat to your organization? Experts in Network Behavior Analysis Page 6, www.cognitive-security.comInformation Week - Strategic Security Survey 11 © 2012, gdusil.wordpress.com
  7. 7. Over 90% of modern attacks come from external sources  “insiders were at least three times more likely to steal IP than outsiders” Experts in Network Behavior Analysis Page 7, www.cognitive-security.com*Verizon – ‘11 Data Breach Investigations Report © 2012, gdusil.wordpress.com
  8. 8.  “Given enough time… …criminals can breach virtually any single organization” Experts in Network Behavior Analysis Symantec – Internet Security Threat Report ‘11.Apr Page 8, www.cognitive-security.com *Verizon – ‘11 Data Breach Investigations Report © 2012, gdusil.wordpress.com
  9. 9. Top 7 Attacks discussed inHackForums.net in the last year June ‘10-’11, 241,881 threads Experts in Network Behavior Analysis Page 9, www.cognitive-security.com Imperva - Monitoring Hacker Forums (11.Oct) © 2012, gdusil.wordpress.com
  10. 10. Criminals have access to an eMarketplace to serve their needs Experts in Network Behavior Analysis Page 10, www.cognitive-security.com McAfee Threats Report, Q1 ‘11 © 2012, gdusil.wordpress.com
  11. 11. Blended • Include embedded URLs that link to an infected Web pageemail Threats • Employ social engineering to encourage click-through. Infected • Victim visits legitimate site infected by malware (eg. Cross Site Websites Scripting, or iFrame compromise) Malware • Back-door downloaders, key loggers, scanners &Honeypot PW stealers Tools • Polymorphic design to escape AV detection Sandbox -competition • Some DDoS attacks Network from internal workstations Infected • Once inside the, infiltrating or compromising data is easy PC (bots) can originate Behavior Command & • Analysis Remote servers operated by attacker control victim PCs Control (C2) • Activity occurs outside of the normal hours, to evade detectionManagement • Interface used to control all aspects of the APT process Console • Enables attackers to install new malware & measure success Experts in Network Behavior Analysis Page 11, www.cognitive-security.com © 2012, gdusil.wordpress.com
  12. 12. “We see APT as shorthand for a targeted assault,… , they seek to stay undetected and tunnel deeper into the network, then quietly export valuable data.” “after several years of both our budgets and our data being under siege, few organization have the means to fight off world-class attackers.” Experts in Network Behavior Analysis Page 12, www.cognitive-security.comInformation Week - Strategic Security Survey 11 © 2012, gdusil.wordpress.com
  13. 13. “[If] you’re not seeing APT “The key to these intrusions isattacks in your organization, it that the adversary is motivatedis probably not that they are not by a massive hunger for secretsoccurring or that you’re safe. and intellectual property”It’s more likely that you mayneed to rethink your detection “…every company in everycapabilities” conceivable industry with“[Using NetFlow]… security significant size & valuableprofessionals can improve their intellectual property & tradeability to spot intrusions and secrets has been compromisedother potentially dangerous (or will be shortly)…”activity” Experts in Network Behavior Analysis McAfee – Revealed, Operation Shady RAT Page 13, www.cognitive-security.com Cisco - Global Threat Report 2Q11 © 2012, gdusil.wordpress.com
  14. 14. Began appearing in ‘06 Cost is between €300 & €700 Kits use exploits with highest ROI Now offered as MaaS Delivered via spam or a spear phishing (“blended email threat”) Victim iFrame Malware Data is opens Infected updated stolen, email, & Web site via C2 over days clicks on installs (C&C)  months web link Trojan <body> <iframe height=“0” frameborder=“0” width=“0” src=http://www.istoleyourmoney.php> MaaS - Malware-as-a-Service, ROI Return on Investment, Inline Frames (IFrames) Experts in Network Behavior Analysis are windows cut into a webpage allowing visitors to view another page without Page 14, www.cognitive-security.com reloading the entire page. M86 - Security labs Report (11.2H) © 2012, gdusil.wordpress.com
  15. 15. Experts in Network Behavior Analysis Page 15, www.cognitive-security.com*Verizon – ‘11 Data Breach Investigations Report © 2012, gdusil.wordpress.com
  16. 16. Aka: ZeuS-bot or ZBot Trojan stealing bank details July ’07 - Discovered May ‘11 – Source code leaked ≈ Price Feature € 2,000 Basic builder kit ZeuS: 679 C&C servers, 199 online € 1,000 Back-connect € 1,400 Firefox form grabber Competitors € 300 Jabber (IM) chat notifier  Sinowal € 1,400 Windows 7/Vista Support © ‘06 © ‘09 € 6,000 VNC private module SpyEye FeaturesZeuS can easily defeat most  Keylogger, Auto-fill modules, Dailyonline banking login backup, Encrypted config, FTP,mechanisms HTTP & Pop3 grabbers, Zeus killer Experts in Network Behavior Analysis http://www.securelist.com/en/analysis/204792107 Page 16, www.cognitive-security.com VNC - Virtual Network Computing © 2012, gdusil.wordpress.com
  17. 17. Germany Russia 8% Ukraine United 17% Top 10 ZeuS C2 7% States Azerbaijan hosting countries  44% 6% Canada United ItalyZeuS modifications 2% Netherlands Kingdom Romania 4%per month  3% 4% 5% There are over 40,000 variants of ZeuS Experts in Network Behavior Analysis Kaspersky - ZeuS on the Hunt (10.Apr) Page 17, www.cognitive-security.com Zeustracker.abuse.ch © 2012, gdusil.wordpress.com
  18. 18.  Top 7 ZeuS builds & variantsAntivirus detection ratesfor new variants ofthe ZeuS Trojan  Average Anti-Virus Detection Rate is only 36.3% Experts in Network Behavior Analysis Page 18, www.cognitive-security.com Zeustracker.abuse.ch © 2012, gdusil.wordpress.com
  19. 19. Experts in Network Behavior Analysis Page 19, www.cognitive-security.comhttp://en.wikipedia.org/wiki/Zeus_%28trojan_horse%29 © 2012, gdusil.wordpress.com
  20. 20. Build/Maintain a Secure Implement Strong AccessNetwork Control 1: Install & maintain a FW configs  7: Restrict access to cardholder to protect cardholder data data by business need-to-know 2: Do not use vendor-supplied  8: Assign a unique ID to each defaults for system passwords person with computer access  9: Restrict physical access toProtect Cardholder Data cardholder data 3: Protect stored cardholder data 4: Encrypt transmission of cardholder data Regularly Monitor and Test NetworksMaintain a Vulnerability  10: Track & monitor all access toManagement Program resources & cardholder data 5: Use & regularly update AV  11: Regularly test security & 6: Develop & maintain secure processes systems & apps  12: Maintain policies for Info-sec Experts in Network Behavior Analysis Page 20, www.cognitive-security.com © 2012, gdusil.wordpress.com
  21. 21. • Sensitive data • Fines from Visa  spread over the • Compliant but acquiring bank  enterprise, or in still breached merchant -  to unknown places 14m €/year • Increased fees • Plan exists but never practiced. • PCI is serious about I-R • DSS is based on actual breeches. • Not used to • Refusal to spend on proactive monitoring compliance or log review • Ignore resources • Can’t be done at the needed to secure data last minute • “We’ll deal with it once we have a breach” Experts in Network Behavior Analysis Page 21, www.cognitive-security.com © 2012, gdusil.wordpress.com
  22. 22. Protect corporate & client data Enable international locations to connect to the Internet without compromising security Understand & protect against the latest vulnerabilities Protect sensitive client infoSecure mission-criticalapplications Remediate before significant Value Proposition damage is done by the attacker  Protect critical business assets Help to ensure compliance from modern sophisticated attacks, • PCI DSS by detecting threats quickly, and • EU Data Protection & Privacy allowing swift remediation Experts in Network Behavior Analysis Page 22, www.cognitive-security.com © 2012, gdusil.wordpress.com
  23. 23. Experts in Network Behavior AnalysisPage 23, www.cognitive-security.com© 2012, gdusil.wordpress.com
  24. 24. Infrastructure The Identification Banking SuspectedSecurity anomalies of deployed services (malicious)using detected by malware will calls clients traffic isNetwork NBA can be help single- to confirm, blocked,Behavior cross- out the identify & filtered, orAnalysis referenced malicious eliminate diverted fromobserve data by SIEM software malicious the infectedto identify correlation & implement behavior. device.irregularities tools to detect mitigating Networkwhich may be sophisticated steps to traffic can bedue to the modern protect clients optimized &malware attacks. modeled inactivity order to improve reliability. Experts in Network Behavior Analysis Page 24, www.cognitive-security.com © 2012, gdusil.wordpress.com
  25. 25. Spear Phishing, Exploit Spear Phishing, Exploit Scripts written on-the-fly,Kits, Trojans, MaaS Kits, Trojans, Malware Malware portfolioGlobal Bots & C2 Regional Bots & APT, Advanced Persistent dedicated C2 Threats1st tier - Low Hanging fruit focused on 2nd & 3rd tier Targets specific companiestargets targets or industriesExploits vulnerabilities with Exploits vulnerabilities with High expertise (eg. writing)highest financial returns medium returnsSteals ID, credit cards, Exploits specific banks & Uses stealth, Time &account details their vulnerabilities ReconnaissanceCriminal eMarketplace – Membership or referral Individuals, organizeauthors, stealers, mules, etc. access only hacktivism, or governmentsAttacks take days Attacks take days Attacks take weeks to years Experts in Network Behavior Analysis Page 25, www.cognitive-security.com © 2012, gdusil.wordpress.com
  26. 26. http://gdusil.wordpress.com/2013/03/08/finance-and-ba…ng-security-12/ Experts in Network Behavior Analysis Page 26, www.cognitive-security.com © 2012, gdusil.wordpress.com
  27. 27. Experts in Network Behavior AnalysisPage 27, www.cognitive-security.com© 2012, gdusil.wordpress.com
  28. 28.  Bank managers face complex challenges in balancing security spending against the evolving risks of internet commerce. The criminal community have managed to change the battlefield in the war on cybercrime, to the extent that the enterprise community have not yet realized. Highly intelligent exploit kits, and trojans seemingly bypass layers of security with ease. To prepare for these new adversaries, new and advanced levels of protection are needed to facilitate current and future security objectives. Expert Security addresses the need to implement more robust and cost effective levels of expertise, and also helps to bridge the gap to more expensive - and often culturally adverse – cloud-based solutions. It’s no longer about adding many layers of protection that fits within a security budget – it’s ensuring that the layers that exist are clever enough to mitigate against modern sophisticated attacks. it is paramount in ensure asset protection. Network Behavior Analysis are the building blocks of Expert Security, and offers a viable solution for state-of-the-art cyber-attacks. This presentation was prepared at Cognitive Security to outline some of these threats and how we are protecting banking clients from future modern sophisticated attacks. Experts in Network Behavior Analysis Page 28, www.cognitive-security.com © 2012, gdusil.wordpress.com
  29. 29. Network Behavior Analysis, NBA, Cyber Attacks, Forensics Analysis,Normal vs. Abnormal Behavior, Anomaly Detection, NetFlow, IncidentResponse, Security as a Service, SaaS, Managed Security Services,MSS, Monitoring & Management, Advanced Persistent Threats, APT,Zero-Day attacks, Zero Day attacks, polymorphic malware, ModernSophisticated Attacks, MSA, Non-Signature Detection, ArtificialIntelligence, A.I., AI, Security Innovation, Mobile security, CognitiveSecurity, Cognitive Analyst, Forensics analysis Experts in Network Behavior Analysis Page 29, www.cognitive-security.com © 2012, gdusil.wordpress.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×