Cybercrime Threat Landscape:
Cyber Criminals Never Sleep
Etay Maor
Senior Fraud
Prevention Strategist
© IBM Trusteer, 2014
Security Silos FAIL!
© IBM Trusteer, 2014 3
Holistic Approach for Cybercrime
WWW
Phishing and
Malware Fraud
Advanced Threats
(Employees)
Online...
Phishing
4
© IBM Trusteer, 2014
New C&Cs for Phishing
5
© IBM Trusteer, 2014
Targeting Security Solutions:
 External and Perimeter
 Anti virus
 Sandbox
 VMs
 Login
 Credent...
© IBM Trusteer, 2014
Malware Protection
7
Malware Protection - Outsource
© IBM Trusteer, 2014
Device Forging
© IBM Trusteer, 2014
Bypassing Device ID
Notification
LoginInjection
© IBM Trusteer, 2014
Bypassing Device ID
RDP
Transaction
© IBM Trusteer, 2014
Behavior and Device ID Tricks
12
 The data source:
 Large European bank
 3 weeks worth of data
 1...
New Mobile Threats
13
© IBM Trusteer, 2014
How Times Have Changed…
© IBM Trusteer, 2014
Overlay Mobile Attack
© IBM Trusteer, 2014
Overlay Mobile Attack
© IBM Trusteer, 2014
Mobile Ransomware
Cybercrime Services
18
© IBM Trusteer, 2014 19
© IBM Trusteer, 2014
A Page From a CT Book – Sounds Familiar?
© IBM Trusteer, 2014
Building a Solution
Advanced
Fraud
Prevention
Real Time Intelligence
• Integrated: fully
integrated t...
© IBM Trusteer, 2014
And Always Remember – Security is in
YOUR Hands
© IBM Trusteer, 2014
And Always Remember – Security is in
YOUR Hands
23
© IBM Trusteer, 2014
And Always Remember – Security is in
YOUR Hands
24
Thank You
Upcoming SlideShare
Loading in...5
×

Cybercrime Threat Landscape: Cyber Criminals Never Sleep

2,763

Published on

A Glimpse into the Cybercrime Underground

In this session, Trusteer’s senior fraud prevention strategist, Etay Maor, will dive into the latest tools, techniques and threats developed and utilized by cybercriminals. The presentation will include a market overview of the latest offerings from the criminal underground, with a deep dive into some of the techniques discussed by cybercriminals, and review how they manifest as real attacks with real examples and case studies. A share of the presentation will also be dedicated to possible mitigation strategies and techniques.

During this webinar you will learn about:

- New malware attack and evasion techniques
- The latest underground offerings on the “fraud as a service” market
- The latest rumors and discussions around malware and malware authors from the underground
- Real-time intelligence and adaptable counter measures

Published in: Software, Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,763
On Slideshare
0
From Embeds
0
Number of Embeds
14
Actions
Shares
0
Downloads
109
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Cybercrime Threat Landscape: Cyber Criminals Never Sleep

  1. 1. Cybercrime Threat Landscape: Cyber Criminals Never Sleep Etay Maor Senior Fraud Prevention Strategist
  2. 2. © IBM Trusteer, 2014 Security Silos FAIL!
  3. 3. © IBM Trusteer, 2014 3 Holistic Approach for Cybercrime WWW Phishing and Malware Fraud Advanced Threats (Employees) Online/Mobile Banking Money, Intellectual Property, Business Data Account Takeover, New Account Fraud Mobile Fraud Risk
  4. 4. Phishing 4
  5. 5. © IBM Trusteer, 2014 New C&Cs for Phishing 5
  6. 6. © IBM Trusteer, 2014 Targeting Security Solutions:  External and Perimeter  Anti virus  Sandbox  VMs  Login  Credential protection and encryption  OTP SMS  Device ID  Internal  Behavior anomaly detection  Clickstream analysis 6
  7. 7. © IBM Trusteer, 2014 Malware Protection 7
  8. 8. Malware Protection - Outsource
  9. 9. © IBM Trusteer, 2014 Device Forging
  10. 10. © IBM Trusteer, 2014 Bypassing Device ID Notification LoginInjection
  11. 11. © IBM Trusteer, 2014 Bypassing Device ID RDP Transaction
  12. 12. © IBM Trusteer, 2014 Behavior and Device ID Tricks 12  The data source:  Large European bank  3 weeks worth of data  1.5M accounts reviewed  10M login attempts  Fraudsters know behavioral profiling is in action  Fraud does not happen on the first login  30% of the users come from a mobile device  Confirmed fraud coming from the mobile channel. WHY?
  13. 13. New Mobile Threats 13
  14. 14. © IBM Trusteer, 2014 How Times Have Changed…
  15. 15. © IBM Trusteer, 2014 Overlay Mobile Attack
  16. 16. © IBM Trusteer, 2014 Overlay Mobile Attack
  17. 17. © IBM Trusteer, 2014 Mobile Ransomware
  18. 18. Cybercrime Services 18
  19. 19. © IBM Trusteer, 2014 19
  20. 20. © IBM Trusteer, 2014 A Page From a CT Book – Sounds Familiar?
  21. 21. © IBM Trusteer, 2014 Building a Solution Advanced Fraud Prevention Real Time Intelligence • Integrated: fully integrated to leverage threat data across channels • Global: identify threats any time, anywhere for all channels Seamless Experience • Transparent: minimize “action items” to user • Automated: minimize “action items” to staff Accurate Analysis • Focused: root cause • Impactful: prevent, detect, mitigate and remediate Adaptive Controls • Intelligent: build with the “unknowns” • Dynamic: rapidly updatable software
  22. 22. © IBM Trusteer, 2014 And Always Remember – Security is in YOUR Hands
  23. 23. © IBM Trusteer, 2014 And Always Remember – Security is in YOUR Hands 23
  24. 24. © IBM Trusteer, 2014 And Always Remember – Security is in YOUR Hands 24
  25. 25. Thank You
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×