Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Disruptive innovation in cybercrime techniques

690 views

Published on

Etay Maor. Senior Fraud Prevention Strategist. Trusteer (an IBM company).

Curso de Verano "Innovación Disruptiva en tecnologías de seguridad". Campus Vicálvaro de la URJC.

Summer Course "Disruptive innovation in security technologies". URJC's Vicálvaro Campus.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Disruptive innovation in cybercrime techniques

  1. 1. Disruptive Innovation in Cybercrime Techniques Etay Maor Senior Fraud Prevention Strategist
  2. 2. © IBM Trusteer, 2014 Security Silos FAIL!
  3. 3. © IBM Trusteer, 2014 Targeting Security Solutions:  External and Perimeter  Anti virus  Sandbox  VMs  Login  Credential protection and encryption  OTP SMS  Device ID  Internal  Behavior anomaly detection  Clickstream analysis 3
  4. 4. © IBM Trusteer, 2014 Malware Protection 4
  5. 5. © IBM Trusteer, 2014 Malware Protection 5
  6. 6. Malware Protection - Outsource
  7. 7. © IBM Trusteer, 2014 Device Forging
  8. 8. © IBM Trusteer, 2014 Bypassing Device ID Notification LoginInjection
  9. 9. © IBM Trusteer, 2014 Bypassing Device ID RDP Transaction
  10. 10. © IBM Trusteer, 2014 Behavior and Device ID Tricks 10  The data source:  Large European bank  3 weeks worth of data  1.5M accounts reviewed  10M login attempts  Fraudsters know behavioral profiling is in action  Fraud does not happen on the first login  30% of the users come from a mobile device  Confirmed fraud coming from the mobile channel. WHY?
  11. 11. New Mobile Threats 11
  12. 12. © IBM Trusteer, 2014 How Times Have Changed…
  13. 13. Trusteer Confidential 2013 © Ajax Vs Barcelona 13
  14. 14. Trusteer Confidential 2013 © Ajax Vs Barcelona??? 14
  15. 15. © IBM Trusteer, 2014 Overlay Mobile Attack
  16. 16. © IBM Trusteer, 2014 Overlay Mobile Attack
  17. 17. © IBM Trusteer, 2014 Mobile SVPENG 17
  18. 18. © IBM Trusteer, 2014 Mobile SVPENG 1 8  C&C – ransomware preparations
  19. 19. © IBM Trusteer, 2014 Mobile Ransomware
  20. 20. Thank You

×