Financial threats review 2017
•Download as PPTX, PDF•
2 likes•1,310 views
While financial threats tend not to get as much news coverage as ransomware, maybe because they have a less visual impact, they are far more prevalent. With over 1.2 million annual detections, the financial threat space is 2.5 times bigger than that of ransomware. Further Reading Financial malware more than twice as prevalent as ransomware (https://www.symantec.com/connect/blogs/financial-malware-more-twice-prevalent-ransomware) Financial threats review 2017 (https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-financial-threats-review-2017-en.pdf)
Recommended
Recommended
More Related Content
Recently uploaded
Recently uploaded (20)
Featured
Featured (20)
Financial threats review 2017
- 3. 3
- 4. 4
- 6. 6 Banswift attacks: February 2016 o o o o o o o o o
- 9. 9 o o o o o
- 10. 10 Disruptive attacks against banks o o o o
- 12. 12 Email attacks up, web attacks down 0 100,000 200,000 300,000 400,000 500,000 600,000 700,000 800,000 900,000 Jan-16 Feb-16 Mar-16 Apr-16 May-16 Jun-16 Jul-16 Aug-16 Sep-16 Oct-16 Nov-16 Dec-16 W97M.Downloader JS.Downloader
- 13. 13 Typical emailed malware infection process
- 14. 14
- 15. 15 Financial Trojans: down but not out 0 50,000 100,000 150,000 200,000 250,000 300,000 o o o
- 16. 16 o o
- 17. 17 0 10,000 20,000 30,000 40,000 50,000 60,000 70,000 80,000 90,000 Bebloh Ramnit Snifula Zbot Activities of common financial Trojan families
- 20. 20 o o o o When to use manual remote access? o o o o
- 21. 21 Japan 36.69% 3.21% China 6.92% 4.69% India 6.37% 6.31% USA 6.30% 8.54% Indonesia 4.78% 6.31% o o
- 23. 23 Top targeted countries by institutions o o o o
- 24. 24 Uneven sample/target distribution oThree Dridex samples targets the same 16 banks in Germany, and 10 in Austria oPrevalence fluctuates a lot oNot all groups have precision in distribution method
- 26. 26 Mobile banking threats o o joe_bloggs ******** https://my.bank.tld Real bank websiteReal website
- 29. 29 o o o o o o o
- 35. 35 o BLOG: Financial malware more than twice as prevalent as ransomware o WHITEPAPER: Financial threats review 2017 Further reading
- 36. Thank you
Editor's Notes
- Talking points: Credit Card fraud: Most common threat type. Card data is sold for as low as $0.10 in underground forums Stolen with Trojans or through data breaches The move to Chip&Pin in the US will shift this threat. Financial Trojans: Methods have not changed much over the last years, because they still work Modify the traffic/transactions in the browser of the user Phishing: 1 in 965 emails in 2014 was a phishing email The trend is declining as it no longer works with all services Social Engineering: Difficult to block with technology, awareness is key Attackers convince the victim to conduct the fraudulent transaction or to reveal security tokens Popular example: Attackers hack the mail server of a company and change the details of the invoices at the end of the month. Mobile Fraud: Mobile payment solutions are starting to emerge and therefore gain focus of the attackers Mobile phones are attacked to access two-factor authentication tokens ---- Disruption / DDoS DDoS can be used as distraction during a targeted attack Blackmailing: Classic blackmail attack against the company to release sensitive data from a data breach or to conduct a DDoS Bank2Bank Fraud Increasing trend: Attackers hack into the bank and issue transaction directly on the backend ATM/POS Attacks Financial institutions need to secure all devices that process their data (PointOfSales, ATM,…) Common Attacks Financial institutions have to fight against common threats like any other company. Data breaches etc Targeted attacks (APTs) against financial institutions are common. In September 2015 the financial sector was the most targeted sector by targeted attacks with 27%
- This same group was also linked to heists targeting banks that make transfers using the SWIFT network, though the SWIFT network itself was not compromised in any of these attacks. Vietnam’s Tien Phong Bank revealed that it had intercepted a fraudulent transfer of more than $1 million in the fourth quarter of 2015. Research by Symantec also uncovered evidence that another bank was targeted by the same group in October 2015. A third bank, Banco del Austro in Ecuador, was also reported to have lost $12 million to attackers using fraudulent SWIFT transactions, although no definitive link could be made between that fraud and the attacks in Asia. Symantec has evidence that these attacks targeted at least 30 other countries. Symantec believes the Lazarus group may have reappeared in 2017 with further attacks against financial institutions.
- The ability to enable macros is just a click away. But the attacker must get the victim to click. To get the victim to do this all the attacker does is ask. Or as in this case, make the victim think the file is unreadable unless they enable macros.
- Five Bebloh samples represented 93% of global infections in Jan 2016