Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention

670 views

Published on

IBM Security. Trusteer Web Fraud: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention.

Published in: Data & Analytics
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention

  1. 1. © 2014 IBM Corporation IBM Security 1 09.15-10.00 Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention Ori Bach, Senior Security Strategist Trusteer, IBM Security
  2. 2. © 2014 IBM Corporation IBM Security 2 Agenda  Malware is constantly adapting to the security market  Cybercrime becomes more commoditized & global  Significant events in 2015  Behind the scenes of IBM Trusteer research www.securityintelligence.com has some great webinars and blogs to demonstrate all of this
  3. 3. © 2014 IBM Corporation IBM Security 3 The fraud prevention challenge: Cybercriminals don’t sleep Fraud operation costs Authentication challenges Transaction delays Account Suspensions
  4. 4. 5 © 2014 IBM Corporation Malware is constantly adapting to the security market
  5. 5. © 2014 IBM Corporation IBM Security 6 Malware developers continue to innovate  Neverquest - AV evasion methods / Mobile component  Bugat- Cridex/Dridex/Geodo/Feodo/ Emotet  GameOver Zeus - P2P infrastructure  Dyre – DNS Routing
  6. 6. © 2014 IBM Corporation IBM Security 7 2FA continues to be breached
  7. 7. © 2014 IBM Corporation IBM Security 8 Device takeover grows up  From simple RATs to advanced malware – device takeover was everywhere  PoS attacks target built in remote session solutions  Citadel’s persistent RDP and new targets
  8. 8. 9 © 2014 IBM Corporation Cybercrime becomes more commoditized
  9. 9. © 2014 IBM Corporation IBM Security 10 Fraud sales and hackers for hire
  10. 10. © 2014 IBM Corporation IBM Security 11 Cybercriminals Will Rely on Anonymity Networks  Accessing TOR and other networks is becoming easier  Safer cybercrime eCommerce platform  Safer for malware infrastructure (i2Ninja, Chewbacca…)  Also presents challenges Broader adaptation of anonymity networks and encryption
  11. 11. © 2014 IBM Corporation IBM Security 12 SMS stealers for sale 12 User Name + Password OTP SMS Credentials OTP SMS TOR C&C
  12. 12. © 2014 IBM Corporation IBM Security 13 Malvertising – The madman of the cybercrime world
  13. 13. 14 © 2014 IBM Corporation Cybercrime continues to go global
  14. 14. © 2014 IBM Corporation IBM Security 15 Breakdown of boarders – geography and technology  Local variants of global malware – Bugat variants Dridex , Emotet and Geodo  Cybercriminals are finding new ways to corporate and overcome cultural differences
  15. 15. © 2014 IBM Corporation IBM Security 16 Dyre – From local attack to global threat in 6 months US Department of Homeland Security Dyre Alert October First reports of attacks against US/UK targets June Attacks against Targets in Australia and China December Over 100 firms targeted November Attack against salesforce.com September Attacks against Romanian, German and Swiss Banks October 2014
  16. 16. © 2014 IBM Corporation IBM Security 17 Dyre campaigns target banks around the globe
  17. 17. 19 © 2014 IBM Corporation Attack Vectors
  18. 18. © 2014 IBM Corporation IBM Security 20 Major Breaches – your data is out there  There were so many… Does anyone even remember P.F.Chang and Evernote by now?  If you want the red pill go to http://hackmageddon.com/  Several (not very surprising) reoccurring themes: – Zero day exploits in common software – 3rd party hack – Use of RATs Source: hackmageddon.com
  19. 19. © 2014 IBM Corporation IBM Security 21 Mobile Threats  Classic threats migrate to mobile: – Phishing – Ransomware – Overlay Device takeover malware for mobile NFC, ApplePay – new targets Mobile malware will target more than SMS
  20. 20. 23 © 2014 IBM Corporation Significant events in 2015
  21. 21. © 2014 IBM Corporation IBM Security 24 Issued by The European Central Bank 2015 implementation deadline Malware detection and protection specifically recommended for: • Risk control and mitigation • Strong authentication • Transaction monitoring Recommendations for The Security of Internet Payments
  22. 22. © 2014 IBM Corporation IBM Security 25 Geo-political and economic situation in Russia & Brazil
  23. 23. © 2014 IBM Corporation IBM Security 26 Summary  Cybercriminals find cheap ways to circumvent expensive controls  Cybercriminals break borders (technology and geography)  Mobile exploit packs, device takeover, payment targeting and more  late adaptors of ECB security internet payments

×