Cybercrime to Financial Services, aimed at taking over customer transactions and online banking sessions, also
attacks against the financial institutions
themselves.
Symantec's Internet Security Threat Report for the Government SectorSymantec
Symantec has established the most comprehensive source of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of more than 41.5 million attack sensors and records thousands of events per second. This network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight Threat Management System, Symantec Managed Security Services, Norton consumer products, and other third-party data sources.
In addition, Symantec maintains one of the world’s most comprehensive vulnerability databases, currently consisting of more than 60,000 recorded vulnerabilities (spanning more than two decades) from over 19,000 vendors representing over 54,000 products.
Spam, phishing, and malware data is captured through a variety of sources including the Symantec Probe Network, a system of more than 5 million decoy accounts, Symantec.cloud, and a number of other Symantec security technologies. Skeptic, the Symantec.cloud proprietary heuristic technology, is able to detect new and sophisticated targeted threats before they reach customers’ networks. Over 8.4 billion email messages are processed each month and more than 1.7 billion web requests filtered each day across 14 data centers. Symantec also gathers phishing information through an extensive anti-fraud community of enterprises, security vendors, and more than 50 million consumers.
Symantec Trust Services provides 100 percent availability and processes over 6 billion Online Certificate Status Protocol (OCSP) look-ups per day, which are used for obtaining the revocation status of X.509 digital certificates around the world. These resources give Symantec analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam. The result is the annual Symantec Internet Security Threat Report, which gives enterprises, small businesses, and consumers essential information to secure their system effectively now and into the future.
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Symantec
Internet Security Threat Report 2014 :: Volume 19 :: Appendices
Hardcore data from Symantec’s Internet Security Threat Report.
Real number crunching on Threat Malicious Code, Fraud & Vulnerability trends including
Threat Activity Trends
• Malicious Activity by Source
• Malicious Web-Based Attack Prevalence
• Analysis of Malicious Web Activity by Attack Toolkits
• Analysis of Web-Based Spyware, Adware, and Potentially Unwanted Programs
• Analysis of Web Policy Risks from Inappropriate Use
• Analysis of Website Categories Exploited to Deliver Malicious Code
• Bot-Infected Computers
• Analysis of Mobile Threats
• Quantified Self – A Path to Self-Enlightenment or Just Another Security Nightmare?
• Data Breaches that could lead to Identity Theft
• Threat of the Insider
• Gaming Attacks
• The New Black Market
Malicious Code Trends
• Top Malicious Code Families
• Analysis of Malicious Code Activity by Geography, Industry Sector, and Company Size
• Propagation Mechanisms
• Email-Targeted Spear-Phishing Attacks Intelligence
Spam and Fraud Activity Trends
• Analysis of Spam Activity Trends
• Analysis of Spam Activity by Geography, Industry Sector, and Company Size
• Analysis of Spam Delivered by Botnets
• Significant Spam Tactics
• Analysis of Spam by Categorization
• Phishing Activity Trends
• Analysis of Phishing Activity by Geography, Industry Sector, and Company Size
• New Spam Trend: BGP Hijacking
Vulnerability Trends
• Total Number of Vulnerabilities
• Zero-Day Vulnerabilities
• Web Browser Vulnerabilities
• Web Browser Plug-in Vulnerabilities
• Web Attack Toolkits SCADA Vulnerabilities
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
Watch the full episode on Youtube: https://youtu.be/M5Gsjwsnxtg
More than 10 million Android users have been saddled with a malware called GriftHorse that’s trojanizing various applications and secretly subscribing victims to premium mobile services – a type of billing fraud that researchers categorize as “fleeceware.”
Zimperium uncovered more than 130 GriftHorse apps being distributed through both Google Play and third-party application stores, across all categories. Some of them have basic functionality, and some of them do nothing, researchers said. In either case, once installed, they lead to victims being billed for premium services – but phone-owners are usually none the wiser until they take a look at their mobile bills.
This report solely belongs to Symantec. Credit is due to all original authors and no financial gain was made from the report, Simply sharing for educational purposes,
Security weekly september 28 october 4, 2021 Roen Branham
Watch the full episode on Youtube: https://youtu.be/Tl3pVMaCN60
Security weekly september 28 october 4, 2021
We review the Cyber Security news events that happened from September 28 - October 4, 2021.
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Symantec's Internet Security Threat Report for the Government SectorSymantec
Symantec has established the most comprehensive source of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of more than 41.5 million attack sensors and records thousands of events per second. This network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight Threat Management System, Symantec Managed Security Services, Norton consumer products, and other third-party data sources.
In addition, Symantec maintains one of the world’s most comprehensive vulnerability databases, currently consisting of more than 60,000 recorded vulnerabilities (spanning more than two decades) from over 19,000 vendors representing over 54,000 products.
Spam, phishing, and malware data is captured through a variety of sources including the Symantec Probe Network, a system of more than 5 million decoy accounts, Symantec.cloud, and a number of other Symantec security technologies. Skeptic, the Symantec.cloud proprietary heuristic technology, is able to detect new and sophisticated targeted threats before they reach customers’ networks. Over 8.4 billion email messages are processed each month and more than 1.7 billion web requests filtered each day across 14 data centers. Symantec also gathers phishing information through an extensive anti-fraud community of enterprises, security vendors, and more than 50 million consumers.
Symantec Trust Services provides 100 percent availability and processes over 6 billion Online Certificate Status Protocol (OCSP) look-ups per day, which are used for obtaining the revocation status of X.509 digital certificates around the world. These resources give Symantec analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam. The result is the annual Symantec Internet Security Threat Report, which gives enterprises, small businesses, and consumers essential information to secure their system effectively now and into the future.
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Symantec
Internet Security Threat Report 2014 :: Volume 19 :: Appendices
Hardcore data from Symantec’s Internet Security Threat Report.
Real number crunching on Threat Malicious Code, Fraud & Vulnerability trends including
Threat Activity Trends
• Malicious Activity by Source
• Malicious Web-Based Attack Prevalence
• Analysis of Malicious Web Activity by Attack Toolkits
• Analysis of Web-Based Spyware, Adware, and Potentially Unwanted Programs
• Analysis of Web Policy Risks from Inappropriate Use
• Analysis of Website Categories Exploited to Deliver Malicious Code
• Bot-Infected Computers
• Analysis of Mobile Threats
• Quantified Self – A Path to Self-Enlightenment or Just Another Security Nightmare?
• Data Breaches that could lead to Identity Theft
• Threat of the Insider
• Gaming Attacks
• The New Black Market
Malicious Code Trends
• Top Malicious Code Families
• Analysis of Malicious Code Activity by Geography, Industry Sector, and Company Size
• Propagation Mechanisms
• Email-Targeted Spear-Phishing Attacks Intelligence
Spam and Fraud Activity Trends
• Analysis of Spam Activity Trends
• Analysis of Spam Activity by Geography, Industry Sector, and Company Size
• Analysis of Spam Delivered by Botnets
• Significant Spam Tactics
• Analysis of Spam by Categorization
• Phishing Activity Trends
• Analysis of Phishing Activity by Geography, Industry Sector, and Company Size
• New Spam Trend: BGP Hijacking
Vulnerability Trends
• Total Number of Vulnerabilities
• Zero-Day Vulnerabilities
• Web Browser Vulnerabilities
• Web Browser Plug-in Vulnerabilities
• Web Attack Toolkits SCADA Vulnerabilities
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
Watch the full episode on Youtube: https://youtu.be/M5Gsjwsnxtg
More than 10 million Android users have been saddled with a malware called GriftHorse that’s trojanizing various applications and secretly subscribing victims to premium mobile services – a type of billing fraud that researchers categorize as “fleeceware.”
Zimperium uncovered more than 130 GriftHorse apps being distributed through both Google Play and third-party application stores, across all categories. Some of them have basic functionality, and some of them do nothing, researchers said. In either case, once installed, they lead to victims being billed for premium services – but phone-owners are usually none the wiser until they take a look at their mobile bills.
This report solely belongs to Symantec. Credit is due to all original authors and no financial gain was made from the report, Simply sharing for educational purposes,
Security weekly september 28 october 4, 2021 Roen Branham
Watch the full episode on Youtube: https://youtu.be/Tl3pVMaCN60
Security weekly september 28 october 4, 2021
We review the Cyber Security news events that happened from September 28 - October 4, 2021.
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Cyber Security for Energy & Utilities Special Editorial Edition Mohamed N. El-Guindy
Middle East Cyber Security Threat Report published in Cyber Security for Energy and Utilities Conference. 23 - 26 March 2014 - The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, United Arab Emirates
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICESAM Publications,India
The Internet or World Wide Web has become prominent platform for business and commerce and is witnessing user growth with increased penetration of mobile Internet. Huge traffic is being generated, some of it being legitimate and the rest being malicious. Hence the implementation and maintenance of Information Security programs is been done .In the age of the Internet, protecting our information has become just as important as protecting our property. Malware authors have found and exploited new zero-day vulnerabilities resulting in damage to end-user system. Ransomware, a malware that has taken malware attacks to a new level by locking files of the affected user and demand Bitcoin payment to unlock those files. On the other hand the Volume and frequency of Distributed Denial of Service (DDoS) attacks have increased. Many unpatched machines without the knowledge of its owners have become a part of Botnets which carry out DDoS attacks. This paper focuses on strategies to be adopted to protect individual hosts from malware attacks and other types of intrusions using Deception, White-Listing and Reputation Services.
Countering Cyber Threats By Monitoring “Normal” Website BehaviorEMC
Have you considered using big data to protect against cyber threats? Savvy CSOs are doing just that-leveraging hoards of web traffic data to model normal online behavior and then use that insight to counter attempts at business-logic abuse. Check out this informative technology dossier to explore the ins and outs of using big data analysis and web-user profiling to protect your company against cyber threats.
Find out how to protect your petroleum retail assets from cyber attacks and discover 6 steps to take once you uncover a hack, how to notify data breach victims, what to do if you discover malware, red flags to watch for on social media, and more!
This brief presentation gives you a quick overview on how the Cyber Threat Landscape is shaping up in 2017 for individuals and business owners alike. It puts forth some important trends and predictions.
A recent presentation given by us (Cybernetic Global Intelligence) on current trends in Cyber Crime and its effect on companies and law firms in Australia.
Cyber Security for Energy & Utilities Special Editorial Edition Mohamed N. El-Guindy
Middle East Cyber Security Threat Report published in Cyber Security for Energy and Utilities Conference. 23 - 26 March 2014 - The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, United Arab Emirates
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICESAM Publications,India
The Internet or World Wide Web has become prominent platform for business and commerce and is witnessing user growth with increased penetration of mobile Internet. Huge traffic is being generated, some of it being legitimate and the rest being malicious. Hence the implementation and maintenance of Information Security programs is been done .In the age of the Internet, protecting our information has become just as important as protecting our property. Malware authors have found and exploited new zero-day vulnerabilities resulting in damage to end-user system. Ransomware, a malware that has taken malware attacks to a new level by locking files of the affected user and demand Bitcoin payment to unlock those files. On the other hand the Volume and frequency of Distributed Denial of Service (DDoS) attacks have increased. Many unpatched machines without the knowledge of its owners have become a part of Botnets which carry out DDoS attacks. This paper focuses on strategies to be adopted to protect individual hosts from malware attacks and other types of intrusions using Deception, White-Listing and Reputation Services.
Countering Cyber Threats By Monitoring “Normal” Website BehaviorEMC
Have you considered using big data to protect against cyber threats? Savvy CSOs are doing just that-leveraging hoards of web traffic data to model normal online behavior and then use that insight to counter attempts at business-logic abuse. Check out this informative technology dossier to explore the ins and outs of using big data analysis and web-user profiling to protect your company against cyber threats.
Find out how to protect your petroleum retail assets from cyber attacks and discover 6 steps to take once you uncover a hack, how to notify data breach victims, what to do if you discover malware, red flags to watch for on social media, and more!
This brief presentation gives you a quick overview on how the Cyber Threat Landscape is shaping up in 2017 for individuals and business owners alike. It puts forth some important trends and predictions.
A recent presentation given by us (Cybernetic Global Intelligence) on current trends in Cyber Crime and its effect on companies and law firms in Australia.
The frequency and impact of cyber attacks have escalated cybersecurity to the top of Board agendas. Institutions are no longer asking if they are vulnerable to cyber attacks. Instead, the focus has shifted to how the attack might be executed, risks and impact. Most importantly, their organisational readiness and resilience to such threats.
Anatomy of an Enterprise Social Cyber Attack ZeroFOX
By now, social media has clearly established itself as a dominant force in our lives: Nearly three-quarters of adults who go online use a social network of some kind. More than two of five use multiple social network sites. As a result, cyber criminals are flocking to these sites to trigger attacks, targeting users and organizations. In fact, one-third of data breaches originate via social networks, and companies suffer an average of $5.4 million per attack.
Read More: https://www.zerofox.com/blog/the-anatomy-enterprise-social-cyber-attack-infographic/
As an intro to cybersecurity session, these slides were used to highlight few breaches, their impacts in various fronts and what it means to us (folks in IT industry).
Original air date: Aug. 29, 2017
Rebroadcast and recording info at http://www.mhmcpa.com
Cybercriminals don’t discriminate when it comes to valuable data. Not-for-profit organizations are just as vulnerable to technology-related risks as for-profit organizations. Robust cybersecurity and information technology controls can help not-for-profits keep sensitive information secure, and as data breaches become more common, information technology controls are increasingly vital to your operations.
In our webinar, we'll discuss some of the most common technology risks for not-for-profits and what management can do to mitigate those risks.
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...Aditya K Sood
Cyber criminals are using advanced attacks to exploit online banking systems and services to covertly steal money. This paper describes the tactics currently used by cyber criminals to conduct cyber bank robbery
Materi yang saya sampaikan pada cara Focus Group Discussion (FGD) BSSN mengenai peraturan Voluntary Vulnerability Disclosure Program (VVDP) milik BSSN, berkaitan dengan uji publik peraturan. Semoga bermanfaat
Pemateri akan membahas tentang fenomena "bug bounty" di dunia keamanan, membahas juga
mengenai "0day" exploit yang menjadi senjata andalan para pelaku kejahatan siber sampai "APT actor",
dan mengajak bersama-sama untuk membahas apakah benar "bug bounty" dapat membendung dampak dari 0day exploit.
Nowadays, like the technology itself, hacking activities against mobile phone is growing very rapidly, both for mobile devices (operating system) or mobile applications, some applications providers even dedicate a penetration testing activity for applications that they created right before it gets released to the public, while others open a bug bounty programs, and sadly the rest just watch and do nothing.
On the other side, malware developer arround the world also already move their main target and has been developing malware to take over the mobile devices which surely keep all our personal/private and our work, some of it even make us to pay for getting it back.
This talks will be focusing more on the trend of mobile device security lately, mobile security penetration testing activity, also in practice, showing several types of common weaknesses/vulnerabiliies within the mobile applications and how the exploitation is done by the attacker, malware is created and planted, until it is successfully to take over the target mobile device.
The content:
1. Discuss about famous web attack vector
2. DVWA low security level walkthrough
3. Web Application Security Tools, nikto and nmap
4. Burp Suite Usage
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
6. A harmful activity, executed by onegroup
(including both grassroots groups or nationally
coordinated groups) through computers, IT systems
and/or the internet and targeting the computers,
IT infrastructure and internet presence of
another entity.*
6
Cyber
crime
* www.iosco.org, international organization of securities
7. A.k.a computer oriented crime, is crime that
involves a computer and a network.*
7
Cyber
crime
* Moore, R. (2005) "Cyber crime: Investigating High-Technology Computer Crime," Anderson Publishing.
8. • Crime Against Individual
• Crime Against Property
• Crime Against Organizations
• Crime Against Society
8
Cyber
crime
Classification
11. • Cracking
• Computer vandalism
• Intellectual Property Crimes
• Threatening
• Cyber Squatting
11
Cyber
crime
Against Property
Another classification of Cyber-crimes is that,
Cybercrimes against all forms of property. This
kind of crime is normally prevalent in the
financial institutions or for the purpose of
committing financial crimes.
13. • Is motivated by a political, religious or
ideological cause
• Is intended to intimidate a government or a
section of the public to varying degrees
• seriously interferes with infrastructure
13
Cyber
crime
Against Organizations
Also known as CyberTerrorism, is the use of the
Internet to conduct violent acts that result in,
or threaten, loss of life or significant bodily
harm, in order to achieve political gains through
intimidation.*
* wikipedia.org
15. • Cyber Trafficking
• Online Gambling
• Child Pornography
• Bigger Financial Crimes
• Salami Attack
15
Cyber
crime
Against Society
An unlawful act done with the intention of
causing harm to the cyberspace will affect large
number of persons. These offences include.
25. Financial threats, aimed at taking over customer
transactions and online banking sessions, also
attacks against the financial institutions
themselves.
25
Threats
to
financial
services • Against Customers.
• Against Financial Institutions.
26. • Credit card Fraud
• Financial Trojan
• Social engineering (Phishing)
• Mobile Fraud
26
The Most Common Threats
against Customers Side
Threats
to
financial
services
27. Credit card fraud is a wide-ranging term for
theft and fraud committed using or involving a
payment card, such as a credit card or debit
card, as a fraudulent source of funds in a
transaction.
The purpose may be to obtain goods without
paying, or to obtain unauthorized funds from an
account.
27
Credit
Card
fraud
• Hacked e-commerce
• Fake websites/payment gateway
• Phishing
• Sold at Black Market
30. Malware, one of the major threats against cyber
security today is malicious software, often
referred to as malware.
Malware exploits software vulnerabilities in
browsers, third party software and operating
systems to gain access to the device and its
information and resources. To spread, malware
uses also social engineering techniques to trick
users into installing and running the malicious
code.
30
Financial
Trojan
• Virus
• worms
• remote access tools
• rootkits
• Trojan Horse
• spyware
• adware
• ransomware
31. A.k.a Banking Trojan, trojan horse that redirects
traffic from banking and financial websites to
another website, ostensibly a website that the
attacker has access to. When the software is
executed it copies itself onto the host computer,
creating folders and setting Registry entries
each time the system is started.
31
Financial
Trojan
• zeus
• spyEye
• shylock
• dyre
• carbanak
• Odinaff
36. Pelaku Melakukan
transfer ke rekening
pelaku dan diminta
token 2
36
Nasabah
Memasukkan
Username &
Password
Pelaku login dengan
Username &
Password milik
nasabah dan langsung
menambahkan
rekening milik pelaku
pada daftar transfer
diminta token 2
Nasabah diminta
memasukkan hasil
Apply Token 2
Nasabah diminta
memasukkan hasil
Apply Token 2
Trojan
menampilkan
kode angka
untuk token 2&
dan meminta
hasil token 2
Trojan
mengirimkan
hasıl Apply
token 2 ke
Pelaku
Trojan
mengirimkan
kode angka
untuk token 2
dan meminta
hasil token 2
Pelaku memasukkan
kode token 2 dan
diminta memasukkan
kode token 1 untuk
konfirmasi
Nasabah diminta
memasukkan hasil
Apply Token 1
Trojan
mengirimkan
hasıl Apply
token 2 ke
Pelaku
Trojan
mengirimkan
permintaan
hasil token 1
Pelaku memasukkan
kode token 1 dan
transfer pun sukses di
lakukan
Trojan
mengirimkan
hasıl Apply
token 1 ke
Pelaku
Saldo Nasabah
berkurang.
“Sinkronisasi Token” Attack untuk Transfer
37. Social engineering, in the context of information
security, refers to psychological manipulation of
people into performing actions or divulging
confidential information
37
Social
Engineering
• Spear-Phishing
• Website attack vector
• Infectious Media
• SMS Spoofing
38. Phishing is the attempt to obtain sensitive
information such as usernames, passwords, and
credit card details (and money), often for
malicious reasons, by disguising as a trustworthy
entity in an electronic communication.
38
Phishing
• Link Manipulation
• Filter Evasion
• Website Forgery
• Covert Redirect (using XSS Vulnerability)
• Social Engineering
41. Mobile banking continues to grow in popularity as
customers drive the pace of change towards full
service banking apps in favor of physical visits
to the branch.
Banking apps are also becoming more popular than
desktop sessions for many users, because they can
leverage built-in authentication features of
devices, such as ngerprint biometrics, making the
login process particularly seamless.
41
Mobile
Fraud
44. 44
Mobile
Fraud
• Fake Banking App (via Free Apps)
• Mobile Malware
• Spoofed SMS Messages
• Phishing Attacks
• Mobile Apps Vulnerability
45. The new version of BankBot has been hiding in
apps that pose as supposedly trustworthy
flashlight apps, tricking users into downloading
them, in a first campaign.
In a second campaign, the solitaire games and a
cleaner app have been dropping additional kinds
of malware besides BankBot.The malicious
activities include the installation of a fake
user interface that’s laid over the clean banking
app when it’s opened by the user.
As soon as the user’s bank details are entered
they are collected by the criminal. In some
countries, banks use transaction authentication
numbers (TANs), a form of two-factor
authentication required to conduct online
transfers often used by European banks. The
authors of BankBot intercept their victims’ text
message that includes the mobile TAN, allowing
them to carry out bank transfers on the user's
behalf.
45
Bankbot
research
by Avast
“Mobile banking Trojan sneaks into Google Play targeting Wells Fargo,
Chase and Citibank customers” - https://blog.avast.com/mobile-
banking-trojan-sneaks-into-google-play-targeting-wells-fargo-chase-
and-citibank-customers
50. • Distributed Denial of Service (DDOS)
• BlackMailing
• Bank2Bank Fraud
• ATM/POS Attack
• Salami Attacks
• Multi Factor Attacks
50
The Most Common Threats
against Financial Institutions
Threats
to
financial
services
51. Is a cyber-attack where the perpetrator seeks to
make a machine or network resource unavailable to
its intended users by temporarily or indefinitely
disrupting services of a host connected to the
Internet.
Denial of service is typically accomplished by
flooding the targeted machine or resource with
superfluous requests in an attempt to overload
systems and prevent some or all legitimate
requests from being fulfilled.
51
DDOS
54. One of the more common attacks against healthcare
providers involves the use of ransomware, where
patient records or hospital networks are hacked
and subsequently locked down until a ransom is
paid, typically in untraceable electronic
currency, such as bitcoin.
54
Blackmailing
56. Jackpotting/cash out attack - Jackpotting is a
term for attacks where malware takes control of
the ATM PC and the cash dispenser function,
thereby allowing the fraudster to directly cash
out money. In most cases the malware is adapted
to a specific environment, but the concepts can
be easily migrated to different systems.
56
ATM Related
Attack
59. Man-in-the-Middle Attack - MITM attacks focus on
the communication between the ATM PC and the
acquirers host system. The malware can, for
example, fake host responses to withdraw money
without debiting the fraudster’s account.
Typically the malware is triggered during
transactions with pre-configured card numbers. It
can be implemented at a high software layer of
the ATM PC or somewhere within the network.
59
ATM Related
Attack
61. A salami attack is a series of minor attacks that
together results in a larger attack. Computers
are ideally suited to automating this type of
attack.
Also known as penny shaving, is the fraudulent
practice of stealing money repeatedly in
extremely small quantities, usually by taking
advantage of rounding to the nearest cent (or
other monetary unit) in financial transactions.
61
Salami
Attack
63. SWIFT stands for the Society for Worldwide
Interbank Financial Telecommunication and is a
consortium that operates a trusted and closed
computer network for communication between member
banks around the world.
63
SWIFT
hacking
66. Attacker able to obtained valid credentials the
banks use to conduct money transfers over SWIFT
and then used those credentials to initiate money
transactions as if they were legitimate bank
employees.
They installed malware on the bank's network to
prevent workers from discovering the fraudulent
transactions quickly.
In the case of Bangladesh Bank, the malware
subverted the software used to automatically
print SWIFT transactions.
In the case of the bank in Vietnam, the custom
malware targeted a PDF reader the bank used to
record SWIFT money transfers. The malware
apparently manipulated the PDF reports to remove
any trace of the fraudulent transactions from
them.
66
SWIFT
hacking
67. Multi-vector attacks exploit common weaknesses in
the security chain - such as poorly configured
servers, gullible staff, vulnerable applications
or lack of multiple levels of defence - by
combining elements like social engineering, spear
phishing, contaminated USB drives and voice
phishing with malicious attachments carrying code
that exploits known or unknown vulnerabilities on
the target system.
Oftentimes, multi-vector attacks are designed to
avoid traditional defences like anti-virus
software, intrusion detection systems and other
endpoint protection programs, which makes them
elusive, difficult to detect and hard to defeat.
67
Multi
Factor
Attack
68. 68A security researcher examining Equifax's servers observed an online portal, apparently created for Equifax
employees only, was accessible to the open Internet.
70. Since financial threats “mostly” targeted the
customers and the financial institutions, so we
will try to controls and suggest the mitigations.
70
Suggested
Controls
and
Mitigation
71. A continuous exchange of intelligence information
about attacks and countermeasures among the IT
experts of Financial Institution is considered to
be almost the only possible defence against these
types of attacks.
A very important aspect to counter the social
engineering attacks is continued awareness
raising campaigns.
Financial Institutions need to have a proper
customer education system in place, not only
addressing individual clients but also including
SMEs and large corporates, explaining the risks
in layman words.
71
Social
engineering
(e.g:
Phishing)
73. • Minimise the number of installed programs on
the device (and from trusted resources only).
• Regularly update the installed software and to
remove software that does no longer have any
use.
• Activate automatic update for OS and apps
installed.
• Limit the use of Administrative rights.
• Use and Update Anti-Virus.
• Use and Configure Firewall.
• Company; Use More sophisticated to protect the
users, such as IDS/IPS and APT protections.
• Use Script Blockers, e-mail filtering.
73
Malware
74. • Update the software running on your mobile
device with the latest security patches and
upgrades, these should be sent to you by your
network / operating system provider
• Use a secure lock screen, set a password, PIN
or fingerprint to unlock your device
• Add a PIN or Passcode to the voice-mail on
your mobile device
• install anti-virus software on your mobile
device
• Use two-factor authentication when the risk is
high.
74
Mobile
Related
Attacks
(Users)
75. • Do not allow applications to be installed from
unknown / untrusted sources
• Do not allow jailbroken or rooted devices
• Monitor App stores and internet for fake
applications
• Implement anti tampering controls.
• Protect app code with code signing and / or
obfuscation.
• Implement strong sensitive data encryption on
device.
• Do not consider frequently used third-party
libraries as secure and validate them before
using them.
• Implement controls to protect communication
channel.
• Implement device owner/user verification.
• Implement mobile device verification.
• Implement two-factor authentication when the
risk is high.
• Perform Application Penetration testing.
75
Mobile
Related
Attacks
(Bank/
Developers)
76. • 3D Secure: authentication protocol based on a
three-domain model (Acquirer, Issuer &
Interoperability domain) to ensure
authenticity of both peers through internet
transactions.
• Tokenisation: process of substituting
sensitive data with non-sensitive equivalent
called token.
• PAN truncation: replaces the card number
printed in any system with a printout of only
the last four digits, the remainder being
replaced usually by asterisks.
• Geolocation
76
Card
Related
Attacks
(Merchants)
77. • Use of strong authentication with the rollout
of chip (EMV) & PIN.
• Geoblocking: To protect cards from being
misused by skimming fraud, it is strongly
recommended to protect cards with a
geographical region of use.
• Blocking:To limit the usage of cards to
specific channels or specific contexts.
• Fraud monitoring: Deploy a responsive, real-
time fraud system with prevention
capabilities. Ensure your fraud system
identifies suspicious patterns of behavior to
stop fraud based on tailor-made scenarios and
rules.
77
Card
Related
Attacks
(Issuers)
78. • Communication authentication and encryption
protections should be apply to ATM Traffic,
use TLS or VPN.
• Firewall should established.
• Operating System should be hardened support
with policy and procedure to do it.
• Deploy Anti-Malware and logical protection
(using whitelisting).
• Uknown USB devices should be blocked.
78
ATM
Related
Attacks
79. • Doing offensive Security Regularly (IT
Security Penetration Testings)
• Regularly doing Security Audit and
vulnerability Assessments.
• financial institutions must keep investing in
new state of the art security technologies
(Advanced Threat Protection), ensuring that
their cyber defense frameworks provide
adequate response and defense-in-depth for
identifying, stopping and recovering from
multi-vector attacks.
79
Multi
factor
Attacks
80. References:
• “Cyber Crime – A Threat to Persons, Property,Government and Societies Er.
Harpreet Singh Dalla, Ms. Geeta “ - http://ijarcsse.com/Before_August_2017/
docs/papers/Volume_3/5_May2013/V3I5-0374.pdf
• “2016 PAYMENT THREATS TRENDS REPORT” - European Payment Council - https://
www.europeanpaymentscouncil.eu/sites/default/files/KB/files/
EPC293-16%20v1.0%20%202016%20Payment%20Threats%20Trends%20Report.pdf
• “The cybercrimes on financial and banking services:The Challenges and
Treatment.- MEZIOUD Brahim SMAI Ali, University of Medea” - https://
www.asjp.cerist.dz/en/downArticle/41/16/44/4701
• “2017 Cost of Cyber Crime Study - Accenture”- https://www.accenture.com/
t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-
CostCyberCrimeStudy.pdf
• “2017 Q3 Cybercrime Report - Threat Matrix” - https://www.threatmetrix.com/
info/q3-2017-cybercrime-report/
• “ISTR Financial Threat Review 2017 - Symantec” - https://www.symantec.com/
content/dam/symantec/docs/security-center/white-papers/istr-financial-threats-
review-2017-en.pdf
• “2016 SEA Online Fraud Benchmark Report - CyberSource” - http://
www.cybersource.com/content/dam/cybersource/en-APAC/Documents/
SEA_Fraud_Benchmark_Report.PDF
80
81. 81
Ahmad Muammar WK, OSCE, OSCP, eMAPT
email: me@ammar.web.id
Cybercrime:
A threat to
Financial
industry