Mobile devices have been targeted by cybercriminals for over seven years now. However, in 2014 things got serious. Cybercriminals realized that a major portion of eCommerce and online banking is moving to the mobile space, and with that companies are giving clients more options for larger transactions, and actions that were previously only performed on PCs. New PC grade malware appeared on mobile devices, some old PC tricks were transformed for mobile, and new mobile specific threats emerged. In this session we will analyze these threats using multiple customer case studies and Trusteer’s security team research data. We also take a look at the latest mobile threats, threats in development and mitigation tactics.
Mobile Banking Security Risks and Consequences iovation2015TransUnion
View the recorded presentation: https://www.iovation.com/resources/webinars/mobile-banking-security-risks-consequences
Gain insight into the evolution of mobile banking and the risks that accompany this business channel.
Balancing Security and Customer ExperienceTransUnion
Using Device Insight to Balance Fraud Prevention and Customer Experience
Today, your customer’s device has become their proxy for a large percentage of their online retail and banking activity. By using insight from those devices, you can reduce risk and ensure a smooth experience along the entire customer journey.
In this webinar, you’ll learn from Max Anhoury, our VP of Global partnerships, about:
* Today’s fraud and security trends
* What a fraud ring looks like
* The evolving online experience with EMV
* How to create frictionless security across the consumer journey
Doubling Down Winning over your VIP Customers Webinar with iovation TransUnion
Knowing who to trust online is as critical as identifying the high-risk fraudsters—this is especially true for many gambling operators. Recent studies have shown that it costs six to seven times more to acquire a new customer than retain an existing one. Quickly identify, reward and retain your VIP customers with enticing promotions and an excellent playing experience. This will engage them more, keep them on your site longer, and increase your bottom line.
In this webinar, you will learn:
*How to help Marketing target the right audience for VIP promotions
*Ways to safely accelerate more players to VIP status
*Techniques for streamlining login to reduce friction for good players
*How to capture more devices and strengthen your fraud protection through a hybrid device recognition approach
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
The mobile banking and payments opportunity for financial institutions is tremendous, and those who offer the most secure apps will prevail over the competition. But this opportunity is not without hazards, and the effect on revenue and brand caused by hackers can be devastating.
In this webinar, IBM Security Trusteer and Arxan focuson the mobile threat landscape and leading protection techniques to safeguard mobile payments and apps.
Industry experts from IBM Security Trusteer and Arxan review:
The changes in technology that have made mobile applications so vulnerable
Emerging mobile threat vectors and what you can do to mitigate the risks
Musts for the future of your security model
View the on-demand recording: http://arxan.wistia.com/medias/036z0iw7y1
Mobile Banking Security Risks and Consequences iovation2015TransUnion
View the recorded presentation: https://www.iovation.com/resources/webinars/mobile-banking-security-risks-consequences
Gain insight into the evolution of mobile banking and the risks that accompany this business channel.
Balancing Security and Customer ExperienceTransUnion
Using Device Insight to Balance Fraud Prevention and Customer Experience
Today, your customer’s device has become their proxy for a large percentage of their online retail and banking activity. By using insight from those devices, you can reduce risk and ensure a smooth experience along the entire customer journey.
In this webinar, you’ll learn from Max Anhoury, our VP of Global partnerships, about:
* Today’s fraud and security trends
* What a fraud ring looks like
* The evolving online experience with EMV
* How to create frictionless security across the consumer journey
Doubling Down Winning over your VIP Customers Webinar with iovation TransUnion
Knowing who to trust online is as critical as identifying the high-risk fraudsters—this is especially true for many gambling operators. Recent studies have shown that it costs six to seven times more to acquire a new customer than retain an existing one. Quickly identify, reward and retain your VIP customers with enticing promotions and an excellent playing experience. This will engage them more, keep them on your site longer, and increase your bottom line.
In this webinar, you will learn:
*How to help Marketing target the right audience for VIP promotions
*Ways to safely accelerate more players to VIP status
*Techniques for streamlining login to reduce friction for good players
*How to capture more devices and strengthen your fraud protection through a hybrid device recognition approach
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
The mobile banking and payments opportunity for financial institutions is tremendous, and those who offer the most secure apps will prevail over the competition. But this opportunity is not without hazards, and the effect on revenue and brand caused by hackers can be devastating.
In this webinar, IBM Security Trusteer and Arxan focuson the mobile threat landscape and leading protection techniques to safeguard mobile payments and apps.
Industry experts from IBM Security Trusteer and Arxan review:
The changes in technology that have made mobile applications so vulnerable
Emerging mobile threat vectors and what you can do to mitigate the risks
Musts for the future of your security model
View the on-demand recording: http://arxan.wistia.com/medias/036z0iw7y1
The importance of being human-centric instead of techno-centric is now fundamentally assessed in the context of secure digital identity for the financial services landscape.
Forward-looking banks and financial institutions are increasingly responding with resources and investments that deliver NEC’s state-of-the-art authentication methods
to meet consumer expectations. As a result, NEC’s vantage point goes far beyond cutting-edge technologies and solutions, such as integration of multimodal biometrics. Brought to you by NEC. To find out more, do visit http://www.nec.com/safety
Going beyond MFA(Multi-factor authentication)-Future demands much moreindragantiSaiHiranma
Automated Onboarding, Identity
Verification and Strong Authentication
are all needed by future-readiness
businesses that demand rapid
evolution for their businesses
transformation and growth.
These 3 features form the core in
hyper volume-velocity with remote
working and BYO-focused workplace
for every business too. End users and
employee as understand the need for
efficient solid identity verification
security, but they expect technology
to be simple, convenient, and fast.
With decreased visibility and
increased complexity, IT is more
challenged than ever to manage
authentication across a hybrid
an environment without disrupting end-user
Internet threats and its effect on E-commerceVipin Subhash
This is a highlight how internet threats are impacting the digital economy and how a new industry came to light and provided jobs to millions of people.
View the on-demand recording: http://securityintelligence.com/events/how-to-hack-a-cryptographic-key/
Cryptographic-focused attacks are rapidly growing problems and one of the most difficult risks to minimize. If your organization is not taking appropriate steps to protect these keys, you are giving hackers easy access to your private data and transactions.
Join IBM Security and Arxan Technologies for an important and informative web event where you will learn the techniques employed by the bad guys, the numerous and varied problems key hacking can cause your organization, and how to mitigate this emerging threat.
Watch this webinar to:
- Learn why standard cryptography is no longer sufficient to address the risks posed by advanced key hacking and interception
- View a demonstration of key-hacking techniques and the vulnerabilities they pose
- Gain insight into best practices to stay ahead of hackers and criminals that pose a threat to your organization, customers, employees, brand and reputation
nTrust’s P2P Money Transfer Service Puts Security First
In this case study you’ll learn how:
Shared global intelligence stops financial fraud
Device recognition offers advanced fraud intelligence to evaluate risk
Business rules can be easily customized for powerful, specific use case results
nTrust lets customers send money instantly from any location using a smartphone, tablet or computer. Fraudsters target money transfer services to open up accounts using stolen credit cards, add money, and then quickly transfer the money out. nTrust uses iovation’s sophisticated device recognition technology to access a globally-shared, cross-industry consortium of 2.5 billion devices and 25 million client-reported fraud records to evaluate risk up front in real-time and stop fraud.
An introduction to Solus - learn how Solus is combatting Cyber Crime and online security breaches with it's secure, easy-to-use, authentication platform. It's multifactor application uses biometric identification and scrambled pinpad technology and can be integrated with enterprise apps.
Lunch and Learn: Fraud Trends in Financial ServicesTransUnion
Fraud in Financial Services doesn’t just affect the bottom line, with the increased focus on security, brand reputation is also at stake. A customer’s personal and financial information is a highly valued asset to a cybercriminal and subject to sophisticated fraud techniques.
We’ll show you how we stop CNP fraud, account takeover, credit application fraud and the use of stolen/synthetic identities with our next-generation fraud prevention solution.
Browse to learn about:
- The power of combining machine learning with human intelligence
- Patterns of Financial Services fraud that we identified in 2017
- Real world examples of how to stop fraud in Financial Services
- How machine learning can help predict fraud before it happens
- The power of leveraging iovation’s device intelligence network
The digital workforce for GenZ must be able to work anytime, anywhere, and via any device. GenZ is mobile first and completely immersed. Hence digital workplace security program should seamlessly identify, detect, protect and respond to cyber threats and allowing employees to securely work anytime, from anywhere
Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...Priyanka Aash
The super computer gets a panoptic view of the city using data from cameras and sensor networks. The information obtained is used to manage the city’s infrastructure and technology as well as to maintain a database of personal information about citizens and their activities. In this article, we take a look at some of the real dangers facing today’s cities from malicious hackers.
Speakers:
Daniel Crowley , Research Baron at IBM X-Force Red
Jennifer Savage , Security Researcher at Threatcare
Mauro Paredes , Managing Consultant at IBM X-Force Red
The term "smart city" evokes imagery of flying cars, shop windows that double as informational touchscreens, and other retro-futuristic fantasies of what the future may hold. Stepping away from the smart city fantasy, the reality is actually much more mundane. Many of these technologies have already quietly been deployed in cities across the world. In this talk, we examine the security of a cross-section of smart city devices currently in use today to reveal how deeply flawed they are and how the implications of these vulnerabilities could have serious consequences.
In addition to discussing newly discovered pre-auth attacks against multiple smart city devices from different categories of smart city technology, this presentation will discuss methods for how to figure out what smart city tech a given city is using, the privacy implications of smart cities, the implications of successful attacks on smart city tech, and what the future of smart city tech may hold.
Intelligence-Driven Fraud Prevention
This RSA white paper discusses the need for new, intelligence-based approaches to manage fraud across digital channels.
4515 Modernize your CICS applications for Mobile and Cloudnick_garrod
InterConnect 2015 session 4515 Modernize your CICS applications for Mobile and Cloud. There’s a lot more to mobile than JSON and REST and this session will take you on a tour of what else is needed to ensure a smooth ride when building, testing, and deploying CICS mobile workloads. Whether identifying mobile entry points, managing frequent configuration changes, planning and validating performance, or enabling mobile applications for world-wide usage, IBM z/OS Tools help all DevOps roles. You’ll also learn how the same tools can also help you to use the CICS cloud to meet the need for speed of mobile apps.
The importance of being human-centric instead of techno-centric is now fundamentally assessed in the context of secure digital identity for the financial services landscape.
Forward-looking banks and financial institutions are increasingly responding with resources and investments that deliver NEC’s state-of-the-art authentication methods
to meet consumer expectations. As a result, NEC’s vantage point goes far beyond cutting-edge technologies and solutions, such as integration of multimodal biometrics. Brought to you by NEC. To find out more, do visit http://www.nec.com/safety
Going beyond MFA(Multi-factor authentication)-Future demands much moreindragantiSaiHiranma
Automated Onboarding, Identity
Verification and Strong Authentication
are all needed by future-readiness
businesses that demand rapid
evolution for their businesses
transformation and growth.
These 3 features form the core in
hyper volume-velocity with remote
working and BYO-focused workplace
for every business too. End users and
employee as understand the need for
efficient solid identity verification
security, but they expect technology
to be simple, convenient, and fast.
With decreased visibility and
increased complexity, IT is more
challenged than ever to manage
authentication across a hybrid
an environment without disrupting end-user
Internet threats and its effect on E-commerceVipin Subhash
This is a highlight how internet threats are impacting the digital economy and how a new industry came to light and provided jobs to millions of people.
View the on-demand recording: http://securityintelligence.com/events/how-to-hack-a-cryptographic-key/
Cryptographic-focused attacks are rapidly growing problems and one of the most difficult risks to minimize. If your organization is not taking appropriate steps to protect these keys, you are giving hackers easy access to your private data and transactions.
Join IBM Security and Arxan Technologies for an important and informative web event where you will learn the techniques employed by the bad guys, the numerous and varied problems key hacking can cause your organization, and how to mitigate this emerging threat.
Watch this webinar to:
- Learn why standard cryptography is no longer sufficient to address the risks posed by advanced key hacking and interception
- View a demonstration of key-hacking techniques and the vulnerabilities they pose
- Gain insight into best practices to stay ahead of hackers and criminals that pose a threat to your organization, customers, employees, brand and reputation
nTrust’s P2P Money Transfer Service Puts Security First
In this case study you’ll learn how:
Shared global intelligence stops financial fraud
Device recognition offers advanced fraud intelligence to evaluate risk
Business rules can be easily customized for powerful, specific use case results
nTrust lets customers send money instantly from any location using a smartphone, tablet or computer. Fraudsters target money transfer services to open up accounts using stolen credit cards, add money, and then quickly transfer the money out. nTrust uses iovation’s sophisticated device recognition technology to access a globally-shared, cross-industry consortium of 2.5 billion devices and 25 million client-reported fraud records to evaluate risk up front in real-time and stop fraud.
An introduction to Solus - learn how Solus is combatting Cyber Crime and online security breaches with it's secure, easy-to-use, authentication platform. It's multifactor application uses biometric identification and scrambled pinpad technology and can be integrated with enterprise apps.
Lunch and Learn: Fraud Trends in Financial ServicesTransUnion
Fraud in Financial Services doesn’t just affect the bottom line, with the increased focus on security, brand reputation is also at stake. A customer’s personal and financial information is a highly valued asset to a cybercriminal and subject to sophisticated fraud techniques.
We’ll show you how we stop CNP fraud, account takeover, credit application fraud and the use of stolen/synthetic identities with our next-generation fraud prevention solution.
Browse to learn about:
- The power of combining machine learning with human intelligence
- Patterns of Financial Services fraud that we identified in 2017
- Real world examples of how to stop fraud in Financial Services
- How machine learning can help predict fraud before it happens
- The power of leveraging iovation’s device intelligence network
The digital workforce for GenZ must be able to work anytime, anywhere, and via any device. GenZ is mobile first and completely immersed. Hence digital workplace security program should seamlessly identify, detect, protect and respond to cyber threats and allowing employees to securely work anytime, from anywhere
Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...Priyanka Aash
The super computer gets a panoptic view of the city using data from cameras and sensor networks. The information obtained is used to manage the city’s infrastructure and technology as well as to maintain a database of personal information about citizens and their activities. In this article, we take a look at some of the real dangers facing today’s cities from malicious hackers.
Speakers:
Daniel Crowley , Research Baron at IBM X-Force Red
Jennifer Savage , Security Researcher at Threatcare
Mauro Paredes , Managing Consultant at IBM X-Force Red
The term "smart city" evokes imagery of flying cars, shop windows that double as informational touchscreens, and other retro-futuristic fantasies of what the future may hold. Stepping away from the smart city fantasy, the reality is actually much more mundane. Many of these technologies have already quietly been deployed in cities across the world. In this talk, we examine the security of a cross-section of smart city devices currently in use today to reveal how deeply flawed they are and how the implications of these vulnerabilities could have serious consequences.
In addition to discussing newly discovered pre-auth attacks against multiple smart city devices from different categories of smart city technology, this presentation will discuss methods for how to figure out what smart city tech a given city is using, the privacy implications of smart cities, the implications of successful attacks on smart city tech, and what the future of smart city tech may hold.
Intelligence-Driven Fraud Prevention
This RSA white paper discusses the need for new, intelligence-based approaches to manage fraud across digital channels.
4515 Modernize your CICS applications for Mobile and Cloudnick_garrod
InterConnect 2015 session 4515 Modernize your CICS applications for Mobile and Cloud. There’s a lot more to mobile than JSON and REST and this session will take you on a tour of what else is needed to ensure a smooth ride when building, testing, and deploying CICS mobile workloads. Whether identifying mobile entry points, managing frequent configuration changes, planning and validating performance, or enabling mobile applications for world-wide usage, IBM z/OS Tools help all DevOps roles. You’ll also learn how the same tools can also help you to use the CICS cloud to meet the need for speed of mobile apps.
The cybercriminals, hackers, data thieves - whatever you want to call them - know all about your data management challenges and know how to take advantage. They've been very clever at finding new ways to breach and extract data faster than ever. It can takes weeks and months to discover a breach by which time the damage has been done. So what's needed is a way of sensing what is happening or what might happen with real time monitoring and alerting - and even real time prevention across all your data, across the entire enterprise. IBM InfoSphere information protection solutions can help reduce the costs and risks of breaches with a more proactive and preventative approach to ensuring the security and privacy of all your data, regardless of platform and data source across the entire enterprise.
Integrate Application Security Testing into your SDLCIBM Security
Considering security early in the development stage is good and valuable, running security tests during the development life cycle is better, integrating that testing into your build system is the best approach.
Desvendando o desenvolvimento seguro de softwareAllyson Chiarini
O mundo atual está vivendo uma revolução no quesito aplicações onde cada vez mais temos temas como mobilidade, big data e consumerização, neste contexto a segurança da informação tem papel fundamental para garantir a mitigação de risco de exposição de informações. Atualmente o tema espionagem corporativa ou política está em volga devido ao caso NSA, ou seja, estamos vivendo uma época onde o tema segurança é de vital importância para as corporações. Com uma curva crescente de demanda por novas aplicações atualmente a área de desenvolvimento é forçada a entregar as aplicações em tempo cada vez menor, levando em consideração isso para otimização de esforço no ciclo de desenvolvimento se faz necessário adotar soluções que mitiguem o risco de segurança de informação em tempo de desenvolvimento. A família AppScan vem para endereçar este ponto, onde ela além de otimizar o processo de testes na disciplina de segurança de informação ela garante uma constante atualização em relação as ameaças correntes.
3 Steps to Security Intelligence - How to Build a More Secure EnterpriseIBM Security
We are in the midst of upheaval in the world of IT Security. Attackers are highly organized and using increasingly sophisticated methods to gain entry to your most sensitive data. At the same time, Cloud and mobile are redefining the concept of the perimeter. Check out this insightful discussion of how today's CISO is building a more secure enterprise using analytics, risk-based protection, and activity monitoring to protect the most valuable assets of the organization.
For more visit: http://securityintelligence.com
Tour d'horizons de la Sécurité Mobile en 2015 et prédictions 2016AGILLY
Avec 2015 qui s'achève, IBM et son invité Richard Absalom, Analyste Ovum , observez la croissance exponentielle de l'entreprise mobile cette année et découvrez les prédictions 2016 sur ce que nous réserve la nouvelle année.
Il est pas un secret que le mobile s'est imposé comme moyen privilégié pour travailler rapidement. Mais la question qui demeure pour les responsables informatiques est : "qu'est ce qu'il faut protéger dans le Mobile? et dans quel ordre de priorité". Ce qui était au départ considéré comme la gestion des devices et des applications mobiles, est devenu la gestion de la Mobilité d'Entreprise (EMM), un moyen de sécuriser les dispositifs, les données, les accès et les applications.
Rejoignez notre session live pour un regard rétrospectif sur les questions de productivité et de sécurité en 2015, et les tendances mobiles à considérer en 2016 comme:
- L'inadéquation entre l'informatique et l'employé en matière de mobilité
- L’accélération du mouvement vers l'espace de travail numérique
- Les Apps et les tâches et dominent la sphère de la gestion de la mobilité
- Un aperçu du paysage des nouvelles solutions EMM
N'attendez pas d'avoir des surprises, mettez en place votre stratégie aujourd'hui pour une véritable sécurité et la productivité mobile en 2016!
Identity Governance: Not Just For ComplianceIBM Security
View on-demand presentation: http://securityintelligence.com/events/identity-governance-not-just-for-compliance/
Did you know that proper identity governance will make your organization more secure? Between Separation of Duty violations, entitlement creep and insider threats, user IDs are the doorway to your organization and identity governance can be the deadbolt.
Join this webinar to learn how you can employ identity governance to not only simplify your audit process, but to safeguard your entire organization.
Pleasure to present this introduction to IBM cognitive business to business leaders in Hamilton, Ontario. Covers: what cognitive computing is, how businesses are using it to their advantage, and steps to getting started. Includes links to videos "IBM Today" and "IBM Woodside Energy".
Adapted from Nancy Pearson, VP Cognitive Business Marketing "Intelligent enterprise: Cognitive Business" presentation from World of Watson Oct 2016.
Au moment où plusieurs employés apportent leurs appareils personnels au travail et utilisent des applications SaaS, maintenir le contrôle sur vos données dans votre réseau et les services cloud public est devenu un défi important.
La combinaison les brockers de sécurité d'accès cloud et la gestion de mobilité d'entreprise (EMM) peut permettre l'adoption et la gestion des applications de cloud computing sans danger pour vos utilisateurs mobiles.
Joignez-vous à Mark Campbell et Anar Taori d'IBM Security, ils partagent comment l'EMM fonctionne avec un accès cloud pour délivrer en toute sécurité des applications cloud à vos utilisateurs avec une visibilité et un contrôle complet.
Dans cette session, vous apprendrez:
La découverte des applications cloud et les risques associés
Combler le fossé de l'appareil mobile
Le déploiement d'applications pour mobile
L'application de la politique de sécurité Mobile et de prévention des menaces
Apprenez à garder vos employés productifs sur leurs applications préférées et appareils - et vos données d'entreprise protégées - avec une expérience connexion unique.
8 Principales Raisons de Passer du MDM à l'EMMAGILLY
Les technologies Mobile évoluent rapidement. Les organisations doivent élever le niveau de leur stratégie mobile pour adopter des applications, des contenu, des données, la gestion des identités, la sécurité, et toutes les applications connexes. Adoptez une approche plus globale Enterprise Mobility Management (EMM).
l'EMM offre des capacités de gestion et de sécurité mobiles complètes, cependant passant au revue les caractéristiques techniques et la différenciation entre les fournisseurs peut prendre beaucoup de temps.
Réduire le bruit
Regarder ce webinaire informatif pour apprendre comment mieux votre plan de travail quand il s'agit d'évaluation des fournisseurs et de la façon de réussir une transition en douceur vers l'EMM. Nous révélons les huit domaines les plus critiques pour garantir le succès. Voici les trois premiers pour aiguiser votre appétit, mais vous aurez à regarder le webinar enregistré pour apprendre le reste des principales raisons pour basculer sur l'EMM:
1. Utilisation une plate-forme unique pour gérer une gamme d'appareils, d'applications et les contenu mobiles
2. Intégration avec les systèmes et les ressources existantes de l'entreprise
3. Prendre en charge différents catégories d'utilisateurs, départements, et régions géographiques
Le capacités mobiles avancent plus vite qu'un "guépard geek". Ne restez pas coincé avec un éditeur qui a du mal à suivre le rythme de votre adoption des technologies mobile. Prenez une décision éclairée sur votre migration du MDM à l'EMM.
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...IBM Security
View On-Demand Webinar: https://event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&referrer=&eventid=1139921&sessionid=1&key=993ECF370F9F3C594E6E3F44A0FA6BA2®Tag=13522&sourcepage=register
2015 was peppered with mega-breaches of highly sensitive data like personal health information and private bedroom behaviors. and companies of all sizes need to pay attention to security basics to stop the infiltration of attackers and protect their data.
Cybercriminals’ targets are now bigger and their rewards greater as they fine-tune efforts to obtain and leverage higher value data than years’ past.
New attack techniques like mobile overlay malware are gaining, while “classic” attacks like DDoS and POS malware continue to be effective due to lackluster practice in security fundamentals.
Malware leaps across target countries are indicative of increasing sophistication and organization in cybercrime rings.
In the 2016 edition of the IBM X-Force Threat Intelligence Report, IBM security research experts examine the macro trends that affected the industry, what to expect in 2016, and recommendations on how you can protect your digital assets.
Automation: Embracing the Future of SecOpsIBM Security
Join Mike Rothman, Analyst & President of Securosis and Ted Julian, VP of Product Management and co-founder of IBM Resilient, for a webinar on common automation use cases for the Security Operations Center (SOC).
Security Orchestration, Automation and Response (SOAR) tools are garnering interest in enterprise security teams due to tangible short-term benefits.
Watch the recording: https://event.on24.com/wcc/r/2007717/385A881A097E8EFCE493981972303416?partnerref=LI
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
The fourth annual Ponemon report on The Cyber Resilient Organization in 2019, sponsored by IBM Security, focuses on the key trends that make an organization cyber resilient and how cyber resilience has changed since the first report launched in 2015.
Hosted by Larry Ponemon of the Ponemon Institute and Maria Battaglia, IBM Security, these two industry experts answer the questions, what has improved in the cyber security space over the past 4 years? What do organizations still struggle with? And which groups are improving and how?
This webinar will take you through the barriers of becoming cyber resilient and dive into report topics such as implementing automation, aligning privacy and cyber security, and what it takes to become a cyber resilient “High Performer” in 2019.
Listen to the on-demand webinar at: https://event.on24.com/wcc/r/1975828/97089502D02EFD9478B85676EB67266C?partnerref=FM1
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
Data breach and Cybersecurity incident reporting regulations are becoming more widespread. The introduction of GDPR in May 2018, with its 72-hour reporting requirement, resulted in organizations having to review their incident response processes and more regional and industry-specific regulations are being introduced all the time. Security Operations and Privacy teams need to be aligned to meet these new requirements. Technology such as Security Orchestration and Automation is also being adopted to collaborate on the investigation and remediation of security incidents.
This webinar, hosted by Privacy experts from Ovum and IBM, will look at how technology can close the gap between Privacy and Security to reduce the time to contain incidents and maintain compliance with complex breach laws.
View the recording: https://event.on24.com/wcc/r/1930112/BE462033358FFF36C4B27F76C9755753?partnerref=LI
Integrated Response with v32 of IBM ResilientIBM Security
Email integration is an important tool in the IR process. Email ingestion allows alerts to be consumed from external tools that do not have available APIs. Email-driven phishing attacks are also one of the most common investigations for most security teams. A key capability v32 of the Resilient platform is a complete overhaul of the email connector. This updated email capability, now integrated into the core Resilient platform, simplifies the ability of IR teams to capture email-borne malware of phishing attacks and generate incidents and artifacts.
View the corresponding webinar to learn how the new features in the v32 release can help improve your integrated response to attacks and how native email integration can be leveraged as part of workflows and playbooks. You'll also learn what to expect with the updated look and feel of the Resilient platform and significant updates to the Privacy Module to support global regulations.
View the recording: https://ibm.biz/Bd2Yvt
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
In IBM Resilient’s sixth-annual year-in-review and predictions webinar, our all-star panel of security experts will discuss and debate the stories that defined the industry in 2018 and offer their predictions for what to expect in 2019.
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
IBM Resilient customers are building versatile, adaptable incident response playbooks and workflows with expanded functions and community applications – recently released on the IBM Security App Exchange.
With the new IBM Resilient community, you can collaborate with fellow security experts on today’s top security challenges, share incident response best practices, and gain insights into the newest integrations.
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
Security Operation Centers (SOCs) today are complex environments. They often have too many separate tools, uncoordinated analysts in the response process, and confusion around alert prioritization. Because of this, SOCs consistently struggle responding to the most urgent incidents.
The integration between IBM Resilient and Carbon Black helps SOCs overcome these challenges. IBM Resilient’s Intelligent Orchestration combined with Carbon Black Response provides a single view for all relevant response data and streamlines the entire security process. This makes it simpler for analysts to quickly and efficiently remediate cyberattacks.
Join experts Chris Berninger, Business Development Engineer, Carbon Black, and Hugh Pyle, Product Manager, IBM Resilient, for this webinar, to learn:
- How the IBM Resilient-Carbon Black integration works within your SOC to accelerate incident response improvement
- Strategies to implement Intelligent Orchestrate and automation into your incident response process
- Actions that can be taken today for maximizing the effectiveness of your SOC
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
To keep pace with cyberattacks, organizations have long sought ways to operationalize security and respond faster to threats. But with increasingly complex IT environments and a growing skills shortage, doing so is easier said than done.
That’s where Intelligent Orchestration can help. Intelligent Orchestration integrates your existing security tools and guides SOC analysts through a fast and laser-focused response by combining case management, human and cyber intelligence, and incident response orchestration and automation.
Are You Ready to Move Your IAM to the Cloud?IBM Security
Many companies are considering moving their current identity and access management (IAM) implementations to the cloud, or they are looking at the cloud for their new IAM use cases. This might be driven by the threat of attacks via identities, increasing compliance mandates, expanding needs of end users for frictionless data access or improving the total cost of ownership.
View this presentation and watch the corresponding webinar to help you determine whether your organization is ready to move to IDaaS.
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
Although the majority of organizations subscribe to threat intelligence feeds to enhance their security decision making, it's difficult to take full advantage of true insights due to the overwhelming amounts of information available. Even with an integrated security operations portfolio to identify and respond to threats, many companies don't take full advantage of the benefits of external context that threat intelligence brings to identify true indicators of compromise. By taking advantage of both machine- and human-generated indicators within a collaborative threat intelligence platform, security analysts can streamline investigations and speed the time to action.
Join this webinar to hear from the IBM Security Chief Technology Officer for Threat Intelligence to learn:
How the IBM Security Operations and Response architecture can help you identify and response to threats faster
Why threat intelligence is a fundamental component of security investigations
How to seamlessly integrate threat intelligence into existing security solutions for immediate action
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
Businesses and governments alike are experiencing an alarming rate of malicious activity from both external and internal actors.
Not surprisingly, mission-critical mainframe applications make for desirable targets with large repositories of enterprise customer sensitive data. Mainframe environments are increasingly at risk opening accesses through the internet, mobile initiatives, big data initiatives, social initiatives, and more to drive the business forward. Additionally, there are some security challenges that are specific to the mainframe - traditional protection methods are no longer enough, insider threats are also on the rise, mainframe environments could be more vulnerable with reliance on privilege users to administer security, silo-ed mainframe IT management, limited ownership visibility, and lack of uniformed security management across the enterprise.
View this on-demand webcast to learn more about specific mainframe data protection challenges, top tips for protecting sensitive data, and key data protection capabilities that you should consider to address these challenges.
Register here for the playback: https://event.on24.com/wcc/r/1461947/D9664CC82EC641AA58D35462DB703470
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
When your cyber security is under attack, knowing who is behind your threats and what their motives are can help you ensure those threats don't become a reality. But cyber threat actors conduct their threats through a variety of means and for a variety of reasons. That's why it is critical to analyze a variety of data sources and proactively hunt those threats that are lying in wait. This webinar will illustrate how the IBM i2 QRadar Offense Investigator app enables analysts to push event data from QRadar directly into IBM i2 Analyst's Notebook, where users can apply a variety of visual analysis techniques across a disparate data sources, to build a more comprehensive understand of those threats and hunt them.
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
Understand the impact of today's security breaches by attending our June 26th webinar which will discuss the 2017 Ponemon Cost of a Data Breach study.
Join Ponemon Institute and IBM Security Services on June 26th for a webinar discussing the impact of today’s security breaches based on the latest release of the 2017 Cost of Data Breach Study.
Register for IBM Security Services Webinar highlighting Ponemon Institute 2017 Cost of Data Breach Study The 12th annual Cost of Data Breach Study conducted by Ponemon Institute and sponsored by IBM Security Services calculates the real costs, implications and probabilities of security breaches faced by global organizations.
This webinar will present global findings highlighting trends across 11 countries and 2 regions. Attendees will have access to industry experts for live Q/A and will walk away with key insights, cost reducing strategies, investments and proactive best practices to reduce impact to their businesses in preparation for the next breach.
Join IBM Security Services and Larry Ponemon, founder of the Ponemon Institute, as he walks through the results and methodology of the 2017 Cost of Data Breach Study.
WannaCry Ransomware Attack: What to Do NowIBM Security
View on-demand webinar: http://bit.ly/2qoNQ8v
What you need to know and how to protect against the WannaCry Ransomware Attack, the largest coordinated cyberattack of its kind. WannaCry has already crippled critical infrastructure and multiple hospitals and telecommunications organizations, infecting 100s of thousands of endpoints in over 100 countries. In this on-demand webinar, we discuss the anatomy of this unprecedented attack and IBM Researchers share expert insights into what you can do now to protect your organization from this attack and the next one.
How to Improve Threat Detection & Simplify Security OperationsIBM Security
Over 74% of global enterprise security professionals rate improving security monitoring as a top priority. Monitoring must be done efficiently within a security operations center (SOC) to combat increased threats and a limited supply of trained security analysts.
While the vendor landscape for security solutions is rapidly evolving, many early point solutions and first generation SIEMs are not keeping pace with the changing needs of security operations. A new class of platforms has emerged that combine advanced analytics and flexible deployment options. Join this exclusive webinar featuring Forrester Research to learn:
Characteristics of modern security platforms that have evolved from point solutions and basic SIEMs
Criteria to consider when evaluating vendors and solutions
The advantages of an integrated security platform that incorporates cognitive capabilities and augmented intelligence
Organizations are supporting more devices than ever and unified endpoint management is growing rapidly. More than half of organizations will adopt this approach by 2020.
This infographic demonstrates the impact of mobility, Internet of Things (IoT), and artificial intelligence on the future of business transformation.
To learn more, read the complete Forrester report, "Mobile Vision 2020" at https://ibm.co/2pxhisB.
Retail Mobility, Productivity and SecurityIBM Security
Displaying key findings from the Mobility Trends in the Retail Sector research report prepared by Enterprise Strategy Group (ESG) and IBM, this infographic affords valuable context to retail organizations in planning a better tomorrow.
IBM X-Force Incident Response and Intelligence Services (X-Force IRIS) can help you cross the incident response chasm, build a holistic program and better prepare you to deal with and thwart the security challenges your organization faces.
To learn more, read the white paper on best practices for improving your incident response processes: http://ibm.co/2lLdC2k.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
5. Mobile Banking Services Are a Competitive Advantage
Mobile banking is the
most important deciding
factor when switching
banks (32%)
More important than fees
(24%) or branch location (21%)
or services (21%)… a survey
of mobile banking customers in
the U.S. 1
Mobile banking channel
development is the #1
technology priority of
N.A. retail banks (2013)
#1 Channel
The mobile payments
market will eventually
eclipse $1 trillion by 2017
$1tn
43%
of 18-20 year olds
have used a
mobile banking
app in the past
12 months
29%
Cash-based retail
payments in the U.S. have
fallen from 36% in 2002 to
29% in 2012
$
Of customers won't
mobile bank because of
security fears
19%
90%Of mobile banking
app users use the
app to check
account balances
or recent
transactions
6. Security is a Growing Concern
5
Source: Consumers and Mobile Financial Services 2013, Federal Reserve
Board
7. The Financial Services Industry Perspective
6
My customers can interact with me while on the go?
Sign me up!!!
8. • mBanking Usage Leads mPayments
Source: US Federal Reserve March , 2014
Mobile Banking and Payment Growth
• Mobile Payments
– Global annual shipments of NFC enabled phones are set to rise from
275million units in 2013 to 1.2billion units in 2018.
Source: NFC World, February 2014
– By 2017, the total value of global offline transactions facilitated by mobile
devices will reach about $1.5 trillion, up from $120 billion in 2012
Source: Business Insider, June 2013
Source: Monitise, The Mobile Money Landscape, Vol. 1 2014
10. The Cybercriminal Perspective
10
Source: Consumers and Mobile Financial Services 2013, Federal Reserve
Board
Are you saying that I can do my banking while on the go?
Sign me up!!!
12. The Majority of Financial Apps Have Been Hacked
• Majority of top 100 paid Android
and iOS Apps are available as
hacked versions on third-party
sites
• …as are many financial service,
retail, and healthcare apps
• (State of Mobile App Security,
Arxan, 2015)
• "Chinese App Store Offers
Pirated iOS Apps Without the
Need to Jailbreak” (Extreme Tech,
2013)
http://www-03.ibm.com/software/products/en/arxan-application-protection
14. Server-side Device ID is not effective for mobile devices
Mobile devices share many identical attributes
Mobile devices have the same attributes: OS, browser, fonts etc..
Cybercriminals can easily trick traditional device ID systems
Cybercriminals Love Mobile Anonymity
14
Account takeover via a criminal mobile device is on the rise
20. Fake Apps
23
Over 80,000 users have
granted the apps permission
to run on their browser,
despite the warning the games
will receive full access to a
player’s web activity
40. Mobile Threats – New Vectors
We have seen
Classic threats migrate to mobile: Phishing, Ransomware,
Overlay
Mobile specific threats such as fake Apps
We are bound to see
Mobile specific exploit kits
Bundling frameworks and services (perhaps automated)
Device takeover malware for mobile
NFC, ApplePay – new targets
41. New Tech – New Challenges
• New technology challenges:
• Wearable tech
• IoT (Internet of Things)
• Will ransomware be applied to IoT?
• A car lockdown?
• A house blackout?
• A pacemaker threat?
45. Notices and Disclaimers (con’t)
Information concerning non-IBM products was obtained from the suppliers of those products, their published
announcements or other publicly available sources. IBM has not tested those products in connection with this
publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM
products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.
IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to
interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE.
The provision of the information contained herein is not intended to, and does not, grant any right or license under any
IBM patents, copyrights, trademarks or other intellectual property right.
• IBM, the IBM logo, ibm.com, Bluemix, Blueworks Live, CICS, Clearcase, DOORS®, Enterprise Document
Management System™, Global Business Services ®, Global Technology Services ®, Information on Demand,
ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™,
PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®,
pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, SoDA, SPSS, StoredIQ, Tivoli®, Trusteer®,
urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of
International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and
service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on
the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.
46. Thank You
Your Feedback is
Important!
Access the InterConnect 2015
Conference CONNECT Attendee
Portal to complete your session
surveys from your smartphone,
laptop or conference kiosk.
Editor's Notes
Source of main quote:
1 – Alix partners
Sources & Original Stats:
1. 70% of customers are willing to provide their banks with more personal information in exchange for context aware products - EY global consumer banking survey 2012
2. According to a study, 21% of mobile users have used mobile banking in the past 12 months and 11% of those who haven’t used mobile banking yet, will do so in next 12 months. Source: Federal Reserve Study 2012
43% of 18-20 year olds have used a mobile banking app in the past 12 months
http://www.federalreserve.gov/econresdata/mobile-devices/2012-current-use-mobile-banking-payments.htm
3. Mobile banking channel development is the #1 technology priority of North American retail banks, followed by multichannel delivery and self-service technologies. Published date: 10/25/2013 Source: Celent
6. The mobile payments market will eventually eclipse $1 trillion by 2017
Published date: 12/24/2013 Source: IDC
7. 43.5% of 18-29 year olds have used mobile banking in the past 12 months (Mar 2012), Federal Reserve
Cash-based retail payments in the U.S. have fallen from 36% in 2002 to 29% in 2012 (source:McKinsey, 2012). Mobile devices are a collection of sensors
http://www.iab.net/about_the_iab/recent_press_releases/press_release_archive/press_release/pr-041113_mobilemoney
“If a multi-purpose device (e.g. mobile phone or tablet) is used as the ownership element (e.g. to receive or generate a one-time password or initiate a drop call mechanism), does the PSP apply measures to mitigate the risk of it being used to initiate a fraudulent internet payment at the same time (e.g. via viruses/internet attacks)?”
Mobile Threats
At the start of the new year, the total number of samples in our mobile malware “zoo” reached 36,699,
with 95 percent of that arriving in 2012. In all of 2011 we gathered only 792 samples. Will 2013 display
a similar amazing climb? We’ve watched the growth of mobile malware almost double in each of the
last two quarters. Some researchers cite higher figures of new mobile malware, with predictions of up to
one million binaries by the end of this year. But these numbers may include all files bundled in malicious
Android apps and families that repackage APK files. At McAfee Labs, we count only unique malware
families and variants and not, for example, common ad libraries and other redundant malicious files.
Fraudsters are leveraging a weakness in device ID systems. When looking at mobile device form the server, all device have a very similar set of attributes. So it is hard to distinguish a customer and a fraudster device.
Cybercriminals steal credentials from a victim’s PC via malware or phishing and then use this information to commit account takeover via the mobile channel by leveraging the lack of device identification capabilities
Correlated attacks – Malware/Phishing on the PC and access via mobile
Evade traditional risk engines’ weak device ID + device spoofing / application re-install
SIM Swap attacks
Criminals looking to steal your customers credentials will:
Look for security vulnerabilities -> App Scan will detect security vulnerabilities
Hack the App – Arxan will prevent reverse engineering and hacking of the app
Deploy malware on jailbroken / Rooted devices - > Mobile SDK wil detect high risk devices and malware
Eavesdropping via an unsecure connection – Mobile SDK will detect the unsecure connection
Control panel of Imeesgae spamming software
On YYY an official android market app intended to play morning and evenings prayers in Arabic, has been flagged by ant-virus vendors as infected by the PC Trojan Ramnit.
Ramnit only effects windows environments and the infected version has been since removed from the market.
While no real harm was done in this specific instance, the fact remains that an infected app made it to official market.
Trusteer has tracked down source to an infection on the developers PC .
The mobile threat landscape included 3 primary risk vectors:
Vulnerable and compromised customer mobile devices: The mobile device itself is also a target. Users often jailbreak/root their device which breaks the security model and allow mobile malware and rogue apps to infect the device and control critical functions like SMS which is used for transaction authentication. Other risk factors include dated operating systems versions, unsecure wi-fi and pharming attacks that direct users to fake sites.
account takeover from the criminal’s mobile device: criminals use mobile devices to access victim’s account through mobile browser. One of the key challenges is creating a unique device ID for each mobile device as most mobile devices look alike when accessing online banking web sites via the native mobile browser. Legacy device ID solutions that sit on the web site have a difficult time uniquely detecting criminal devices. Furthermore, proxies used by criminals are skewing detection of the geographic location of the device based on IP address.
Cross channel credential theft: a big enable for take over is stolen credentials through phishing or malware – on the online channel. To identify account takeover from a mobile device it is essential to see the full fraud life cycle and not have “silo” view of the mobile channel only.
The Yanbian Gang and its Organizational Structure
This cybercriminal group operates from the Yanbian Prefecture in Jilin, China, located north of the North Korean border, thus the name “Yanbian Gang.” And just like any cybercriminal groups that have several members who play specific roles to launch high-impact attacks, the Yanbian Gang comprises of four major players or groups—the organizer, translators, cowboys, and malware creators.
Organizer: As the ‘founding father,’ his duties include scouting for and recruiting members. All members directly communicate with him thus making him an indispensable member.
Translators: They localize threats. In this case, the translators used Korean for their specially crafted text messages as well as the malicious file’s user interface (UI).
Cowboys: They are responsible for collecting the proceeds from successful attacks and giving them to the organizer. They usually reside in the same countries as their intended victims. They also use black or fridge cards, which are bank cards to evade law enforcement. Based on our information, Chinese hackers trade black or fridge cards via QQ Chat groups. Interested buyers can purchase such cards for around US$725 or KRW800,000 each
Malware creators: The malicious app developers, in this case, are probably the most important members of the gang, as the success of an attack largely depends on how effective their creations are. Hacker groups can be seen publicly recruiting malware co-creators in bulletin board systems (BBSs) or chat groups.