current threat landscape, global trends and best practices within financial fraud prevention

© 2014 IBM Corporation

IBM Security

1

09.15-10.00 Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention

Ori Bach, Senior Security Strategist Trusteer, IBM Security


IBM Security

2

Agenda

Malware is constantly adapting to the security market

Cybercrime becomes more commoditized & global

Significant events in 2015

Behind the scenes of IBM Trusteer research

www.securityintelligence.com has some great webinars and

blogs to demonstrate all of this

http://www.securityintelligence.com/


IBM Security

3

The fraud prevention challenge: Cybercriminals don’t sleep

Fraudoperation costs

Authentication challenges

Transaction delays

Account Suspensions

5


Malware is constantly adapting to the security market


IBM Security

6

Malware developers continue to innovate

Neverquest - AV evasion methods / Mobile component

Bugat- Cridex/Dridex/Geodo/Feodo/ Emotet

GameOver Zeus - P2P infrastructure

Dyre – DNS Routing


IBM Security

7

2FA continues to be breached


IBM Security

8

Device takeover grows up

From simple RATs to advanced malware – device takeover

was everywhere

PoS attacks target built in remote session solutions

Citadel’s persistent RDP and new targets

9 © 2014 IBM Corporation

Cybercrime becomes more commoditized


IBM Security

10

Fraud sales and hackers for hire


IBM Security

11

Cybercriminals Will Rely on Anonymity Networks

Accessing TOR and other networks is becoming easier

Safer cybercrime eCommerce platform

Safer for malware infrastructure (i2Ninja, Chewbacca…)

Also presents challenges

Broader adaptation of anonymity networks and encryption


IBM Security

12

SMS stealers for sale

12

User Name + Password

OTP SMS

Credentials

OTP SMS

TOR C&C


IBM Security

13

Malvertising – The madman of the cybercrime world


Cybercrime continues to go global


IBM Security

15

Breakdown of boarders – geography and technology

Local variants of global malware

– Bugat variants Dridex , Emotet and Geodo

Cybercriminals are finding new ways to corporate and

overcome cultural differences


IBM Security

16

Dyre – From local attack to global threat in 6 months

US Department of Homeland

SecurityDyre Alert

October

First reports of attacks against US/UK targets

June

Attacks against Targets in Australia

and China

December

Over 100 firms targeted

November

Attack againstsalesforce.com

September

Attacks against Romanian,

German and Swiss Banks

October

2014


IBM Security

17

Dyre campaigns target banks around the globe


Attack Vectors


IBM Security

20

Major Breaches – your data is out there

There were so many… Does anyone even remember

P.F.Chang and Evernote by now?

If you want the red pill go to http://hackmageddon.com/

Several (not very surprising) reoccurring themes:

– Zero day exploits in common software

– 3rd party hack

– Use of RATs

Source: hackmageddon.com

http://hackmageddon.com/


IBM Security

21

Mobile Threats

Classic threats migrate to mobile:

– Phishing

– Ransomware

– Overlay

Device takeover malware for mobile

NFC, ApplePay – new targets

Mobile malware will target more than SMS

23


Significant events in 2015


IBM Security

24

Issued by The European Central Bank

2015 implementation deadline

Malware detection and protection

specifically recommended for:

• Risk control and mitigation

• Strong authentication

• Transaction monitoring

Recommendations for The Security of Internet Payments


IBM Security

25

Geo-political and economic situation in Russia & Brazil


IBM Security

26

Summary

Cybercriminals find cheap ways to circumvent expensive controls

Cybercriminals break borders (technology and geography)

Mobile exploit packs, device takeover, payment targeting and more

late adaptors of ECB security internet payments

current threat landscape, global trends and best practices within financial fraud prevention

Data & Analytics