Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
© 2014 IBM Corporation
IBM Security
1
09.15-10.00 Current Threat Landscape, Global Trends and Best
Practices within Financ...
© 2014 IBM Corporation
IBM Security
2
Agenda
 Malware is constantly adapting to the security market
 Cybercrime becomes ...
© 2014 IBM Corporation
IBM Security
3
The fraud prevention challenge: Cybercriminals don’t sleep
Fraud
operation costs
Aut...
5
© 2014 IBM Corporation
Malware is constantly adapting
to the security market
© 2014 IBM Corporation
IBM Security
6
Malware developers continue to innovate
 Neverquest - AV evasion methods / Mobile c...
© 2014 IBM Corporation
IBM Security
7
2FA continues to be breached
© 2014 IBM Corporation
IBM Security
8
Device takeover grows up
 From simple RATs to advanced malware – device takeover
wa...
9 © 2014 IBM Corporation
Cybercrime becomes more
commoditized
© 2014 IBM Corporation
IBM Security
10
Fraud sales and hackers for hire
© 2014 IBM Corporation
IBM Security
11
Cybercriminals Will Rely on Anonymity Networks
 Accessing TOR and other networks i...
© 2014 IBM Corporation
IBM Security
12
SMS stealers for sale
12
User Name + Password
OTP SMS
Credentials
OTP SMS
TOR C&C
© 2014 IBM Corporation
IBM Security
13
Malvertising – The madman of the cybercrime world
14 © 2014 IBM Corporation
Cybercrime continues to go
global
© 2014 IBM Corporation
IBM Security
15
Breakdown of boarders – geography and technology
 Local variants of global malware...
© 2014 IBM Corporation
IBM Security
16
Dyre – From local attack to global threat in 6 months
US Department
of Homeland
Sec...
© 2014 IBM Corporation
IBM Security
17
Dyre campaigns target banks around the globe
19 © 2014 IBM Corporation
Attack Vectors
© 2014 IBM Corporation
IBM Security
20
Major Breaches – your data is out there
 There were so many… Does anyone even reme...
© 2014 IBM Corporation
IBM Security
21
Mobile Threats
 Classic threats migrate to mobile:
– Phishing
– Ransomware
– Overl...
23
© 2014 IBM Corporation
Significant events in 2015
© 2014 IBM Corporation
IBM Security
24
Issued by The European Central Bank
2015 implementation deadline
Malware detection ...
© 2014 IBM Corporation
IBM Security
25
Geo-political and economic situation in Russia & Brazil
© 2014 IBM Corporation
IBM Security
26
Summary
 Cybercriminals find cheap ways to circumvent expensive controls
 Cybercr...
Nächste SlideShare
Wird geladen in …5
×

Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention

674 Aufrufe

Veröffentlicht am

IBM Security. Trusteer Web Fraud: Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention.

Veröffentlicht in: Daten & Analysen
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier

Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention

  1. 1. © 2014 IBM Corporation IBM Security 1 09.15-10.00 Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention Ori Bach, Senior Security Strategist Trusteer, IBM Security
  2. 2. © 2014 IBM Corporation IBM Security 2 Agenda  Malware is constantly adapting to the security market  Cybercrime becomes more commoditized & global  Significant events in 2015  Behind the scenes of IBM Trusteer research www.securityintelligence.com has some great webinars and blogs to demonstrate all of this
  3. 3. © 2014 IBM Corporation IBM Security 3 The fraud prevention challenge: Cybercriminals don’t sleep Fraud operation costs Authentication challenges Transaction delays Account Suspensions
  4. 4. 5 © 2014 IBM Corporation Malware is constantly adapting to the security market
  5. 5. © 2014 IBM Corporation IBM Security 6 Malware developers continue to innovate  Neverquest - AV evasion methods / Mobile component  Bugat- Cridex/Dridex/Geodo/Feodo/ Emotet  GameOver Zeus - P2P infrastructure  Dyre – DNS Routing
  6. 6. © 2014 IBM Corporation IBM Security 7 2FA continues to be breached
  7. 7. © 2014 IBM Corporation IBM Security 8 Device takeover grows up  From simple RATs to advanced malware – device takeover was everywhere  PoS attacks target built in remote session solutions  Citadel’s persistent RDP and new targets
  8. 8. 9 © 2014 IBM Corporation Cybercrime becomes more commoditized
  9. 9. © 2014 IBM Corporation IBM Security 10 Fraud sales and hackers for hire
  10. 10. © 2014 IBM Corporation IBM Security 11 Cybercriminals Will Rely on Anonymity Networks  Accessing TOR and other networks is becoming easier  Safer cybercrime eCommerce platform  Safer for malware infrastructure (i2Ninja, Chewbacca…)  Also presents challenges Broader adaptation of anonymity networks and encryption
  11. 11. © 2014 IBM Corporation IBM Security 12 SMS stealers for sale 12 User Name + Password OTP SMS Credentials OTP SMS TOR C&C
  12. 12. © 2014 IBM Corporation IBM Security 13 Malvertising – The madman of the cybercrime world
  13. 13. 14 © 2014 IBM Corporation Cybercrime continues to go global
  14. 14. © 2014 IBM Corporation IBM Security 15 Breakdown of boarders – geography and technology  Local variants of global malware – Bugat variants Dridex , Emotet and Geodo  Cybercriminals are finding new ways to corporate and overcome cultural differences
  15. 15. © 2014 IBM Corporation IBM Security 16 Dyre – From local attack to global threat in 6 months US Department of Homeland Security Dyre Alert October First reports of attacks against US/UK targets June Attacks against Targets in Australia and China December Over 100 firms targeted November Attack against salesforce.com September Attacks against Romanian, German and Swiss Banks October 2014
  16. 16. © 2014 IBM Corporation IBM Security 17 Dyre campaigns target banks around the globe
  17. 17. 19 © 2014 IBM Corporation Attack Vectors
  18. 18. © 2014 IBM Corporation IBM Security 20 Major Breaches – your data is out there  There were so many… Does anyone even remember P.F.Chang and Evernote by now?  If you want the red pill go to http://hackmageddon.com/  Several (not very surprising) reoccurring themes: – Zero day exploits in common software – 3rd party hack – Use of RATs Source: hackmageddon.com
  19. 19. © 2014 IBM Corporation IBM Security 21 Mobile Threats  Classic threats migrate to mobile: – Phishing – Ransomware – Overlay Device takeover malware for mobile NFC, ApplePay – new targets Mobile malware will target more than SMS
  20. 20. 23 © 2014 IBM Corporation Significant events in 2015
  21. 21. © 2014 IBM Corporation IBM Security 24 Issued by The European Central Bank 2015 implementation deadline Malware detection and protection specifically recommended for: • Risk control and mitigation • Strong authentication • Transaction monitoring Recommendations for The Security of Internet Payments
  22. 22. © 2014 IBM Corporation IBM Security 25 Geo-political and economic situation in Russia & Brazil
  23. 23. © 2014 IBM Corporation IBM Security 26 Summary  Cybercriminals find cheap ways to circumvent expensive controls  Cybercriminals break borders (technology and geography)  Mobile exploit packs, device takeover, payment targeting and more  late adaptors of ECB security internet payments

×