© 2014 IBM Corporation IBM Security 1 09.15-10.00 Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention Ori Bach, Senior Security Strategist Trusteer, IBM Security
Jul 19, 2015
© 2014 IBM Corporation
IBM Security
1
09.15-10.00 Current Threat Landscape, Global Trends and Best Practices within Financial Fraud Prevention
Ori Bach, Senior Security Strategist Trusteer, IBM Security
© 2014 IBM Corporation
IBM Security
2
Agenda
Malware is constantly adapting to the security market
Cybercrime becomes more commoditized & global
Significant events in 2015
Behind the scenes of IBM Trusteer research
www.securityintelligence.com has some great webinars and
blogs to demonstrate all of this
© 2014 IBM Corporation
IBM Security
3
The fraud prevention challenge: Cybercriminals don’t sleep
Fraudoperation costs
Authentication challenges
Transaction delays
Account Suspensions
5
© 2014 IBM Corporation
Malware is constantly adapting to the security market
© 2014 IBM Corporation
IBM Security
6
Malware developers continue to innovate
Neverquest - AV evasion methods / Mobile component
Bugat- Cridex/Dridex/Geodo/Feodo/ Emotet
GameOver Zeus - P2P infrastructure
Dyre – DNS Routing
© 2014 IBM Corporation
IBM Security
7
2FA continues to be breached
© 2014 IBM Corporation
IBM Security
8
Device takeover grows up
From simple RATs to advanced malware – device takeover
was everywhere
PoS attacks target built in remote session solutions
Citadel’s persistent RDP and new targets
9 © 2014 IBM Corporation
Cybercrime becomes more commoditized
© 2014 IBM Corporation
IBM Security
10
Fraud sales and hackers for hire
© 2014 IBM Corporation
IBM Security
11
Cybercriminals Will Rely on Anonymity Networks
Accessing TOR and other networks is becoming easier
Safer cybercrime eCommerce platform
Safer for malware infrastructure (i2Ninja, Chewbacca…)
Also presents challenges
Broader adaptation of anonymity networks and encryption
© 2014 IBM Corporation
IBM Security
12
SMS stealers for sale
12
User Name + Password
OTP SMS
Credentials
OTP SMS
TOR C&C
© 2014 IBM Corporation
IBM Security
13
Malvertising – The madman of the cybercrime world
14 © 2014 IBM Corporation
Cybercrime continues to go global
© 2014 IBM Corporation
IBM Security
15
Breakdown of boarders – geography and technology
Local variants of global malware
– Bugat variants Dridex , Emotet and Geodo
Cybercriminals are finding new ways to corporate and
overcome cultural differences
© 2014 IBM Corporation
IBM Security
16
Dyre – From local attack to global threat in 6 months
US Department of Homeland
SecurityDyre Alert
October
First reports of attacks against US/UK targets
June
Attacks against Targets in Australia
and China
December
Over 100 firms targeted
November
Attack againstsalesforce.com
September
Attacks against Romanian,
German and Swiss Banks
October
2014
© 2014 IBM Corporation
IBM Security
17
Dyre campaigns target banks around the globe
19 © 2014 IBM Corporation
Attack Vectors
© 2014 IBM Corporation
IBM Security
20
Major Breaches – your data is out there
There were so many… Does anyone even remember
P.F.Chang and Evernote by now?
If you want the red pill go to http://hackmageddon.com/
Several (not very surprising) reoccurring themes:
– Zero day exploits in common software
– 3rd party hack
– Use of RATs
Source: hackmageddon.com
© 2014 IBM Corporation
IBM Security
21
Mobile Threats
Classic threats migrate to mobile:
– Phishing
– Ransomware
– Overlay
Device takeover malware for mobile
NFC, ApplePay – new targets
Mobile malware will target more than SMS
23
© 2014 IBM Corporation
Significant events in 2015
© 2014 IBM Corporation
IBM Security
24
Issued by The European Central Bank
2015 implementation deadline
Malware detection and protection
specifically recommended for:
• Risk control and mitigation
• Strong authentication
• Transaction monitoring
Recommendations for The Security of Internet Payments
© 2014 IBM Corporation
IBM Security
25
Geo-political and economic situation in Russia & Brazil
© 2014 IBM Corporation
IBM Security
26
Summary
Cybercriminals find cheap ways to circumvent expensive controls
Cybercriminals break borders (technology and geography)
Mobile exploit packs, device takeover, payment targeting and more
late adaptors of ECB security internet payments