Top Banner
May 17 th , 2017 Swiss Banking Operations Forum Zürich, Switzerland Cyber Payment Fraud Threat Landscape Cyber Defense Measures for Banking Operations UBS AG Carlo Hopstaken Group Information Security Office
10

Cyber Payment Fraud Threat Landscape - SIX · Cyber Payment Fraud Threat Landscape Cyber Defense Measures for Banking Operations ... Bank of Bangladesh ... Organized Crime

May 10, 2018

Download

Documents

phungtuong
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Cyber Payment Fraud Threat Landscape - SIX · Cyber Payment Fraud Threat Landscape Cyber Defense Measures for Banking Operations ... Bank of Bangladesh ... Organized Crime

May 17th, 2017

Swiss Banking Operations Forum Zürich, Switzerland

Cyber Payment Fraud Threat Landscape Cyber Defense Measures for Banking Operations

UBS AG

Carlo Hopstaken

Group Information Security Office

Page 2: Cyber Payment Fraud Threat Landscape - SIX · Cyber Payment Fraud Threat Landscape Cyber Defense Measures for Banking Operations ... Bank of Bangladesh ... Organized Crime

1

Agenda

Cyber Fraud – Setting the scene

Cyber Threat Landscape and Risk Scenarios

Cyber Fraud – Threat Actors and Modus Operandi

Cyber Fraud – APT Defense Measures

Banking Operations – Payment Progressing View

Recommendation

Conclusion

Page 3: Cyber Payment Fraud Threat Landscape - SIX · Cyber Payment Fraud Threat Landscape Cyber Defense Measures for Banking Operations ... Bank of Bangladesh ... Organized Crime

2

Cyber Fraud – Setting the scene

Announced Financial Institution Cyber Fraud case Loss Event Date

Dec 2014 –

Feb 2015

Russia, United

States, Germany,

China and Ukraine

Unauthorized access to steal money

(online banking, e-payment systems, ATMs,

alter databases to pump up balances)

USD

500 mn –

USD 1 bn

Undisclosed

10 Mar

2016

Bank of Bangladesh

Central bank's computer systems

compromised and used to submit payment

instructions via Swift

USD

81 mn

4 Feb 2016

13 May 2016 Tien Phong Bank

(Vietnam)

Similar as Bank of Bangladesh, but

reconciliation identified bogus transfers. In

malware, used other banks were identified

USD

1,2 mn

(blocked)

Dec 2015

20 May 2016

Banco del Austro

(Ecuador)

Fraudulent transfers executed by hacker,

via Swift, through Wells Fargo

USD

12 mn

Jan

2015

26 May 2016

Sonali Bank

Fraudulent transfer requests similar to Bank

of Bangladesh case (keyloggers used)

USD

250 K

2013

27 Jun 2016 Ukrainian Bank

Compromise the bank's security in similar

way they hacked Bangladesh central bank

USD

10 mn

Undisclosed

02 Dec 2016 Russian Central

Bank

Hackers managed to access the electronic

system that gives clients access to third-

party correspondent accounts at the bank

by faking certain client credentials, and then

attempting to steal USD 45 million

(USD 26 mn recovered)

USD

19 mn

2016

Undisclosed

Page 4: Cyber Payment Fraud Threat Landscape - SIX · Cyber Payment Fraud Threat Landscape Cyber Defense Measures for Banking Operations ... Bank of Bangladesh ... Organized Crime

3

Cyber Threat Landscape and Risk Scenarios

Threat Actors Cyber Risk Scenarios Threat Landscape

Cyber Threats Risks

Cyber Fraud – unauthorized

transactions and fraudulent activities

using stolen or manipulated data

e.g. e-banking, payment systems or

cards

Driven by economical,

political and governmental

interests.

Threats are continuously

evolving at an increasing

pace.

Our employees, clients and

third-parties are targets for

cyber criminals.

An underground market for

cyber tools has emerged.

Script Kiddies

Hacktivists

Organized Crime

Terrorists

Intelligence Agencies

Nation States

Sophis

tication a

nd m

eans

Opport

unis

tic

Targ

ete

d

Data Theft – theft of large volume of

information e.g. client data,

intellectual property, business

related information

Disruption of Service – disrupting

a financial institution's information

technology infrastructure through

external attacks, malware infection

or disgruntled internal employees

Threat Intelligence

News / Alerts

Incidents

Cyber Fraud impacting Banking Operations

Enacting fraudulent payments or transfer of assets from a firm or its

client accounts by means of direct hacking into the firms payment

infrastructure (e-banking / e-channel fraud excluded).

Page 5: Cyber Payment Fraud Threat Landscape - SIX · Cyber Payment Fraud Threat Landscape Cyber Defense Measures for Banking Operations ... Bank of Bangladesh ... Organized Crime

4

Cyber Fraud – Threat Actors and Modus Operandi

Cyber Threat Actors Motivation

Intelligence Agencies

Nation States

Organized Crime

Financial gain

(fraudulent

payments, ATM

cash-out, etc.)

Phishing / Social

Engineering Persist & Conceal

Elevate Access &

Lateral spread

Modus Operandi (APT Cyber Payment Fraud)

Monitor & Prepare Heist / Pay-out

• Select targets

(reconnaissance)

• Phish targets (e-mail

with malicious

content / link)

• In some cases

physical devices can

be implanted

• Setup external

communication

channel

• Push customized

malware / tools

• Remotely control

end-point

• Attempt to elevate

access rights or

obtain credentials

with required

accesses

• Move within internal

banking

infrastructure to find

target systems.

• Once required

access obtained of

targeted systems,

monitor end-users

and processes (for

example how

transactions are

inputted, approved

and processed)

• Transfer money out

(for example via

compromised

transaction / ATM

systems)

• Use money-mules to

process stolen funds

• Hide or delete

evidences / tracks

Compromise

internal

banking and

payment

applications

Objective

Advanced Persistent Threat (APT), targeting

end-users (or 3rd parties) using tailored tools

and social engineering techniques.

Furthermore, total time spent from prepara-

tion to final heist can take months if not

longer

Means

Page 6: Cyber Payment Fraud Threat Landscape - SIX · Cyber Payment Fraud Threat Landscape Cyber Defense Measures for Banking Operations ... Bank of Bangladesh ... Organized Crime

5

Cyber Fraud – APT Defense Measures

Internet & Social Media Monitoring

Network Intrusion Detection

Traffic Inspection

Anti-Virus & Advanced Malware Protection

Strong Password Controls &

Authentication

Secure Network Architecture

Fraud Incident Handling

Access Rights Management

Internet Traffic Filtering / Blocking

Network Protection

Application Security / Firewall

User Behaviour Analytics

Sinkholing Rogue Service Takedown

Forensic Investigations

Crisis Response Plan

Endpoint Protection

Phishing / Social

Engineering Persist & Conceal Heist / Pay-out

Awareness Training

Technical Human Processes

Periodic assessment of implemented controls including resilience testing

Anomaly detection

Filtering controls / suspension

Entitlement reviews

Security logging and Monitoring

Reconciliation

4-eyes principle (marker / checker)

Payment activity monitoring

Patch management

Privileged Access Controls

Cyber Threat Intelligence (gathering / sharing)

Counterparty management

Physical Security

Sandboxing

Elevate Access & Lateral

spread Monitor & Prepare

Network Analytics

Cyber / Computer Fraud

insurance

Page 7: Cyber Payment Fraud Threat Landscape - SIX · Cyber Payment Fraud Threat Landscape Cyber Defense Measures for Banking Operations ... Bank of Bangladesh ... Organized Crime

6

Banking Operations – Payment Progressing View

Market Channels

Input Channels

Core Processing

Messaging & Screening

AML

controls

Payments

Engine

Message

Routing

Halt of Business

Messages

Message

Monitoring

Paper client

channels

Electronic

client

channels

Market input

channels Internal

Systems

Markets

Accounting & Reporting

Interaction systems

Compliance

Filtering

Static data

Manual

interventions

Clearing Correspondent

Bank

Scope

• End-user devices

• Infrastructure

• Payment applications

• Payment gateways

• Middleware messaging

• HSM (PKI)

• Third parties

• Employees

Page 8: Cyber Payment Fraud Threat Landscape - SIX · Cyber Payment Fraud Threat Landscape Cyber Defense Measures for Banking Operations ... Bank of Bangladesh ... Organized Crime

7

Recommendations

Periodically perform the following actions

Threats / Risks

Attack methods

Defence measures

Critical applications

Gap analysis

Remediate & Test

Assess your threats and define your risk scenarios.

Understand attack methods being applied using reliable threat

intelligence.

Dissect attack path and determine required measures

(technical, processes, behavior, testing and practice).

Determine your critical asset moving applications, the users and

the underlying supporting infrastructure.

Assess potential gaps or areas for improvements

Fix gaps and test defense measures, like with red team testing

Page 9: Cyber Payment Fraud Threat Landscape - SIX · Cyber Payment Fraud Threat Landscape Cyber Defense Measures for Banking Operations ... Bank of Bangladesh ... Organized Crime

8

Conclusion

Resources and knowledge of Cyber criminals will continue to

grow and cyber fraud related attacks will become more

sophisticated.

Reliable cyber threat intelligence is crucial to understand

threats and to determine effective measures.

Don't assume that cyber threats can be defended by technical

measures only, but measures need to be in place in

different layers of control.

It is not a question of "if", but "when", so ensure have incident

response plans in place and practice regularly.

Best way to test your defense, is to use red team testers, who

will simulate cyber threat actors.

Page 10: Cyber Payment Fraud Threat Landscape - SIX · Cyber Payment Fraud Threat Landscape Cyber Defense Measures for Banking Operations ... Bank of Bangladesh ... Organized Crime

9

Q&A

Q&A