EVOLVING THREATS, VULNERABILITIES AND COUNTERMEASURES

Slides:



Advertisements
Similar presentations
The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
Advertisements

Cyber Crime Carloe Distor CCS1D. Agenda  Introduction & History  Cyber Criminals  Types of Cyber Crime  Cyber Crime in Pakistan  Protect Computers.
Norman SecureSurf Protect your users when surfing the Internet.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Marine Industry Day 2015 Sector Command Center (24 hours): (504) National Response Center: Website:
Cyber Crimes.
Taking responsibility for the Internet Eugene Kaspersky, CEO & co-founder, Kaspersky Lab.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
APT29 HAMMERTOSS Jayakrishnan M.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
Staying Safe Online Keep your Information Secure.
Resources to Support Training Programs for CSIRTs.
WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301)
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
 Introduction to Computing  Computer Programming  Terrorisom.
Financial Sector Cyber Attacks Malware Types & Remediation Best Practices
The cost of Cybercrime 1 Steve Lamb Regional Marketing Manager – EMEA, Enterprise Security Products Twitter: actionlamb.
IT Security in Nepal: Issues and challenges Rajan R. Pant ITSERT-NP.
ShapeShifter Jennifer Nguyen, Jordan Travis, Cian Connor, Rebecca Miller.
Kerala Police Why Cocon ?  What is the purpose of holding such a Conference ?
The internet is a place of both useful and bad information. It has both good and bad side- and it’s all too easy for kids to stray into it. And no parents/guardian.
CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via .
Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.
Understanding and breaking the cyber kill chain
November 14, 2016 bit.ly/nercomp_defendingyourdata16
Sophos Intercept X Matt Cooke – Senior Product Marketing Manager.
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
Follow-up issues from the presentation on Anti-virus / Security software TD & SD have encountered problems with AVG, which also is not rated highly in.
CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.
Cyber Security Zafar Sadik
3.6 Fundamentals of cyber security
To Know what Cyber crime is
CEH vs CISSP Course, Advantage, Career, Salary, Demand!
CYBER SECURITY...
CYBERSECURITY By Salomon Frangieh CISBC.
Cyber Security: State of the Nation
Active Cyber Security, OnDemand
Security in the Workplace: Information Assurance
Symantec Code Signing Certificate
The Cyber Threats Landscape
Year 10 ICT ECDL/ICDL IT Security.
© 2016 Global Market Insights, Inc. USA. All Rights Reserved Endpoint Security Market to grow at 7% CAGR from 2017 to 2024: Global Market.
Forensics Week 11.
Jon Peppler, Menlo Security Channels
Data Security Team 1.
Call AVG Antivirus Support | Fix Your PC
5G Security Training
“CYBER SPACE” - THE UNDERGROUND ECONOMY
4 ways to stay safe online 1. Avoid viruses and phishing scams
Risk of the Internet At Home
Cyber Security in the Mortgage Industry
Prepared By : Binay Tiwari
David J. Carter, CISO Commonwealth Office of Technology
Real World Advanced Threat Protection
Securing the Threats of Tomorrow, Today.
Introduction to Systems Security
Keeping your data, money & reputation safe
Cyber Security Culture
Cybercrime and Canadian Businesses
Business Compromise and Cyber Threat
Strategic threat assessment
Information Security – Sep 18
IASP 470 PROJECT PROPOSAL MALWARE DETECTION
Privacy, Security, and Ethics
Cybersecurity Simplified: Phishing
Cybersecurity Simplified: Ransomware
October is National Cybersecurity Awareness Month
Goddard Chamber September 12th, 2019 Hosts: John Ash & Jon Grover
Presentation transcript:

EVOLVING THREATS, VULNERABILITIES AND COUNTERMEASURES Jean-Michel Kaoukabani Byblos Bank GROUP NOVEMBER 2017

OUTLINE MAJOR SECURITY INCIDENTS IN 2017 HACKERS V/S SECURITY PROFESSIONALS BRIEF ON SECURITY STANDARDS/GUIDELINES AND NATIONAL REGULATIONS RECOMMENDATIONS

HACKERS V/S SECURITY PROFESSIONALS

MAJOR SECURITY INCIDENTS 2017 Financial Sector Major Large Data leaks (ex: EQUIFAX) Nation-state cyber weapons leaked and used by criminals (ex: ETERNAL BLUE) Biggest ransomware to date (WannaCry) Macro Based Downloaders continue to evolve Cyber Criminals continue to exploit vulnerabilities in websites to drop/spread malware Software for attacks on ATMS Cyber Criminals have shifted their focus to the Cryptocurrency industry for "quick profit“ and anonymity. Specialized Threat Analysis and Protection (STAP) market is challenged by new obfuscation techniques

HACKERS V/S SECURITY PROFESSIONALS Hackers act very fast Date 21-11-2017 User Nickname: Embedi Published POC on github: Vulnerability CVE 2017-11882 Few hours later: Cobalt Cybercrime Group conducted mass email sending a malicious attachment Domain names cards-cbr <dot> ru was registered 21/11/2017 (the day of email sending) Hackers are security aware and innovative Most of financial companies have SPF, DKIM and DMARC set on their domains and use SMTP/TLS Analysis of technical headers show that attackers avoid spoofing techniques. Instead they hack companies that are in most of the cases partners of SWIFT, Microsoft, Oracle IBM ... and send the malicious emails from these hacked domains.

HACKERS V/S SECURITY PROFESSIONALS Security Companies are slow It takes long for AV or security companies to identify malware or malicious/infected Domains. 2 days after

HACKERS V/S SECURITY PROFESSIONALS Security Companies lack information We identify on a daily basis arsenals of Malicious contents available on the internet and still unknown by AV & Security Intelligence providers. We know where they are posted and their analysis allows us to understand what they do! Forensic analysis led by Byblos Bank Forensic team CLEAN  BAD 

SECURITY STANDARDS/GUIDELINES

LEBANESE BANKING SECTOR REGULATIONS Circular 123- Business Continuity Plan Circular 69- Electronic Banking and Financial Operations Circular 222- IT security Guidelines Circular 272- IT Security in banks and Financial Institutions Circular 21 - Auditors reports of Banks (Internal Control) Memo 2012/9 - Security measures related to ATMs

BUT HACKERS ARE FAST AND HIGHLY SKILLED STANDARDS, REGULATIONS, FRAMEWORKS, GUIDELINES OR BEST PRACTICES HELP US BUILD OUR DEFENSE SYSTEMS. BUT HACKERS ARE FAST AND HIGHLY SKILLED Everyone is vulnerable and no one is 100% safe WHAT CAN WE DO T0 FILL THE GAP

RECOMMENDATIONS UNITY MAKES STRENGTH Anti-Virus companies started to share malware info (ex: Cyber Threat Alliance) GCC Experience: UAE UBF launched recently the ISAC SWIFT ISAC sharing security info and IOCs with their customers LEBANESE FINANCIAL INSTITUTIONS National ISAC is needed Should be moderated by an independent trustworthy party (EX: BDL or ABL)

THANK YOU

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.