The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas.

Slides:

Advertisements

Similar presentations

Chapter 6 E-commerce Payment Systems. Traditional Payment Systems Cash Checking Transfers Credit Card Accounts Stored Value Accounts Accumulating Balance.

Advertisements

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

Credit Card Fraud. Credit card fraud - situation when an individual uses another individual’s credit card for personal reasons while the owner is not.

English Arabic Cyber Security: Implications of recent breaches MENOG April 2015.

#AVeSPresents AVeS Cyber Security Confidence in your Digital Information 2014/09/25 Charl Ueckermann Managing Director AVeS Cyber Security Lex Informatica.

Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.

September 2001Chapter 10: B2B Grows Up Key questions answered in this chapter: What are the four stages to the evolution of B2B capabilities? What are.

Phishing – Read Behind The Lines Veljko Pejović

Electronic Commerce Systems

Cyber Security and Fraud By: Connor Warden and Nicole Speck Social Networking Payment Cards Job Offer Scams West African False Charities.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

Protecting Against Online Fraud F5 SIT Forum

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Key questions answered in this chapter:  What are the four stages to the evolution of B2B capabilities?  What are the three categories of B2B?  Describe.

Social impacts of the use of it By: Mohamed Abdalla.

Confidential On-line Banking Risks & Countermeasures By Vishal Salvi – CISO HDFC Bank IBA Banking Security Summit 2009.

Computer Crime and CyberCrime Why we need Computer Forensics.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

An Insight into the Relationship Between Social Media and the Susceptibility to Malicious Intent Presented by Rebecca Morgan 15/05/2015 >>>>2.

The impact of -borne threats Why companies should recognise and embrace the need for change.

E-BANKING E-banking is defined as the automated delivery of new and traditional banking products and services directly to customers through electronic,

Electronic Commerce & Marketing. What is E-Commerce? Business communications and transactions over networks and through computers, specifically –The buying.

Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,

Data Breaches in Payments Systems- Roles and Best Practices for the Public and Private Sector Response Don Rhodes Director Risk Management Policy American.

Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.

Malware Targets Bank Accounts GAMEOVER!!. GameOver Cyber criminals have found yet another way to steal your hard-earned money: a recent phishing scheme.

BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)

Phishing Problem Kristián Kučerák Milan Just. Abstract In this age of broadband, wireless, and network interconnectivity, we enjoy the unprecedented power.

Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.

E-COMMERCE. Definition of E-commerce It is the purchasing, selling and exchanging of goods and services over computer networks through which transactions.

Consistency in Reporting Data Breaches

Chapter Twelve Digital Interactive Media Arens|Schaefer|Weigold Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution.

Financial Sector Cyber Attacks Malware Types & Remediation Best Practices

Alert against Online Shopping Frauds. Online Shopping A form of electronic commerce whereby consumers directly buy goods or services from a seller over.

Fraud in today’s world September 18, What do these numbers represent?

Security A Payments Perspective Terry Dooley EVP & CIO SHAZAM Network.

Cybersecurity Test Review Introduction to Digital Technology.

Security risks in a network. Remote access  When you connect a computer to a network it is visible to all other computers on the network. When you connect.

Regional Cyber Crime Unit

Building Wealth Over the Long Term. Three Rules for Building Wealth 1.Start early. – Give money time to grow. 2.Buy and hold. – Keep your money invested.

NADAV PELEG HEAD OF MOBILE SECURITY The Mobile Threat: Consumer Devices Business Risks David Parkinson MOBILE SECURITY SPECIALIST, NER.

Combating Constantly Evolving Advanced Threats – Solution Architecture Mats Aronsson, Nordic Technical Leader Trusteer, IBM Security.

Working with the banking sector to prevent and detect criminal money flows on the Internet Dave O’Reilly, Chief Technologist, FTR Solutions Co-funded by.

Opening up a Checking Account Eliseo Lugo III. 2 To choose the one that’s right for you when the time comes To take the right steps to open a bank account.

 In its simplest form ecommerce is the buying and selling of products and services by businesses and consumers over the Internet.

External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.

Safe Computing Practices. What is behind a cyber attack? 1.

Zeus Virus By: Chris Foley. Overview  What is Zeus  What Zeus Did  The FBI investigation  The virus for phones  Removal and detection  Conclusion.

Analysing s Michael Jones. Overview How works Types of crimes associated with Mitigations Countermeasures Michael Jones2Analsysing s.

Outline of this module By the end of this module, you will be able to: Understand the benefits that internet banking provides; Name the different dangers.

Bank On It FDIC Money Smart for Young Adults Building: Knowledge, Security, Confidence.

CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)

What do these numbers represent?

A Board-Level Business Risk

Authentication 2.0: User Generated Security

Tackling Cyber threats together

“CYBER SPACE” - THE UNDERGROUND ECONOMY

The methods of phishing By EverTokki Lee

Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Matthew Gardiner Product Marketing.

Anatomy of a Large Scale Attack

Workshop on online fraud and electronic payment frauds

Tackling Cyber threats together

Cybersecurity Simplified: Phishing

Presentation transcript:

The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas

Overview  Setting the Scene  Attacks & Exploits  Monetising the attack  The bigger picture

Setting the Scene

What is eCrime?

Organised Crime Product design & development FinanceResourcingStrategy Intelligence Market Research Customer Base Distribution Governance Risk Analysis Return on Investment Takeovers CompetitionMergers

Remote banking?

What is being attacked?

Why? In economic terms Wider Market Base. Greater ROI. Cost/Benefit Model. In criminal terms I rob banks ‘cos that’s where the money is Willie Sutton c1930

Attacks & Exploits

Phishing

Phishing Explained 1. Attacker creates / hijacks website 2. Phishing sent 3. Victim directed to phishing site 4. Phished Credentials forwarded to Drop server 5. Creds forwarded to phisher 6. Creds traded on online forums 7. Phishers use credentials to access genuine accounts

Phishing evolved  MITM/Real-time Phishing  Capture & use victim 2-FA pass code in real time thus defeating multi factor authentication.  HTML form attachment  Doesn't require a phishing a site and so evades traditional phishing takedown.  Vhishing & Smishing  Use of traditional social engineering techniques to gather credentials  Use of VOIP technology to spoof & evade detection

Malware

ZEUS Spyeye Citadel Carberp ICE IX Shylock

Attack vectors

Monetising the attack

Beneficiaries/Money Mules Continues to be the Bottleneck  lots of credentials not enough mule accounts Money Mule categories  The professionals  The unsuspecting/duped Developments  Pre-Paid card accounts- lack of KYC  Fake online businesses International Payments (SEPA)  International fraud payments to mule accounts across the EU. Job offer We have found your resume at Monster.com and would like to suggest you a "Transfer manager" vacancy. We have thoroughly studied your resume and are happy to inform you that your skills completely meet our requirements for this position. Our company buy, sell, and exchange digital currencies, like E-gold and E-bullion.

Putting it all together

Crime as a Service

Op HighRoller  Customised Zeus / Spyeye variant.  Automated.  Checked balance.  High net-worth accounts >e200,000.  Targeted over 60 institutions  Global network of mules.

The Wider Picture

Global View

Future Challenges

Things to think about

The next generation….

Don’t underestimate the adversary

Maintain situational awareness

Questions?