Financial Sector Cyber Attacks Malware Types & Remediation Best Practices

Slides:



Advertisements
Similar presentations
Thank you to IT Training at Indiana University Computer Malware.
Advertisements

7 Effective Habits when using the Internet Philip O’Kane 1.
Target Data Breach – Cost of the Learning Curve Discuss the recent Target data breach and its impact on the industry as well as individuals January 29/30,
New trends on cyber security - Cyber Espionage & Identity theft By K S Yash, CRO 1.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
CUTTING OFF THE HYDRA HEADS OF ACH WIRE FRAUD Presented by: Eigen Heald, MsIA, CISA, CISSP, CGEIT, CEH, GCFA.
#AVeSPresents AVeS Cyber Security Confidence in your Digital Information 2014/09/25 Charl Ueckermann Managing Director AVeS Cyber Security Lex Informatica.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Cyber X-Force-SMS alert system for threats.
Security Controls – What Works
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Why Comply with PCI Security Standards?
Bank Crime Investigation Techniques by means of Forensic IT
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Information Security Technological Security Implementation and Privacy Protection.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Agenda Do You Need to Be Concerned? Information Risk at Nationwide
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.
1 The Threatscape is evolving rapidly A.Prove capabilities? B.Exact revenge? C.Erode our confidence? D.Perpetrate fraud in the background via the contact.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301)
ED 505 Educational Technology By James Moore.  What is the definition of Netiquette and how does it apply to social media sites? ◦ Netiquette is the.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
1 Computer Crime Often defies detection Amount stolen or diverted can be substantial Crime is “clean” and nonviolent Number of IT-related security incidents.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Topic 5: Basic Security.
Advanced Persistent Threats (APT) Sasha Browning.
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
Computer Skills and Applications Computer Security.
Proprietary and Confidential Don’t be the Next Cyber Crime Statistic C. Kevin deBrucky, Vice President PINACLE ® Security Manager.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
Cyber Security – The Changing Landscape Erick Weber Department of Public Works Khaled Tawfik Cyber Security.
©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE.
Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
SAP – our anti-hacking software. Banking customers can do most transactions, payments and transfer online, through very secure encrypted connections.
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
Outline of this module By the end of this module, you will be able to: Understand the benefits that internet banking provides; Name the different dangers.
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.
November 14, 2016 bit.ly/nercomp_defendingyourdata16
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Karsten Chearis Sales Engineer.
Introduction to Computers
Critical Security Controls
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Burke.
3.6 Fundamentals of cyber security
CYBER SECURITY...
CYBERSECURITY By Salomon Frangieh CISBC.
Cyber Security & IT: What’s Next?
Data Compromises: A Tax Practitioners “Nightmare”
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them David Hood Director of Technology Marketing.
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Bird Team Lead, Account Executive.
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Vanderhoff.
Jon Peppler, Menlo Security Channels
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Matthew Gardiner Product Marketing.
Cybersecurity Awareness
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Andrew Cotton.
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Matthew Gardiner Product Marketing.
Information Security Awareness
Anatomy of a Large Scale Attack
Business Compromise and Cyber Threat
Information Security – Sep 18
Defencebyte THE PERFECT SECURITY FOR YOUR COMPUTER.
Presentation transcript:

Financial Sector Cyber Attacks Malware Types & Remediation Best Practices Prepared by: Elias Diab President and CEO, Infotechglobe Cyber Security Solutions

Agenda Introduction Cyber Attack Types Malware Types and Characteristics Malware Remediation and Risk Reduction Measures Case Study: CARBANAK Trojan APT

Introduction The improvement of online banking system, and its increased use by consumers worldwide has made this service a privileged target for cyber criminals. Security breaches of key financial institutions can pose a substantial danger to market confidence and the nation’s financial stability overall. Data privacy and protection breaches (customer records, or confidential documents), impose hefty penalties. Cyber attacks have far-reaching consequences - Financial, Reputational, Regulatory, and Legal. Cyber criminals motivation - Undermining financial institutions reputation and capability to conduct business, while achieving huge financial profits.

Phishing Ransomware Scanning Cyber Attack Types Untargeted Attacks: Criminals do not focus on a particular victim but target as many devices, users or services as possible. Phishing Ransomware Scanning Drive By Download

Cyber Attack Types (Continued) Targeted Attacks: Criminals specifically tailor the attack to the targeted financial institution. Spear Phishing DoS/DDoS Water Holing

Malware Types and Characteristics Vawtrak (Neverquest or Snifula) This banking Trojan spreads itself via social media, email and file transfer protocols. Being able to hide evidence of the fraud by changing (on the fly) the balance shown to the victim makes it unique. It is based on MITB attack. Zeus/Zbot Uses a technique called “Man-in-the-Browser” to exploit vulnerabilities in browsers that covertly modify web transactions. From the victim’s PC, Zeus automatically connects to the attacker’s C&C and starts stealing the user’s login credentials, and subsequently amounts of money from the user’s account. Cryptolocker / CrytoWall It’s a ransomware Trojan that encrypts personal and system files. It spreads in many ways, mainly via phishing emails that contain malicious attachments or links, or via drive-by download sites. Carbanak Victims infected via spear phishing technique. Once infected, attackers jump into the internal network and track down administrators’ computers for video surveillance. Screens of staff servicing the cash transfer systems get recorded, so fraudsters learn every detail of the bank clerks’ work, and allows them to mimic staff activity in order to transfer money and cash out.

Malware Remediation and Risk Reduction Measures Build and utilize an effective risk management program and framework Identify vulnerabilities and regularly patch your systems and applications Adopt effective SOC and gradually evolve it into a security intelligence center Establish a cyber incident management and response function Create a cyber security awareness training program Use a defense-in-depth approach - No one single technology will stop APT Regular review and updates of security policies and procedures Apply big data analytics and capabilities in discovering APT attacks Establish an internal forensics function as part of your SOC solution

Case Study – CARBANAK Trojan Spear Phishing Emails with MS Word (.doc) and Control Panel Applet (.CPL) files attached. The following is an example of a Carbanak spear phishing email: Email attachments exploited vulnerabilities in Microsoft Office 2003, 2007 and 2010 (CVE-2012-0158=Buffer Overflow, and CVE-2013-3906=Remote Code Execution for Microsoft Graphics Component) and MS Word RTF Remote Code (CVE-2014-1761). Manual reconnaissance of victims (control of video capabilities established). Long term observation and reconnaissance conducted Remote Admin (Access) Tool installed and communication established with C&C

Case Study – CARBANAK Trojan (Continued) Attackers observed the protocols and daily operational tempo of their targets Video Surveillance of main banks employees and system/security admins were recorded and shared with C&C. Exploitation methodologies and mechanisms developed and tailored to each victim Attackers impersonated legitimate local users activities and actions Money transfer starts to take place (e-Payment systems, ATMs, SWIFT, Online Banking, etc.). Total loss estimated is around $1 Billion – From around 100 Financial institutions worldwide. Stolen funds transferred out of affected countries to various bank accounts and money mule services in US and China. ...New variant of CARBANAK spotted recently (September 2015) – Are you ready for it (and for other types as well)??!

Case Study – CARBANAK Trojan (Continued)

Questions?