Presentation is loading. Please wait.

Presentation is loading. Please wait.

EVOLVING THREATS, VULNERABILITIES AND COUNTERMEASURES

Published byCurtis Robertson Modified over 6 years ago

Similar presentations

Presentation on theme: "EVOLVING THREATS, VULNERABILITIES AND COUNTERMEASURES"— Presentation transcript:

1 EVOLVING THREATS, VULNERABILITIES AND COUNTERMEASURES
Jean-Michel Kaoukabani Byblos Bank GROUP NOVEMBER 2017

2 OUTLINE MAJOR SECURITY INCIDENTS IN 2017
HACKERS V/S SECURITY PROFESSIONALS BRIEF ON SECURITY STANDARDS/GUIDELINES AND NATIONAL REGULATIONS RECOMMENDATIONS

3 HACKERS V/S SECURITY PROFESSIONALS

4 MAJOR SECURITY INCIDENTS 2017
Financial Sector Major Large Data leaks (ex: EQUIFAX) Nation-state cyber weapons leaked and used by criminals (ex: ETERNAL BLUE) Biggest ransomware to date (WannaCry) Macro Based Downloaders continue to evolve Cyber Criminals continue to exploit vulnerabilities in websites to drop/spread malware Software for attacks on ATMS Cyber Criminals have shifted their focus to the Cryptocurrency industry for "quick profit“ and anonymity. Specialized Threat Analysis and Protection (STAP) market is challenged by new obfuscation techniques

5 HACKERS V/S SECURITY PROFESSIONALS
Hackers act very fast Date User Nickname: Embedi Published POC on github: Vulnerability CVE Few hours later: Cobalt Cybercrime Group conducted mass sending a malicious attachment Domain names cards-cbr <dot> ru was registered 21/11/2017 (the day of sending) Hackers are security aware and innovative Most of financial companies have SPF, DKIM and DMARC set on their domains and use SMTP/TLS Analysis of technical headers show that attackers avoid spoofing techniques. Instead they hack companies that are in most of the cases partners of SWIFT, Microsoft, Oracle IBM ... and send the malicious s from these hacked domains.

6 HACKERS V/S SECURITY PROFESSIONALS
Security Companies are slow It takes long for AV or security companies to identify malware or malicious/infected Domains. 2 days after

7 HACKERS V/S SECURITY PROFESSIONALS
Security Companies lack information We identify on a daily basis arsenals of Malicious contents available on the internet and still unknown by AV & Security Intelligence providers. We know where they are posted and their analysis allows us to understand what they do! Forensic analysis led by Byblos Bank Forensic team CLEAN  BAD 

8 SECURITY STANDARDS/GUIDELINES

9 LEBANESE BANKING SECTOR REGULATIONS
Circular 123- Business Continuity Plan Circular 69- Electronic Banking and Financial Operations Circular 222- IT security Guidelines Circular 272- IT Security in banks and Financial Institutions Circular Auditors reports of Banks (Internal Control) Memo 2012/9 - Security measures related to ATMs

10 BUT HACKERS ARE FAST AND HIGHLY SKILLED
STANDARDS, REGULATIONS, FRAMEWORKS, GUIDELINES OR BEST PRACTICES HELP US BUILD OUR DEFENSE SYSTEMS. BUT HACKERS ARE FAST AND HIGHLY SKILLED Everyone is vulnerable and no one is 100% safe WHAT CAN WE DO T0 FILL THE GAP

11 RECOMMENDATIONS UNITY MAKES STRENGTH
Anti-Virus companies started to share malware info (ex: Cyber Threat Alliance) GCC Experience: UAE UBF launched recently the ISAC SWIFT ISAC sharing security info and IOCs with their customers LEBANESE FINANCIAL INSTITUTIONS National ISAC is needed Should be moderated by an independent trustworthy party (EX: BDL or ABL)

12 THANK YOU

Download ppt "EVOLVING THREATS, VULNERABILITIES AND COUNTERMEASURES"

Similar presentations

The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
Cyber Crime Carloe Distor CCS1D. Agenda  Introduction & History  Cyber Criminals  Types of Cyber Crime  Cyber Crime in Pakistan  Protect Computers.

Cyber Crime Carloe Distor CCS1D. Agenda  Introduction & History  Cyber Criminals  Types of Cyber Crime  Cyber Crime in Pakistan  Protect Computers.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.

COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
First Community Bank www.fcbnm.com Prevx Safe Online Rollout & Best Practice Presentation.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Marine Industry Day 2015 Sector Command Center (24 hours): (504) 365-2200 National Response Center: 1-800-424-8802 Website:

Marine Industry Day 2015 Sector Command Center (24 hours): (504) National Response Center: Website:
Cyber Crimes.

Cyber Crimes.
Taking responsibility for the Internet Eugene Kaspersky, CEO & co-founder, Kaspersky Lab.

Taking responsibility for the Internet Eugene Kaspersky, CEO & co-founder, Kaspersky Lab.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
APT29 HAMMERTOSS Jayakrishnan M.

APT29 HAMMERTOSS Jayakrishnan M.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
Staying Safe Online Keep your Information Secure.

Staying Safe Online Keep your Information Secure.
Resources to Support Training Programs for CSIRTs.

Resources to Support Training Programs for CSIRTs.
WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301) 512-3350.

WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301)
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
 Introduction to Computing  Computer Programming  Terrorisom.

 Introduction to Computing  Computer Programming  Terrorisom.
Financial Sector Cyber Attacks Malware Types & Remediation Best Practices

Financial Sector Cyber Attacks Malware Types & Remediation Best Practices
The cost of Cybercrime 1 Steve Lamb Regional Marketing Manager – EMEA, Enterprise Security Products Twitter: actionlamb.

The cost of Cybercrime 1 Steve Lamb Regional Marketing Manager – EMEA, Enterprise Security Products Twitter: actionlamb.
IT Security in Nepal: Issues and challenges Rajan R. Pant ITSERT-NP.

IT Security in Nepal: Issues and challenges Rajan R. Pant ITSERT-NP.
ShapeShifter Jennifer Nguyen, Jordan Travis, Cian Connor, Rebecca Miller.

ShapeShifter Jennifer Nguyen, Jordan Travis, Cian Connor, Rebecca Miller.

Similar presentations

Ads by Google