Presentation is loading. Please wait.

Presentation is loading. Please wait.

The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas.

Published byDebra Prudence Black Modified over 9 years ago

Similar presentations

Presentation on theme: "The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas."— Presentation transcript:

1 The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas

2 Overview  Setting the Scene  Attacks & Exploits  Monetising the attack  The bigger picture

3 Setting the Scene

4 What is eCrime?

5 Organised Crime Product design & development FinanceResourcingStrategy Intelligence Market Research Customer Base Distribution Governance Risk Analysis Return on Investment Takeovers CompetitionMergers

6 Remote banking?

7 What is being attacked?

8 Why? In economic terms Wider Market Base. Greater ROI. Cost/Benefit Model. In criminal terms I rob banks ‘cos that’s where the money is Willie Sutton c1930

9 Attacks & Exploits

10 Phishing

11 Phishing Explained 1. Attacker creates / hijacks website 2. Phishing email sent 3. Victim directed to phishing site 4. Phished Credentials forwarded to Drop server 5. Creds forwarded to phisher 6. Creds traded on online forums 7. Phishers use credentials to access genuine accounts

12 Phishing evolved  MITM/Real-time Phishing  Capture & use victim 2-FA pass code in real time thus defeating multi factor authentication.  HTML form attachment  Doesn't require a phishing a site and so evades traditional phishing takedown.  Vhishing & Smishing  Use of traditional social engineering techniques to gather credentials  Use of VOIP technology to spoof & evade detection

13 Malware

14 ZEUS Spyeye Citadel Carberp ICE IX Shylock

15 Attack vectors www.XXX.com

16 Monetising the attack

17 Beneficiaries/Money Mules Continues to be the Bottleneck  lots of credentials not enough mule accounts Money Mule categories  The professionals  The unsuspecting/duped Developments  Pre-Paid card accounts- lack of KYC  Fake online businesses International Payments (SEPA)  International fraud payments to mule accounts across the EU. Job offer We have found your resume at Monster.com and would like to suggest you a "Transfer manager" vacancy. We have thoroughly studied your resume and are happy to inform you that your skills completely meet our requirements for this position. Our company buy, sell, and exchange digital currencies, like E-gold and E-bullion.

18 Putting it all together

19 Crime as a Service

20 Op HighRoller  Customised Zeus / Spyeye variant.  Automated.  Checked balance.  High net-worth accounts >e200,000.  Targeted over 60 institutions  Global network of mules.

21 The Wider Picture

22 Global View

23 Future Challenges

24 Things to think about

25 The next generation….

26 Don’t underestimate the adversary

27 Maintain situational awareness

28 Questions?

Download ppt "The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas."

Similar presentations

Chapter 6 E-commerce Payment Systems. Traditional Payment Systems Cash Checking Transfers Credit Card Accounts Stored Value Accounts Accumulating Balance.

Chapter 6 E-commerce Payment Systems. Traditional Payment Systems Cash Checking Transfers Credit Card Accounts Stored Value Accounts Accumulating Balance.
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Credit Card Fraud. Credit card fraud - situation when an individual uses another individual’s credit card for personal reasons while the owner is not.

Credit Card Fraud. Credit card fraud - situation when an individual uses another individual’s credit card for personal reasons while the owner is not.
English Arabic Cyber Security: Implications of recent breaches MENOG April 2015.

English Arabic Cyber Security: Implications of recent breaches MENOG April 2015.
#AVeSPresents AVeS Cyber Security Confidence in your Digital Information 2014/09/25 Charl Ueckermann Managing Director AVeS Cyber Security Lex Informatica.

#AVeSPresents AVeS Cyber Security Confidence in your Digital Information 2014/09/25 Charl Ueckermann Managing Director AVeS Cyber Security Lex Informatica.
E-banking.

E-banking.
Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.

Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.
September 2001Chapter 10: B2B Grows Up Key questions answered in this chapter: What are the four stages to the evolution of B2B capabilities? What are.

September 2001Chapter 10: B2B Grows Up Key questions answered in this chapter: What are the four stages to the evolution of B2B capabilities? What are.
Phishing – Read Behind The Lines Veljko Pejović

Phishing – Read Behind The Lines Veljko Pejović
Electronic Commerce Systems

Electronic Commerce Systems
Cyber Security and Fraud By: Connor Warden and Nicole Speck Social Networking Payment Cards Job Offer Scams West African False Charities.

Cyber Security and Fraud By: Connor Warden and Nicole Speck Social Networking Payment Cards Job Offer Scams West African False Charities.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
Protecting Against Online Fraud F5 SIT Forum

Protecting Against Online Fraud F5 SIT Forum
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Key questions answered in this chapter:  What are the four stages to the evolution of B2B capabilities?  What are the three categories of B2B?  Describe.

Key questions answered in this chapter:  What are the four stages to the evolution of B2B capabilities?  What are the three categories of B2B?  Describe.
Social impacts of the use of it By: Mohamed Abdalla.

Social impacts of the use of it By: Mohamed Abdalla.
Confidential On-line Banking Risks & Countermeasures By Vishal Salvi – CISO HDFC Bank IBA Banking Security Summit 2009.

Confidential On-line Banking Risks & Countermeasures By Vishal Salvi – CISO HDFC Bank IBA Banking Security Summit 2009.

Similar presentations

Ads by Google