Presentation is loading. Please wait.

Presentation is loading. Please wait.

Financial Sector Cyber Attacks Malware Types & Remediation Best Practices

Similar presentations


Presentation on theme: "Financial Sector Cyber Attacks Malware Types & Remediation Best Practices"— Presentation transcript:

1

2 Financial Sector Cyber Attacks Malware Types & Remediation Best Practices
Prepared by: Elias Diab President and CEO, Infotechglobe Cyber Security Solutions

3 Agenda Introduction Cyber Attack Types
Malware Types and Characteristics Malware Remediation and Risk Reduction Measures Case Study: CARBANAK Trojan APT

4 Introduction The improvement of online banking system, and its increased use by consumers worldwide has made this service a privileged target for cyber criminals. Security breaches of key financial institutions can pose a substantial danger to market confidence and the nation’s financial stability overall. Data privacy and protection breaches (customer records, or confidential documents), impose hefty penalties. Cyber attacks have far-reaching consequences - Financial, Reputational, Regulatory, and Legal. Cyber criminals motivation - Undermining financial institutions reputation and capability to conduct business, while achieving huge financial profits.

5 Phishing Ransomware Scanning
Cyber Attack Types Untargeted Attacks: Criminals do not focus on a particular victim but target as many devices, users or services as possible. Phishing Ransomware Scanning Drive By Download

6 Cyber Attack Types (Continued)
Targeted Attacks: Criminals specifically tailor the attack to the targeted financial institution. Spear Phishing DoS/DDoS Water Holing

7 Malware Types and Characteristics
Vawtrak (Neverquest or Snifula) This banking Trojan spreads itself via social media, and file transfer protocols. Being able to hide evidence of the fraud by changing (on the fly) the balance shown to the victim makes it unique. It is based on MITB attack. Zeus/Zbot Uses a technique called “Man-in-the-Browser” to exploit vulnerabilities in browsers that covertly modify web transactions. From the victim’s PC, Zeus automatically connects to the attacker’s C&C and starts stealing the user’s login credentials, and subsequently amounts of money from the user’s account. Cryptolocker / CrytoWall It’s a ransomware Trojan that encrypts personal and system files. It spreads in many ways, mainly via phishing s that contain malicious attachments or links, or via drive-by download sites. Carbanak Victims infected via spear phishing technique. Once infected, attackers jump into the internal network and track down administrators’ computers for video surveillance. Screens of staff servicing the cash transfer systems get recorded, so fraudsters learn every detail of the bank clerks’ work, and allows them to mimic staff activity in order to transfer money and cash out.

8 Malware Remediation and Risk Reduction Measures
Build and utilize an effective risk management program and framework Identify vulnerabilities and regularly patch your systems and applications Adopt effective SOC and gradually evolve it into a security intelligence center Establish a cyber incident management and response function Create a cyber security awareness training program Use a defense-in-depth approach - No one single technology will stop APT Regular review and updates of security policies and procedures Apply big data analytics and capabilities in discovering APT attacks Establish an internal forensics function as part of your SOC solution

9 Case Study – CARBANAK Trojan
Spear Phishing s with MS Word (.doc) and Control Panel Applet (.CPL) files attached. The following is an example of a Carbanak spear phishing attachments exploited vulnerabilities in Microsoft Office 2003, 2007 and 2010 (CVE =Buffer Overflow, and CVE =Remote Code Execution for Microsoft Graphics Component) and MS Word RTF Remote Code (CVE ). Manual reconnaissance of victims (control of video capabilities established). Long term observation and reconnaissance conducted Remote Admin (Access) Tool installed and communication established with C&C

10 Case Study – CARBANAK Trojan (Continued)
Attackers observed the protocols and daily operational tempo of their targets Video Surveillance of main banks employees and system/security admins were recorded and shared with C&C. Exploitation methodologies and mechanisms developed and tailored to each victim Attackers impersonated legitimate local users activities and actions Money transfer starts to take place (e-Payment systems, ATMs, SWIFT, Online Banking, etc.). Total loss estimated is around $1 Billion – From around 100 Financial institutions worldwide. Stolen funds transferred out of affected countries to various bank accounts and money mule services in US and China. ...New variant of CARBANAK spotted recently (September 2015) – Are you ready for it (and for other types as well)??!

11 Case Study – CARBANAK Trojan (Continued)

12 Questions?


Download ppt "Financial Sector Cyber Attacks Malware Types & Remediation Best Practices"

Similar presentations


Ads by Google