Download presentation
Presentation is loading. Please wait.
Published byBrenda O’Connor’ Modified over 8 years ago
1
Proprietary and Confidential Don’t be the Next Cyber Crime Statistic C. Kevin deBrucky, Vice President PINACLE ® Security Manager
2
Proprietary and Confidential Introduction “Hacking” vs. compromise of individuals Targeting system weaknesses vs. targeting weaknesses in controls and individual awareness Discussion Topics: Financial Malware eMail Compromise 2 Use elements of: Social engineering Phishing Malware
3
Proprietary and Confidential Cybercrime: The numbers Phishing attacks on the US:30.8% of all attacks Phishing attacks on financial sites:31.45% of all attacks – Banking sites:51.95% – Online stores:24.66% – Payment systems:23.39% Malware used for financial attacks:93.8% of all malware used US financial malware attacks:1,529,000+ Non-US financial malware attacks:19,786,000+ 6
4
Proprietary and Confidential Financial Malware Significant new threat emerged in late 2014 Distributed broadly through phishing campaigns “Generic” email subjects entice recipient to open the attachment Recent strains able to leverage Outlook for further propagation Once attachment is opened, malware installs itself Malware activates when user navigates to a targeted online banking URL User session is redirected to a bogus site, used to harvest user credentials 4
5
Proprietary and Confidential Financial Malware – Example Fraudulent Page Legitimate Page 4
6
Proprietary and Confidential Financial Malware The malware reports the user’s credentials to the fraudster’s “Command and Control Center” The fraudster then uses the credentials to log in to the site from a “clean” PC The Command/Control Center is also used to push various “stall screens” and additional authentication prompts to the user, as needed by the fraudster Finally, the fraudulent site will request access from a second operator in order to gain a second set of credentials The malware may also prompt users to enter their name/telephone number – which the fraudsters then use to contact the user directly 6 Red Flag
7
Proprietary and Confidential Financial Malware – Example Fraudulent Page 7
8
Proprietary and Confidential Financial Malware – Example Fraudulent Pages 8
9
Proprietary and Confidential Financial Malware – Example Fraudulent Page 9
10
Proprietary and Confidential BEC: The numbers Total U.S. victims:1198 Total U.S. dollar loss:$179,755,367 Total non-U.S. victims:928 Total non-U.S. dollar loss:$35,217,136 Combined victims:2126 Combined dollar loss:$214,972,503 10
11
Proprietary and Confidential Different types of BEC Invoice Modification – Business has long standing relationship with supplier – Request is made to have funds to an alternate fraudulent account – Email is spoofed to look very similar to legitimate account Business Executive Scam – High level business executive’s email account is compromised – A request is made from compromised account to employee responsible for handling payments to divert funds to fraudsters account Employee Email Compromise – Fraudster uses employee email to request payment to their accounts 11
12
Proprietary and Confidential eMail Compromise Hacked or spoofed (fictitious) email accounts are used to communicate requests to initiate payments or change existing payment instructions Requests appear to come from an executive (CEO, CFO, etc.) or a known trading partner (vendor) of the targeted company Often the executive’s or supplier’s legitimate email account is compromised The fraudsters can glean facts and valid information from other emails in the compromised mailbox making the fraudulent payment request seem authentic 12
13
Proprietary and Confidential eMail Compromise Warning signs of an email compromise: Request from a supplier to change payment instructions for an upcoming payment Request from a company executive to initiate a critical payment The request creates a sense of urgency to prompt immediate action Often the request insists on secrecy or confidentiality and suggests bypassing established procedures Requestor insists on communication via email Requestor wants immediate confirmation when payment is executed 13 Red Flag
14
Proprietary and Confidential BEC challenges Customer authenticates with known trusted device Customer actually authorizes and releases wire transfer Recovering funds from overseas accounts Enlisting law enforcement support in a timely manner 14
15
Proprietary and Confidential eMail Compromise – Example 15
16
Proprietary and Confidential eMail Compromise – Example 16 From: John Smith [mailto: john.smith@kstoolvvorks.com] john.smith@kstoolvvorks.com Sent: Wednesday, May 6, 2015 To: Susan Hoyle Subject: Payment Needed Today! Are you available to make a payment for me today? John M. Smith, President and CEO T: 555-555-1111 e: john.smith@kstoolworks.com Yes, I am in the office all day. Send me the payment details. From: Susan Hoyle [mailto: susan.hoyle@kstoolworks.com] susan.hoyle@kstoolworks.com Sent: Wednesday, May 6, 2015 To: John Smith Subject: RE: Payment Needed Today! Susan Hoyle Controller/CFO T: 555-555-2222 e: susan.hoyle@kstoolworks.com Attached are the payment instructions. Code to Admin Expenses. I am not reachable by cell today, so use email. Please let me know as soon as the payment is sent as this must be done today. From: John Smith [mailto: j ohn.smith@kstoolvvorks.com] ohn.smith@kstoolvvorks.com Sent: Wednesday, May 6, 2015 To: Susan Hoyle Subject: RE: Payment Needed Today! John M. Smith, President and CEO T: 555-555-1111 e: john.smith@kstoolworks.com
17
Proprietary and Confidential Best Practices Validate User Entitlements Payment Initiation vs. Approval segregation Dollar limits and transaction types Bank Application Security Controls Review and enroll in optional bank security controls when applicable Monitor Account Activity daily Use different computers or mobile devices for payment initiation and approval processes 17
18
Proprietary and Confidential Best Practices Use out-of-band verification to confirm email payment requests or requests to change payment instructions with the requestor: Use direct contact with a known individual and known telephone number; do not use email to verify the request Implement secondary approval (internally) for all changes to vendor payment instructions Employ strict vendor management procedures Develop clear internal policies and procedures for payment initiation requests Obtain buy-in from senior managers 18
19
Proprietary and Confidential Best Practices Do not open attachments or click on links in emails from unknown senders Be suspicious of emails with generic subject titles, such as ”Your Documents” or “Invoice” Consider using dedicated computers for sensitive web access (no email access and restricted website access) Be very cautious about sharing information on social networking sites 19
20
Proprietary and Confidential Questions? PNC Financial Services Group 20 Contact Information: C. Kevin deBrucky, SVP PINACLE ® Product Manager PNC Treasury Management eMail: Charles.Debrucky@pnc.com
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.