Post on 06-Jun-2020
KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW
Petr Zahálka
Avnet s.r.o.
AKTUÁLNÍ SITUACE
http://www.csas.cz/banka/content/inet/internet/cs/n
ews_ie_2271.xml?archivePage=phishing&navid=nav00
156_phishing_aktuality
3
AKTUÁLNÍ SITUACE
http://www.csas.cz/banka/content/inet/internet/cs/n
ews_ie_2246.xml?archivePage=phishing&navid=nav00
156_phishing_aktuality
5
AKTUÁLNÍ SITUACE
http://www.csas.cz/banka/content/inet/internet/cs
/news_ie_2246.xml?archivePage=phishing&navid=n
av00156_phishing_aktuality
7
AKTUÁLNÍ SITUACE
8
AKTUÁLNÍ SITUACE
9
FRAUD PREVENTION IN ACTION
10
BANK
MALWARE/
CYBER-CRIMINALS
Social Engineering
Logging Phishing + Stolen Certificates
Driver “killer” DNS Change PHISHING
PAGE
Account #1
Account #2
Malicious Accounts
login
$$$ 3 days
Screenshotting
Code Injection
OBS
login
KASPERSKY FRAUD PREVENTION PLATFORM
11
BANK
Kaspersky Fraud
Prevention Console
Kaspersky
Fraud Prevention
Clientless Engine
Server side protection and
Management
USER Kaspersky Fraud Prevention
for endpoints
Kaspersky Fraud Prevention SDK Mobile SDK
User protection
Kaspersky Fraud Prevention
Education Services
Kaspersky Fraud Prevention
Management Services
Kaspersky Fraud Prevention
Professional Services
Kaspersky Fraud prevention
Intelligence Services
Services
Kaspersky Security Network —
Global Security Intelligence
KASPERSKY FRAUD PREVENTION:
USER PROTECTION
RISKS OF UNTRUSTED BANKING
13
Website Phishing sites
Connection Substitution of DNS,
proxy or hosts file
Traffic interception
Environment Vulnerability exploitation
Code injection
Social engineering
Screenshotting and
keylogging
Website Phishing sites
Connection Substitution of DNS,
proxy or hosts file
Traffic interception
Environment Vulnerability exploitation
Code injection
Social engineering
Screenshotting and
keylogging
TRUSTED BANKING
14
Website
Anti-phishing
List of trusted sites
Connection
Kaspersky
Security Network
SSL certificate database
in the cloud
Environment
Secure Browser
Secure Keyboard
Screenshot Capture
protection
Vulnerability scan
Self-protection
Website
Anti-phishing
List of trusted sites
Connection
Kaspersky
Security Network
SSL certificate database
in the cloud
Environment
Secure Browser
Secure Keyboard
Screenshot Capture
protection
Vulnerability scan
Self-protection
TRUSTED BANKING
15
Safe Money
BROWSER THREATS
16
Code injection
External browser Control
OS Vulnerabilities
Attacks on
the product itself (termination, damage,
modification, etc.)
Keyloggers
MiTM attacks
Phishing
Screenshotting
Fraud
Prevention
for
Endpoints
PROTECTION AGAINST OS VULNERABILITIES
17
Dedicated updatable
vulnerabilities database:
Operation System Only
Kernel Mode privileges escalation only
Protection: Base is checked upon the application
launch and user is informed if the
system is vulnerable
Scan code
Symbols
SECURE KEYBOARD: MAXIMUM SAFETY
18
Keyboard drivers
OS Drivers kbdclass.sys
BROWSER KASPERSKY FRAUD PREVENTION FOR ENDPOINTS
Main driver kliff.sys
Keyboard Classic Service Callback
Virtual Keyboard plugin
Protected
channel
Kaspersky keyboard driver
Sca
n c
od
e
Trojan-Banker.Win32.Fibbit
PROTECTION AGAINST TAKING SNAPSHOTS
19
Protect against all used screenshotting
techniques
It’s impossible to take a screenshot if current
window belongs to Safe (protected) browser
Screenshots
are not allowed
SELF-DEFENSE
20
Protect from modifying KFP for
Endpoints:
Windows registry keys
Files
Processes
Threads
One of best self-protection techniques according to independent tests:
http://www.matousec.com/projects/proactive-security-challenge-64/results.php
Website
Anti-phishing
List of trusted sites
Connection
Kaspersky
Security Network
SSL certificate database
in the cloud
Environment
Secure Browser
Secure Keyboard
Screenshot capture
protection
Vulnerability scan
Self-protection
TRUSTED BANKING
21
MITM ATTACKS: SSL CERTIFICATE VALIDATION
22
Internet Kaspersky
Security Network
Request for certificate
Fake certificate
Certificate from KSN
KFP for
endpoint
checks the
certificate
Phishing
web site
Website
Anti-phishing
List of trusted sites
Connection
Kaspersky
Security Network
SSL certificate database
in the cloud
Environment
Secure Browser
Secure Keyboard
Screenshot capture
protection
Vulnerability scan
Self-protection
TRUSTED BANKING
23
Kaspersky Security Network
Client
ANTI-PHISHING: HOW IT WORKS
26
Online base of
phishing sites
Digital certificate
verification
service
Request
Response
Offline
Data Base
Heuristics
results from
clients
Сrawlers
and robots
Content
Analysts
The most popular
KSN queries
Tens of feeds
Huge spam traps
A lot of clients’
samples
WHY USE FRAUD PREVENTION IF AN ANTIVIRUS SOLUTION IS ALREADY INSTALLED?
27
Not all users install good security software or
regularly update it
Traditional signature-based AV is vulnerable to
zero-day and targeted attacks (but modern AV
products are more than just blacklisting)
FRAUD PREVENTION is compatible with the
anti-malware solutions of other vendors
MOBILE CLIENT PROTECTION
IN DETAILS
SDK FUNCTIONALITY
30
KFP
SDK
Self Defense
Web & Network
Protection Secure
Connection
URL Web Filter
Web Anti Virus
URL
Reputation
DNS Checker
Certificate
Validation
Data Protection
Secure SMS
Banking
Secure
Storage
Safe Input Anti Virus
(ODS)
Anti Virus
(OAS)
Device Protection
SECURE MESSAGES IN SECURE STORAGE
31
Secured SMS Storage
Incoming SMS
from Bank
Kaspersky Safe Money SDK
User
SMS Secure
Interception
Malware #1
Malware #1 Standard Storage
SMS Malware Interception
SDK FUNCTIONALITY
32
KFP
SDK
Self Defense
Web & Network
Protection Secure
Connection
URL Web Filter
Web Anti Virus
URL
Reputation
DNS Checker
Certificate
Validation
Data Protection
Secure SMS
Banking
Secure
Storage
Safe Input
Risk Detection
Suspicious
Applications
Device
Fingerprint
Wi-Fi Safety
Analysis
Device
Configuration
Firmware
Verification
Root /
Jailbreak
Detection
Anti Virus
(ODS)
Anti Virus
(OAS)
Device Protection
KASPERSKY FRAUD PREVENTION
CLIENTLESS ENGINE
KASPERSKY FRAUD PREVENTION PLATFORM
35
BANK
Kaspersky Fraud
Prevention Console
Kaspersky
Fraud Prevention
Clientless Engine
Server side protection and
Management
USER Kaspersky Fraud Prevention
for endpoints
Kaspersky Fraud Prevention SDK Mobile SDK
User protection
Kaspersky Fraud Prevention
Education Services
Kaspersky Fraud Prevention
Management Services
Kaspersky Fraud Prevention
Professional Services
Kaspersky Fraud prevention
Intelligence Services
Services
Kaspersky Security Network —
Global Security Intelligence
CLIENTLESS ENGINE: WHERE THE DATA COMES FROM
36
DATA SOURCES
• Kaspersky Fraud Prevention for Endpoints
• Kaspersky Security Network
• Online banking customers
• Fraud Analyst from Bank
CLIENTLESS ENGINE
Multi-layered security approach
with Management Console.
Online banking customer
with Kaspersky Fraud
Prevention for Endpoints
Malware Detection Service
Rule Engine
Behavior Analysis
VALUABLE DATA FOR ANTI-FRAUD ENGINES
Kaspersky Fraud Prevention can provide additional data for anti-fraud systems:
Presence of applications for remote access (RDP, VNC, etc.)
Usage of physical mouse or keyboard while sending the transaction
Attempts to modify banking application
Presence of vulnerable software
Kaspersky Fraud Prevention
for endpoints
Kaspersky Fraud Prevention SDK
Mobile SDK Anti-Fraud System
PROTECTION AGANST ONLINE-BANKING ATTACKS
39
Web page modification
(web-injects) Social Engineering
+ Phishing Site
Keylogging /
Screenshoting /
Modifying DNS Phase #1 Credentials Stealing
(optional)
Phase #2 Making Fraud
Transaction
With Malware Without Malware
Attacker’s PC
Using stolen credentials
(incl. OTPs)
User’s infected PC
Remotely
(Sending
POST request)
Kaspersky
Fraud
Prevention
for Endpoints
Kaspersky
Clientless
Engine Social Eng. +
Web-Injects
(Spyeye
Chiptan case)
Manually (via
RDP session)
KASPERSKY FRAUD PREVENTION: MATURE
TECHNOLOGY WITH MILLIONS OF USERS WORLDWIDE
46
Leading bank in
Ecuador,
750,000 online
users covered
KFP technology was introduced by Kaspersky Lab in 2011
Now used by 30M endpoint users of Kaspersky Lab products
MAJOR BENEFITS FOR BANKS
47
Minimizes the number of security incidents due to targeted
attacks against online banking users
Minimizes financial risks
Increases customer loyalty and awareness of threats
Provides competitive advantage
Motivates customers to use remote banking on different
platforms: Windows, Mac OS X, Android, iOS
Improves compliance with legal regulations
Additional communication with clients
TECHNICAL BENEFITS FOR BANKS
48
Provides multi-layered security for any kind of online
transactions on PC, MAC, iOS and Android
Dynamic and real-time: cloud updates keep you ahead of the
threats
One of the lowest level of false positives in the industry
proven by independent tests
Global vision and deep insight of security incidents through
intelligent reporting
Kaspersky Intelligence skills and knowledge is transferred to
your security experts through training and consulting
Compatibility with anti virus software
Cloud
CHTĚJTE VÍCE
51
Požadujte ve Vaší bance vyšší stupeň zabezpečení
DĚKUJI ZA POZORNOST
52
Petr Zahálka
Avnet s.r.o.
Petr.zahalka@avnet.com
602 354 836