Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine
-
Upload
cis-bankers -
Category
Economy & Finance
-
view
131 -
download
0
Transcript of Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine
![Page 1: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/1.jpg)
BanksvFinTech….WhatAboutCyberSecurity?
RomanSologubGeneralManagerISSPUkraine
UkrainianBankingForum2016
![Page 2: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/2.jpg)
ISSP Information Systems Security Partners
![Page 3: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/3.jpg)
ISSP Information Systems Security Partners
![Page 4: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/4.jpg)
ISSP Information Systems Security Partners
§ Data for sale§ Attack as a service§ Botnet services§ Malware / Trojans§ Bank Accounts § Payment cards§ Documents
2,1 Trillion in 2019
![Page 5: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/5.jpg)
ISSP Information Systems Security Partners
![Page 6: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/6.jpg)
ISSP Information Systems Security Partners
![Page 7: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/7.jpg)
ISSP Information Systems Security Partners
![Page 8: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/8.jpg)
ISSP Information Systems Security Partners
![Page 9: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/9.jpg)
ISSP Information Systems Security Partners
NotjustIT–OT,IOT,Physical
AssumeCompromise
Detect&RespondFaster
IncreasedRegulation
![Page 10: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/10.jpg)
ISSP Information Systems Security Partners
IT
Internal(Whitebox)
External (Blackbox)
AdvancedPersistentThreat
E-banking
AccountsHijacking
Sessionshijacking
Phishing
ATM/POS
DirectDispense
Malware
Skimming
Card
CardDump
Cardnotpresent
Offlineoverdrafts
SocialEngineering
Vishing
SocialNetworks
Phishing
Bankingattackvectors
![Page 11: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/11.jpg)
ISSP Information Systems Security Partners
Morning NoonCloseofBusiness
Compromisedaccounts
ProxyBank1
ProxyBank2 Depositcards/moneywithdrawal
Start DDOS/HostSystemshutdown End
![Page 12: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/12.jpg)
ISSP Information Systems Security Partners
![Page 13: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/13.jpg)
ISSP Information Systems Security Partners
Recentattack:ATMDirectDispense
Ukraine09/2015– 04/2016
30+cases10bankswasaffected
![Page 14: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/14.jpg)
ISSP Information Systems Security Partners
>AdvancedPersistentThreat
asetofstealthyandcontinuouscomputerhackingprocesses,oftenorchestratedbyhumantargetingaspecificentity.
![Page 15: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/15.jpg)
ISSP Information Systems Security Partners
![Page 16: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/16.jpg)
ISSP Information Systems Security Partners
1.Preparation:socialnetworks, internet,deepweb,documents,metadata
2.Intrusion:Massmail,targetedmail,candydrop,socialengineering
ActiveBreach:Keyloggers, cryptolockers,passwordcrackers,backdoors,etc…
CyberKillChain
![Page 17: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/17.jpg)
ISSP Information Systems Security Partners
![Page 18: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/18.jpg)
ISSP Information Systems Security Partners
10min
5min
14min
6monthfromintrusiontoblackout
8 min
![Page 19: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/19.jpg)
ISSP Information Systems Security Partners
Hackers Spend 200+ Days Inside Before Discovery
![Page 20: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/20.jpg)
ISSP Information Systems Security Partners
#14/07/20161000+emailswerereleasedtovariousorganizationsinUkraine
![Page 21: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/21.jpg)
ISSP Information Systems Security Partners
MSWordhasembeddedmacroPayloaddeliverylinkswereextracted:
HTTP62.210.102.80elfaroconsultants.comelfaroconsultants.com/elfaroconsultants.com//r_uploadelfaroconsultants.com//wp-admin/post.phpelfaroconsultants.com/bug/pic.gif?siteidelfaroconsultants.com/din.aspx?s=0000000elfaroconsultants.com/p?c1=2&c2=13765216elfaroconsultants.com/pagestat/PageStatEelfaroconsultants.com/safari/content.binelfaroconsultants.com/t51.2885-15/e35/p2elfaroconsultants.com/tracker?js=13;id=1elfaroconsultants.com/wpad.datwtfismyip.com:443shougunj.com:8069.30.217.90:44352.23.245.170:80
![Page 22: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/22.jpg)
ISSP Information Systems Security Partners
ActionsonObjectives
Command&ControlInstallationExploitationDeliveryWeaponizeRecon
1000emailaddresseswithpersonaldata
Socialengineering+
Compositemacro-codeobfuscation-sandboxevasion
Predictions
Payloadwasdownloaded14/07/16
1. Exploitationstage- October2. Finalstageperformance– Spring `17
![Page 23: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/23.jpg)
ISSP Information Systems Security Partners
Securityisanegativegoal…
Itisaprocess
![Page 24: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/24.jpg)
ISSP Information Systems Security Partners
ISSP - Information Systems Security Partners -
is a Group of Companies, specialized in cybersecurity, managedsecurity services, state of the art professional training, and cuttingedge research in the area of information systems security.
![Page 25: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/25.jpg)
ISSP Information Systems Security Partners
VendorsandPartners: SecurityOperationCenters(SOC):USA,Israel,EU,Japan Kyiv(+Lab),Vilnius.
Offices: TrainingCenters:Kyiv,Tbilisi,Bratislava,Almaty Kyiv,Tbilisi
ISSP – specialized integrator and managedsecurity services provider.
ISSP Service – provides around the clocksupport and professional services.
ISSP Training Center – conductsprofessional trainings, including but notlimited to certified product-based trainingsand professional certificationprograms.
ISSP Lab & Research Center – specializeson analysis of cyber threats, challengingtasks of computer forensics.
ISSPbusinessprofile
![Page 26: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/26.jpg)
ISSP Information Systems Security Partners
NotjustIT–OT,IOT,Physical
AssumeCompromise
Detect&RespondFaster
IncreasedRegulation
AUDIT
IOC`sDiscoveryDataAuditApplicationSecurityOSINT
SOC
IncidentDetectionIncidentResponse
RemediationForensics
ATMSecurityCounter-FRAUDSCADASecurityAccessandBehavior
ComplianceasaService
ComplianceAuditConsulting
![Page 27: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/27.jpg)
ISSP Information Systems Security Partners
CYBERSECURITY IS ENABLING
– not Defeating –
BUSINESS INNOVATIONS
![Page 28: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine](https://reader031.fdocuments.us/reader031/viewer/2022030316/587386351a28ab272d8b5d3d/html5/thumbnails/28.jpg)
www.isspgroup.com