Cybercrime Threat Landscape: Cyber Criminals Never Sleep
-
date post
14-Sep-2014 -
Category
Business
-
view
1.183 -
download
3
description
Transcript of Cybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
Etay MaorSenior Fraud Prevention Strategist
© IBM Trusteer, 2014
Security Silos FAIL!
© IBM Trusteer, 2014 3
Holistic Approach for Cybercrime
WWW
Phishing and Malware Fraud
Advanced Threats (Employees)
Online/Mobile Banking
Money, Intellectual Property, Business Data
Account Takeover, New Account Fraud
Mobile Fraud Risk
Phishing
4
© IBM Trusteer, 2014 5
New C&Cs for Phishing
© IBM Trusteer, 2014 6
Targeting Security Solutions:
External and Perimeter Anti virus Sandbox VMs
Login Credential protection and encryption OTP SMS Device ID
Internal Behavior anomaly detection Clickstream analysis
© IBM Trusteer, 2014 7
Malware Protection
Malware Protection - Outsource
© IBM Trusteer, 2014
Device Forging
© IBM Trusteer, 2014
Bypassing Device ID
Notification
LoginInjection
© IBM Trusteer, 2014
Bypassing Device ID
RDP
Transaction
© IBM Trusteer, 2014 12
Behavior and Device ID Tricks
The data source: Large European bank 3 weeks worth of data 1.5M accounts reviewed 10M login attempts
Fraudsters know behavioral profiling is in action Fraud does not happen on the first login
30% of the users come from a mobile device Confirmed fraud coming from the mobile channel. WHY?
New Mobile Threats
13
© IBM Trusteer, 2014
How Times Have Changed…
© IBM Trusteer, 2014
Overlay Mobile Attack
© IBM Trusteer, 2014
Overlay Mobile Attack
© IBM Trusteer, 2014
Mobile Ransomware
Cybercrime Services
18
© IBM Trusteer, 2014 19
© IBM Trusteer, 2014
A Page From a CT Book – Sounds Familiar?
© IBM Trusteer, 2014
Building a Solution
Advanced Fraud
Prevention
Real Time Intelligence• Integrated: fully
integrated to leverage threat data across channels
• Global: identify threats any time, anywhere for all channels
Seamless Experience• Transparent: minimize
“action items” to user• Automated: minimize
“action items” to staff
Accurate Analysis• Focused: root cause• Impactful: prevent,
detect, mitigate and remediate
Adaptive Controls• Intelligent: build with
the “unknowns” • Dynamic: rapidly
updatable software
© IBM Trusteer, 2014
And Always Remember – Security is in YOUR Hands
© IBM Trusteer, 2014 23
And Always Remember – Security is in YOUR Hands
© IBM Trusteer, 2014 24
And Always Remember – Security is in YOUR Hands
Thank You