The Dark Web & Your Bank: Impact, Risks, Strategy · Independent Bankers of Colorado Florida...

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP

The Dark Web & Your Bank: Impact, Risks, Strategy

Randy RomesCISSP, CRISC, MCP, PCI-QSAPrincipal – Information Security [email protected]

August 2019

WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTINGInvestment advisory services are offered through CliftonLarsonAllenWealth Advisors, LLC, an SEC-registered investment advisor

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP

Create Opportunities | We promise to know you and help you.

DisclaimerThis presentation is designed to provide accurate and authoritativeinformation in regard to the subject matter covered. The handouts, visuals,and verbal information provided are current as of the webinardate. However, due to an evolving regulatory environment, FinancialEducation & Development, Inc. does not guarantee that this is the most-current information on this subject after that time.

Webinar content is provided with the understanding that the publisher is notrendering legal, accounting, or other professional services. Before relying onthe material in any important matter, users should carefully evaluate itsaccuracy, currency, completeness, and relevance for their purposes, andshould obtain any appropriate professional advice. The content does notnecessarily reflect the views of the publisher or indicate a commitment to aparticular course of action. Links to other websites are inserted forconvenience and do not constitute endorsement of material at those sites,or any associated organization, product, or service.

2

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


SponsorsArkansas Community Bankers

California Community Banking Network

Independent Bankers of Colorado

Florida Bankers Association

Community Bankers Association of Georgia

Community Banker Association of Illinois

Indiana Bankers Association

Community Bankers of Iowa

Community Bankers Association of Kansas

Maine Bankers Association

Community Bankers of Michigan

Independent Community Bankers of Minnesota

Missouri Independent Bankers Association

Montana Independent Bankers Association

Nebraska Independent Community Bankers

Independent Comm. Bankers Assoc. of New Mexico

Independent Bankers Assoc. of New York State

Independent Community Banks of North Dakota

Community Bankers Association of Ohio

Community Bankers Association of Oklahoma

Pennsylvania Association of Comm. Bankers

Independent Banks of South Carolina

Independent Comm. Bankers of South Dakota

Tennessee Bankers Association

Independent Bankers Association of Texas

Vermont Bankers Association

Virginia Association of Community Banks

Community Bankers of Washington

Community Bankers of West Virginia

Wisconsin Bankers Association

Directed by

The Community Bankers Webinar Network

3

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


Today’s PresenterRandy RomesCISSP, CRISC, MCP, PCI-QSACliftonLarsonAllen LLP

• “Professional Student”

• Science Teacher / Self-Taught Computer Guy

• IT Consultant – Project Manager – IT Staff/Help Desk – Hacker

• Assistant Scout Master (Boy Scouts)

4

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


Raise Your Hand If…

5

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


Everything Can Talk to Everything….

• Security cameras

• HVAC systems

• Door sensors and proximity readers

• “Chrome wants to remember your location…”

• “Hey Alexa, what’s my balance?”

➢ “Presence”

6

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP

WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING

Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor

The Current State of Cybercrime

Sun Tzu:“Know your enemy and know yourself and you can fight a hundred battles without disaster”

7

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


What Threats Do Financial Institutions Face from the Dark Web

• Financial institutions face a wide variety of threats posed by the Dark Web

– Credit Card Fraud

– Corporate Theft

– Emerging Malware

– Fraud Techniques

– Threats can also be internal◊ Employee selling confidential information

8

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


Current State of Cybercrime

• Hackers have monetized their activity

– Theft of personally identifiable information (PII)

– Payment fraud

– Ransomware

• Most attacks are carried out by organized crime

9

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


Organized Crime

• Hacking is run like a business where people specialize in different areas

– Writing malware

– Renting botnets

– Stealing data

– Selling data (collect data from various sources/BIG DATA)

– Etc.

• Most attacks are completely automated

10

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


Theft of PII

• Every organization stores information about their employees in electronic format– Payroll/tax/W2

◊ Name, address, SSN, etc.

– Email address

• Every institution has their accountholders’ PFI

• Some institutions store other sensitive data– Credit card information

– Health information

11

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


Theft of PII

• All this information has value– Submit fraudulent tax returns

– Submit fraudulent insurance claims

– Set up fraudulent identities for credit

– Purchase items with stolen credit card information

– Use emails for phishing campaigns

• Attackers buy and sell data on cyber black market– Similar to amazon.com for stolen information

12

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


The Open Web

• The open web is anything that can be indexed by a search engine (Google, Bing, Yahoo etc.)

– Easily accessible

– Under constant surveillance and monitoring

– Open web contains around 10% of the internet

13

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


The Deep Web

• The Deep Web is the internet that is hidden from view

– Any content that cannot be linked in a search engine

– Estimated to be 500x larger than open internet

– Examples:

◊ Private intranets

◊ VPNs

◊ Also contains “Dark Web”

14

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


The Dark Web• The Dark Web is a portion of the Deep Web, that

cannot be accessed via a standard internet browser

• The Dark Web is essentially a private network on the Deep Web

• The Dark Web uses onion routing to anonymize users (TOR)

15

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


What Is TOR? (Onion Routing)

• The Onion Router (TOR) is a free and open source software/ protocol that enables anonymous communication

• Traffic through the TOR network is anonymized by relaying traffic through a free volunteer supported relay network

• Dark Web websites are similar to any other website, however instead of the websites ending with a .com or .net, Dark Web sites end with a .onion

• TOR makes it difficult to trace users internet activity:

– Visiting websites

– Online posts

– Messaging

– File transfers

16

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


What Is TOR? (Onion Routing)•TOR adds additional layers of encryption as data

is routed through the relay network, making network surveillance extremely difficult.

17

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


What Can Be Found on the Dark Web?

• Since the creation of cryptocurrency's (Bitcoin), the Dark Web has flourished with illicit marketplaces and forums

• A large variety of illicit products can be anonymously purchased on the Dark Web

– Bank Account Logins

– Credit Card Info

– Forged Documents

– Malware (Banking Trojans, Remote Administrator Tools)

• Dark Web ecommerce sites are similar to traditional sites like eBay or Amazon, such as ratings, reviews, shopping carts, forums, and customer service

18

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


Payment Methods on the Dark Web

• Cryptocurrencies are the most popular form of payment on the Dark Web

• Cryptocurrencies pseudo-anonymize, which criminals find ideal for conducting financial cyber crimes

• The most common form of cryptocurrency used on the Dark Web is Bitcoin

• In recent years, there has been a push to use more privacy focused cryptocurrencies on the Dark Web, such as Monero

19

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


Dark Web Marketplace

Fraud technique for sale on Dark Web marketplace

20

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


Backend Payment Systems Carbanak – Biggest Bank Heist EVER

• $1B over 2 years

• Average $10M per bank

• 2 to 4 months per bank

• Methods: Online Banking, Swift, ATMs

• Attackers primarily in Russia, Ukraine, China

• Banks primarily Russia, Europe, United States

http://krebsonsecurity.com/2016/07/carbanak-gang-tied-to-russian-security-firm/

21

http://krebsonsecurity.com/2016/07/carbanak-gang-tied-to-russian-security-firm/

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


Backend Payment Systems Carbanak – Biggest Bank Heist EVER

22

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


Dark Web Marketplace

“Vendor” selling bank account logins

23

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


Dark Web Forum

Example of bank logins being openly advertised and sold on a Dark Web forum

24

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


Payment Fraud – Account Take Overs

• When is the last time you wrote a check???

• Electronic payments are the norm…– Wire transfers and ACH payments

– Online banking

– ”Send money”

➢Corporate Account Take Over CATO– Compromise accounts/credentials that

can move money

➢Persuasion Attacks– Convince others to send money

25

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


https://krebsonsecurity.com/tag/bec/

Persuasion Attacks (More Recently)

CEO asks the accountant…

Common mistakes

1. Use of private email

2. “Don’t tell anyone”

26

https://krebsonsecurity.com/tag/bec/

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


Credit Card Breaches in the News (Weeks Ago…)

“…The PoS malware was designed to collect information stored on the magnetic stripe of payment cards, including cardholder's name, payment card number, card verification code, and expiration date.

However, the company pointed out that the investigation found no evidence suggesting that hackers made off with additional information belonging to the affected cardholders, and that "not all guests who visited the listed restaurants" are affected by the breach….”

29

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP

WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING

Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor

Strategies and Action Items

The Boy Scout Motto:

“Be Prepared”

30

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


Protecting Financial Institutions from Dark Web Threats• Because the Dark Web provides the ability to keep

users anonymous, the number of criminals who use TOR for financial fraud is only increasing

• Financial institutions need to be on the forefront when it comes to threats originating from the Dark Web

• Its important for financial institutions to understand the threat the Dark Web poses

• Actions should be taken to monitor and prevent threats before they occur

31

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


Strategies

Our information security strategy should have the following objectives:

➢Users who are aware and savvy

➢ Systems that are hardened and resistant to malware and attacks

➢Resilience capabilities: monitoring, incident response, testing, and validation

32

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


Protecting Financial Institutions from Dark Web Threats• Implement robust systems to ensure that all

technology, people, processes are up to date

• Enforce two-factor authentication where possible

• Patching systems and software regularly

• Raise employee awareness about emerging Dark Web threats

• The rewards for a successful attacker can be significant, and catastrophic for the organization. It’s important to include effective monitoring of the Deep and Dark Web.

33

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


Policies & Standards

➢ People, rules, and tools

– What do we expect to occur?

– How do we conduct business?

➢ Standards-based operations from a governance or compliance framework:

– GLBA/FFIEC, NCUA 748 A&B, etc.

– PCI – DSS

– CIS Critical Controls, NIST, ISO

People Rules

`

Tools

34

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


Disciplined Exception Control, Vulnerability Management & Monitoring

• Monitoring (“built in”)– Key system configurations

– System and application logs

– Accounts

– Critical data systems/files

– Data activity and flow

• Scanning (independent)– Patch Tuesday and vulnerability scanning

– Rogue devices

35

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP


Know Your NetworkKnow What “Normal” Looks Like

•Infrastructure

•Servers and Applications

•Data Flows

•Archiving vs. Reviewing

•System Inventory

•Application Inventory

•Data Inventory

36

©2

01

9 C

lifto

nLa

rso

nA

llen

LLP

CLAconnect.com

Thank you!

Randy RomesCISSP, CRISC, CISA, MCP, PCI-QSAManaging Principal – Cybersecurity TeamDirect: [email protected]

The Dark Web & Your Bank: Impact, Risks, Strategy · Independent Bankers of Colorado Florida...

Documents

Transcript of The Dark Web & Your Bank: Impact, Risks, Strategy · Independent Bankers of Colorado Florida...