DDoS Attacks Against Global Markets DDoS Cyber-Attack Prolexic PPT PDF
The web seminar has not yet started - ACAMSfiles.acams.org/webcasts/20131121/2013-11-21 -...
Transcript of The web seminar has not yet started - ACAMSfiles.acams.org/webcasts/20131121/2013-11-21 -...
Cyber Fraud: The New Financial Crime Wave
www2.acams.org/webinars
The web seminar has not yet started:
A sound check will be performed 5 minutes before the start time.
COPYRIGHT NOTICE – USE OF WEBEX LOGIN/PASSWORD FOR ACAMS WEB SEMINARS Each site license entitles registrant to one login: one phone connection (if accessing audio via teleconference) and one Internet connection for simultaneous Webcast, in one room where an unlimited number of listeners may participate. Providing your login instructions and password to another for their use, using your login ID/password more than once, or any simultaneous or delayed transmission, broadcast, re-transmission or re-broadcast of this event to additional sites/rooms by any means (including but not limited to the use of telephone conferencing services or a conference bridge, whether external or owned by the registrant) or recording is a violation of U.S. copyright law and is strictly prohibited
Cyber Fraud: The New Financial Crime Wave
• Can you hear the sound check?
• It has begun
www2.acams.org/webinars
Cyber Fraud: The New Financial Crime Wave
www2.acams.org/webinars
Cyber Fraud: The New Financial Crime Wave
www2.acams.org/webinars
Q & A
To send a question:
Locate the Q & A box on the bottom right hand corner of the WebEx platform.
Type in your question and click send!
Cyber Fraud: The New Financial Crime Wave
Welcome to the ACAMS Web Seminar
(Case study) Cyber Fraud: The New Financial Crime Wave
November 21, 2013
12:00 Noon– 1:00 pm ET
The web seminar has not yet started.
www2.acams.org/webinars
Cyber Fraud: The New Financial Crime Wave
Welcome to the ACAMS Web Seminar
(Case study) Cyber Fraud: The New Financial Crime Wave
November 21, 2013
12:00 Noon– 1:00 pm ET
www2.acams.org/webinars
Cyber Fraud: The New Financial Crime Wave
www2.acams.org/webinars
Sean Lonergan – RBC Royal Bank Mgr. Fraud Strategies & Initiatives
Brendan Brothers - Verafin Co-Founder & Dir. Product Marketing
Cyber Fraud: The New Financial Crime Wave
Co-founded Verafin (BSA/AML Compliance & Fraud Detection software company) in 2003
Computer Engineer with background in analytics
Anti-financial crime subject matter expert with comprehensive technical expertise
Frequent speaker at industry conferences
Principal presenter for Verafin’s thought leadership webinar series
Verafin has more then 1100 financial institution customers across North America
BRENDAN BROTHERS Co-Founder Verafin
www2.acams.org/webinars
Cyber Fraud: The New Financial Crime Wave
Manager, Fraud Strategies and Initiatives at RBC
Responsible for Online, Mobile and Telephone banking strategies
14 years with RBC – prior to current role spent 10 years in IT developing Fraud systems
RBC is Canada’s largest bank and 11th largest bank globally based on market capitalization
Operations in 46 countries
More than 15 million clients worldwide
SEAN LONERGAN Manager, Fraud Strategies and Initiatives RBC Royal Bank
www2.acams.org/webinars
Cyber Fraud: The New Financial Crime Wave
Cyber Fraud: The New Financial Crime Wave
The Perfect Storm…
3 ominous trends have culminated in…
Cyber Fraud: The New Financial Crime Wave
Data Breaches
Cyber Fraud: The New Financial Crime Wave
Data Breaches
Computer Malware
Cyber Fraud: The New Financial Crime Wave
Organized Cybercriminals
Data Breaches
Computer Malware
Cyber Fraud: The New Financial Crime Wave
Trend 1
Data Breaches
Cyber Fraud: The New Financial Crime Wave
2013
Data Breaches (only breaches with more than 30k records shown)
# of breaches have INCREASED over time 2004
Cyber Fraud: The New Financial Crime Wave
Data Breaches
Source: Open Security Foundation
1,611 data breaches in 2012
48% increase over 2011
134 breaches in average month
Cyber Fraud: The New Financial Crime Wave
It’s no longer a possibility that you’ll be attacked, it’s become a probability and darn near a certainty.
Data Breaches
“ “
Source: CEO of Identity Theft 911
Cyber Fraud: The New Financial Crime Wave
The type of PII (personally identifiable information) secured during these breaches lend themselves to committing particular types of fraud...
Data Breaches
…breaches beget fraud.
Source: Javelin Strategy & Research, Data Breaches Becoming a Treasure Trove for Fraudsters
“ “
Cyber Fraud: The New Financial Crime Wave
more than half of all fraud victims are data breach victims
Data Breaches
criminals are relying more often on data from breaches to commit fraud
Source: Javelin Strategy and Research
Cyber Fraud: The New Financial Crime Wave
Trend 2
Computer Malware
Cyber Fraud: The New Financial Crime Wave
As of 2012
Computer Malware more than 128 million samples of malware in McAfee Labs malware “zoo”
Cyber Fraud: The New Financial Crime Wave
Computer Malware
Malware shows no sign of changing its steady growth, which has risen steeply during the last two quarters.
“ “
Source: McAfee Threats Report, Q1 2013
Cyber Fraud: The New Financial Crime Wave
Computer Malware
Account takeovers are most often achieved through the use of malicious software that can exploit just one entry point into a network to start the theft
“
“
Source: Federal Reserve Bank of Atlanta
Cyber Fraud: The New Financial Crime Wave
Trend 3
Organized Cybercriminals
Cyber Fraud: The New Financial Crime Wave
Because of the Internet…there’s a radical distribution of labor and a
radically fast ability to recruit skills
Organized Cybercriminals
Cyber Fraud: The New Financial Crime Wave
Ten Specializations
Coders or Programmers
Distributors or Vendors
Techies
Hackers
Fraudsters
Hosters
Cashers
Money Mules
Tellers
Leaders
Cyber Fraud: The New Financial Crime Wave
Cyber Schools
comprehensive course curriculum
advertised in the underground
carried out via Skype videoconferencing to promote interactivity
“professors” participate in Q&A sessions with students
offer ‘job placement’ for graduates with experienced criminals
vouch for star students to help them join underground communities they would otherwise not be able to access
Cyber Fraud: The New Financial Crime Wave
Sample Course Offerings Beginners’ Cybercrime - basics of online financial fraud
School of Carding (subject with highest demand) – basic and advanced curriculum
Payment Card Fraud (one course per payment card type) - different ways to use payment cards in fraud scenarios
Anonymity and Security (theory and practical section) - how to erase digital “fingerprints”
Becoming a Mule Herder – how to open a mule recruitment “business”
Special One-on-One Tutorials and Consultations - problem solving sessions
Cyber Fraud: The New Financial Crime Wave
ACH Credit/Wire Fraud
ACH Debit Fraud
ATM Cash-Out
Database Breach
Malware
Distributed Denial of Service (DDoS)
Source: FDIC, June 2013
Cyber Fraud Threats
Cyber Fraud: The New Financial Crime Wave
DDoS Attacks
Cybercriminals can use DDoS attacks to disguise account takeover attacks.
$900,000 was wired out of the bank accounts of a California construction company in a DDoS attack that occurred over the 2012 Christmas holidays.
The DDoS attack disabled the bank’s website while money was transferred to 62 money mules.
The company could not access its account information through their bank and become aware of the activity.
Cyber Fraud: The New Financial Crime Wave
A few real-life examples…
…of a rapidly growing number of cyber fraud cases
Cyber Fraud: The New Financial Crime Wave
first example…
Cyber Fraud: The New Financial Crime Wave
An Internet fraud ring comprised of at least 7 individuals worked together across 3 continents in an effort to steal millions of dollars…
…they used a number of interconnected crimes to execute their meticulously organized game plan
Cyber Fraud: The New Financial Crime Wave
they used phishing attacks and bogus websites to trick unwitting consumers into giving up their online usernames and passwords
Cyber Fraud: The New Financial Crime Wave
“D”
“B”
“G”
“C” “A”
“F” “E”
Cyber Fraud: The New Financial Crime Wave
“A”, “E” and “G” were provided with stolen identifiers by “B” “B” received the stolen identifiers from “C” “C” worked with “F” and others to deploy phishing websites across the Internet
“A”, “B”, “E”, and “G”, and others used the stolen identifiers to make unauthorized withdrawals from victims’ accounts
Cyber Fraud: The New Financial Crime Wave
Some of the stolen identifiers were used to create fake driver’s licenses, with which conspirators could impersonate victims at bank branches
Cyber Fraud: The New Financial Crime Wave
the scheme also used the stolen identifiers to gain access to the victims’ online accounts, where “A”, “B”, and “G” could view victim signatures on check images and then forge checks and withdrawal slips to make fraudulent withdrawals
Cyber Fraud: The New Financial Crime Wave
“C” and others added fake employees to victim companies’ payrolls and then caused paychecks to be issued to those fake employees
In a second variation of the scheme…
…”C” used stolen identifiers to gain access to payroll accounts at “XYZ” (payroll processor)
Cyber Fraud: The New Financial Crime Wave
“B”, “C”, “G”, and others then withdrew the fraudulent payroll amounts using both stolen identifiers and unwitting intermediaries (“mules”)
Cyber Fraud: The New Financial Crime Wave
As part of the scheme, more than $300,000 in fraudulent payroll was wired to “D” who impersonated a European woman interested in romantic relationships to dupe mules into wiring the proceeds of the scheme overseas
Cyber Fraud: The New Financial Crime Wave
this organized fraud ring attempted to obtain $3.5 million in fraudulent withdrawals…
Cyber Fraud: The New Financial Crime Wave
“Bank 1”, “Bank 2”, “Payroll Processor 3” and “Bank & Trust Co. 4” together lost $1.5 million to the fraud ring
Cyber Fraud: The New Financial Crime Wave
27 criminal charges
Cyber Fraud: The New Financial Crime Wave
“E” is in custody on unrelated federal charges in Georgia
“B” and “G” have both pleaded guilty and are awaiting sentencing
“D” is detained in Nigeria pending extradition
“C” and “F” are at large
“A” was convicted
Cyber Fraud: The New Financial Crime Wave
some more examples…
Cyber Fraud: The New Financial Crime Wave
ACH Fraud Is Payroll’s Newest Headache
Online banking through the Automated Clearing House network has generated a new cyber crime - ACH fraud
Payroll which makes abundant use of the ACH network for direct deposits and transactions is particularly vulnerable to ACH fraud
According to the FBI - this fraud is growing - new victims and cases opened every week
Source: Payroll Management
Cyber Fraud: The New Financial Crime Wave
Eskola $130,000
Patco Construction $588,000
Sign Designs $99,000
Lifestyle Forms & Displays $1,200,000
Village View Escrow $465,000
Family Smile Zone $205,000
Genlabs $437,000
Ferma Corp $447,000
DKG Enterprises $100,000
Golden State Bridge $125,000
McFadden Law $250,000
Just a few of the many faces of Corporate Account Takeover
Cyber Fraud: The New Financial Crime Wave
New types of cyber fraud, such as commercial account takeover fraud, may result in losses that can exceed the required capital of the financial institution.
“
“
Source: FDIC Supervisory Insights, Summer 2013
Cyber Fraud: The New Financial Crime Wave
Source: Financial Times
In most past cases of high-frequency transfers to new places, “if banks had taken what we would consider a cursory look at transactions, they would have seen that the money going out the door was completely anomalous”. (Jeffrey Kopchik, FDIC)
FDIC and Federal Reserve have told lenders to stop relying on tokens, passwords and cookies - and instead embrace layered security including software that flags unusual behaviour – e.g. multiple transfers within minutes to new recipients.
Cyber Fraud: The New Financial Crime Wave
one last example…
Cyber Fraud: The New Financial Crime Wave
“Cashout” (a.k.a. “PIN cashing” or “Carding”)
Cyber Fraud: The New Financial Crime Wave
US Attorney Loretta E. Lynch
Cybercrime Organization Indicted in $45 Million Cybercrime Campaign
In the place of guns and masks, this cybercrime organization used laptops and the Internet
“ “
Cyber Fraud: The New Financial Crime Wave
Cyber Fraud Campaign
Used sophisticated intrusion techniques
Hacked into systems of global financial institutions
Stole prepaid debit card data
Eliminated withdrawal limits
Disseminated stolen card data worldwide
Casher cells made fraudulent ATM withdrawals across globe
8 defendants & co-conspirators targeted New York City
NY cell withdrew $2.8 million in less than 24 hours
Cyber Fraud: The New Financial Crime Wave
Route of One New York Cell Member (5 ½ hours)
Cyber Fraud: The New Financial Crime Wave
Cyber Fraud: The New Financial Crime Wave
Cyber Fraud: The New Financial Crime Wave
Cyber Fraud: The New Financial Crime Wave
Cyber Fraud: The New Financial Crime Wave
Cyber Fraud: The New Financial Crime Wave
Images seized from a NY cell member’s iPhone…
Cyber Fraud: The New Financial Crime Wave
Cyber Fraud: The New Financial Crime Wave
hacking “operation” eliminates withdrawal limits - cybercrime organization can access virtually “unlimited” criminal proceeds
2 “Unlimited Operations” (cyber underworld lingo)
Cyber Fraud: The New Financial Crime Wave
“Unlimited Operation 2” 36,000 transactions worldwide
casher cells in 24 countries
$40 million ATM withdrawals
10 hours
New York City - $2.4 million - nearly 3,000 ATM withdrawals
“Unlimited Operation 1” (dress rehearsal?)
4,500 transactions
casher cells in 20 countries
$5 million ATM withdrawals
New York City - 750 transactions - $400,000 - 140 ATM locations (2 hours 25 minutes)
Cyber Fraud: The New Financial Crime Wave
Protecting A Financial Institution Against Cyber Fraud
Cyber Fraud: The New Financial Crime Wave
Fraudsters have multiple access points to rob a bank account
Cyber Fraud: The New Financial Crime Wave
Deploy layered fraud prevention… in particular, fraud prevention systems that provide user or account behavioral profiling and entity link analysis are useful in these cases.
Source: Gartner
”
“
Cyber Fraud: The New Financial Crime Wave
Verafin / RBC Cyber Fraud Webinar
RBC Fraud Management
November 2013
Cyber Fraud: The New Financial Crime Wave
The Fraud Management team is part of the Banking Operations department and serves
both RBC domestically in Canada and the enterprise as a whole.
The Fraud Management team is structured as follows:
National Office: Responsible for supporting our business partners, leading initiatives and
developing strategy.
Analytics: Responsible for advanced analytics including rule development and modelling.
Centres: 2 fraud centres, 1 in Montreal responsible for Credit Card and Credit Products and 1 in
Toronto responsible for Deposits, Cheques, Debit Card, Telephone, Online and Mobile banking.
Investigations: Responsible for investigations including intelligence gathering, asset recovery and
working with law enforcement.
Fraud Management within RBC
Cyber Fraud: The New Financial Crime Wave
Detection Prevention
Post Fraud
“Root Cause”
Analysis
Intelligence Investigation
Prosecution
Asset Recovery Customer Satisfaction
Fraud Value Chain
Cyber Fraud: The New Financial Crime Wave
Recent Trends and Risks in Online Fraud
Cyber Fraud: The New Financial Crime Wave
Spear Phishing: Targeted e-mails sent in an attempt to compromise Online banking
credentials, client information and/or distribute malware.
Malware Attacks (Man-in-the-Browser, Man-in-the-Mobile): Malicious Software that when
installed on a computer has the capability to key log (capture key strokes) and/or
highjack or manipulate a client session.
Fraud as a Service (FaaS): Underground networks offering their services to sell
compromised credentials or launch fraud campaigns on behalf of a 3rd party.
Corporate Account Takeovers (ACH and Wires) Risk: An increased focus on Corporate
account takeovers (using techniques described above) to launch low volume, high dollar
attacks.
Online and Mobile Fraud Trends
Cyber Fraud: The New Financial Crime Wave
Corporate Liability Shift: Recent court cases in the US have set precedent that banks
can be held liable in fraud cases where insufficient controls are in place.
Hactivism, Nation-state and/or Industrial Espionage/Sabotage: Cyber attacks against
corporations, nation-states or other groups (e.g. al-Qassam and the recent DDoS attacks
against US Financial Institutions) with the intent to steal IP from or disrupt these
organizations.
Ransomware: Malware that restricts access to a computer or files on that computer until
a ransom is paid to the creator of the malware. Once the ransom is paid a key to
“unlock” the files/computer will be provided.
Market Manipulation: Market activity with the purpose to create artificial buying pressure
and inflate the security price.
Online and Mobile Fraud Trends
Cyber Fraud: The New Financial Crime Wave
The key to providing a secure Online and/or Mobile banking experience is a layered
fraud controls infrastructure.
Gartner outlines their ‘Five Layers of Fraud Prevention’ as follows:
Layered Fraud Controls Approach
Cyber Fraud: The New Financial Crime Wave
Gartner’s ‘Five Layers of Fraud Prevention’
Cyber Fraud: The New Financial Crime Wave
Gartner’s ‘Five Layers of Fraud Prevention’
Cyber Fraud: The New Financial Crime Wave
Gartner’s ‘Five Layers of Fraud Prevention’
Cyber Fraud: The New Financial Crime Wave
Gartner’s ‘Five Layers of Fraud Prevention’
Cyber Fraud: The New Financial Crime Wave
Gartner’s ‘Five Layers of Fraud Prevention’
Cyber Fraud: The New Financial Crime Wave
Gartner’s ‘Five Layers of Fraud Prevention’
Cyber Fraud: The New Financial Crime Wave
www2.acams.org/webinars
Cyber Fraud: The New Financial Crime Wave
www2.acams.org/webinars
If you have additional questions for today’s experts or
suggestions for future web seminars,
please send those to:
Thank you for joining us today!
Cyber Fraud: The New Financial Crime Wave
Future Web Seminar
www2.acams.org/webinars
DEC 04 – FREE Previewing the One-Day ACAMS AML Risk Management
Conference
Level: All
Noon to 1:00pm EDT
DEC 09 – FREE ACAMS Live Chat: 2013 End-of-the-Year Review
Level: All
Noon to 1:00pm EDT