#AVeSPresents

#AVeSPresents

AVeS Cyber SecurityConfidence in your Digital Information

2014/09/25 Charl UeckermannManaging DirectorAVeS Cyber Security

Lex Informatica – SA Cyberlaw / ICT conference – 2014

ONLINE AND MOBILEBANKING THREATS

#AVeSPresents

Agenda

• Welcome

• AVeS Overview

• Online and Mobile Banking Threats

• Questions

#AVeSPresents

AVeS Overview

• Since 1997

• 500+ clients in Southern Africa

• Focus on Professional Services– Reducing Risk – IT Security– Improving Efficiency – Advanced Microsoft Infrastructure– Improving Consistency – Corporate Governance (ISO Std’s)– Increasing Revenue – CRM

• Product Support (the building blocks)

#AVeSPresents

Online and Mobile Banking Threats

98% of respondents regularly use

online banking , online shopping or e- payment services

59% of users have concerns about

banking fraud online

69%

of people fear for the safety of their personal data (including banking credentials)

Kaspersky Lab and B2B International Study - 8,605 respondents,19 countries http://media.kaspersky.com/pdf/Kaspersky_Lab_B2C_Summary_2013_final_EN.pdf

Online payments are popular but unsecure

#AVeSPresents

Which type of data loss is the most critical for Internet users?

Harris Interactive Kaspersky Digital Consumers Internet Security Needs - Topline Report, 2012

37%

TOTAL

Personal email messages

58%

TOTAL

Passwords, account details

60%

TOTAL

Banking details

#AVeSPresents

Attacking the Bank vs Attacking the User

•Before criminals usedto crack the banks

•But it’s too expensive, complicated and risky

•Now they fraud usersto steal money from them

•And unfortunately they arevery successful in doing that

#AVeSPresents

Today Cyber Criminals sell user credentials on a Menu

#AVeSPresents

Problems users encounter whilst online

Problems usersencounter while

online

More than 25% of consumers have experienced a malware incident during last 12 months

36% of malware incidents resulted in

financial lossDid you incur any financial costs

as aresult of a virus / malware

infection?

36%YES

64%NO

Source: Kaspersky Lab, September 2013

Banking trojans worldwide

Zeus

CarberpSpyEye

Shiz

Sinowal

Other

72,1%

7,2%

4,4%

4,2%

2,0%

10,1%

#AVeSPresents

…..”And you thought you were safe!”

Read more details in “Staying safe from virtual robbers”http://www.securelist.com/en/analysis/204792304/Staying_safe_from_virtual_robbers

Online banking site: login, passwordAuthoriza

tion: CVV2

One time passwords:SMS, Token, printed receipts, TAN

generators

CarberpZeus

Carberp, SpyEye, Zeus for mobile, Lurk

SpyEye

Online banking site: login, password

Authorization: CVV2

One time passwords: SMS, Token, printed receipts, TAN generators

Transaction approval: cell phone

#AVeSPresents

Malicious programs use the following techniques

• Keylogging• Screenshot Capturing• Modifying the hosts file• Intrusion into a running browser process

(Web Injections)• Mobile Phones Intrusions

#AVeSPresents

How the Cyber Fraud cycle works

#AVeSPresents

ZEUS — Main Features

• Most widespread online banking trojan out there

• ZeuS tracks which keys the user presses — virtual or physical (keyloging, screenshooting)

• ZeuS uses web injections — Man in the Browser attacks

• ZeuS is capable of bypassing the most advanced bank security system, bypassing 2-factor authentication systems

• Spreads through social engineering and drive-by downloads

#AVeSPresents

How Zeus works

• The user enters their one-time password

• Fake notification and prompts to receive the "new list", users enter their current TAN-codes

• ZeuS using web injection methods.

• All login details that are entered are sent to the cybercriminals

#AVeSPresents

CARBERP: Bank client software + Keys

• Data theft technologies:

• Injection in the web browser

• Interception of

payment data

• Fake notice/ popups

#AVeSPresents

CARBERP: Bank client software interceptor

Intercepted data (CVV/CVC, PIN etc.)

The information Carberp requests on the modified main page of an online banking system (shown in red boxes)

#AVeSPresents

SPYEYE: Bypass by means of social engineering

“One of your recent transactions was completed by mistake. You have received some funds that were designated to another recipient. Please

refund the money back as soon as possible. Thank you!”

User sees fake Warning window on banking page

User sees fake information about transaction to his account

User is requested to refund money

User enters one time passwords for making transaction… and transfers his own money to cybercriminals

#AVeSPresents

SPYEYE: Spying via Webcam

Everything you say on the phone are recorded by cybercriminals

#AVeSPresents

#AVeSPresents

LURK: Distribution and working

TOKEN Bypass:Blocks the workstation when the token inside

Remote access to the workstation for cybercriminals

LURK

#AVeSPresents

Mobile Threats

One time passwords:

SMS

ZitMoZeus in the

Mobile

SpitMoSpyEye in the

Mobile

CitMoCarberp in the

Mobile

#AVeSPresents

Mobile Threats

• How it works

• By means of social engineering user is advised to download the app from an online store

• The app is malicious, once it’s installed it steals one time SMS authentication passwords

#AVeSPresents

Conclusion

• Financial malware is getting more targeted

• New protection measures introduced by banks are quickly cracked/bypassed

• Targeted attacks are getting widespread and almost becoming a routine

• There is a lot of space for vulnerability exploitation

EffectiveSECURIT

YSOFTWAREis a

must

#AVeSPresents

The Way forward

• Banking Industry to take more responsibility

• Mobile SDK protection

• Endpoint Protection – different form std AV

• Banking Server Global monitoring

• Cyber Fraud Awareness – keep going

• Patch Management 70% of solution

#AVeSPresents

Thank You

Questions