aves cyber security confidence in your digital information
DESCRIPTION
Lex Informatica – SA Cyberlaw / ICT conference – 2014. AVeS Cyber Security Confidence in your Digital Information. ONLINE A N D M OBILE BANKI N G THR E A TS. Charl Ueckermann Managing Director AVeS Cyber Security. 2014/09/25. Agenda. Welcome AVeS Overview - PowerPoint PPT PresentationTRANSCRIPT
#AVeSPresents
#AVeSPresents
AVeS Cyber SecurityConfidence in your Digital Information
2014/09/25 Charl UeckermannManaging DirectorAVeS Cyber Security
Lex Informatica – SA Cyberlaw / ICT conference – 2014
ONLINE AND MOBILEBANKING THREATS
#AVeSPresents
Agenda
• Welcome
• AVeS Overview
• Online and Mobile Banking Threats
• Questions
#AVeSPresents
AVeS Overview
• Since 1997
• 500+ clients in Southern Africa
• Focus on Professional Services– Reducing Risk – IT Security– Improving Efficiency – Advanced Microsoft Infrastructure– Improving Consistency – Corporate Governance (ISO Std’s)– Increasing Revenue – CRM
• Product Support (the building blocks)
#AVeSPresents
Online and Mobile Banking Threats
98% of respondents regularly use
online banking , online shopping or e- payment services
59% of users have concerns about
banking fraud online
69%
of people fear for the safety of their personal data (including banking credentials)
Kaspersky Lab and B2B International Study - 8,605 respondents,19 countries http://media.kaspersky.com/pdf/Kaspersky_Lab_B2C_Summary_2013_final_EN.pdf
Online payments are popular but unsecure
#AVeSPresents
Which type of data loss is the most critical for Internet users?
Harris Interactive Kaspersky Digital Consumers Internet Security Needs - Topline Report, 2012
37%
TOTAL
Personal email messages
58%
TOTAL
Passwords, account details
60%
TOTAL
Banking details
#AVeSPresents
Attacking the Bank vs Attacking the User
•Before criminals usedto crack the banks
•But it’s too expensive, complicated and risky
•Now they fraud usersto steal money from them
•And unfortunately they arevery successful in doing that
#AVeSPresents
Today Cyber Criminals sell user credentials on a Menu
#AVeSPresents
Problems users encounter whilst online
Problems usersencounter while
online
More than 25% of consumers have experienced a malware incident during last 12 months
36% of malware incidents resulted in
financial lossDid you incur any financial costs
as aresult of a virus / malware
infection?
36%YES
64%NO
Source: Kaspersky Lab, September 2013
Banking trojans worldwide
Zeus
CarberpSpyEye
Shiz
Sinowal
Other
72,1%
7,2%
4,4%
4,2%
2,0%
10,1%
#AVeSPresents
…..”And you thought you were safe!”
Read more details in “Staying safe from virtual robbers”http://www.securelist.com/en/analysis/204792304/Staying_safe_from_virtual_robbers
Online banking site: login, passwordAuthoriza
tion: CVV2
One time passwords:SMS, Token, printed receipts, TAN
generators
CarberpZeus
Carberp, SpyEye, Zeus for mobile, Lurk
SpyEye
Online banking site: login, password
Authorization: CVV2
One time passwords: SMS, Token, printed receipts, TAN generators
Transaction approval: cell phone
#AVeSPresents
Malicious programs use the following techniques
• Keylogging• Screenshot Capturing• Modifying the hosts file• Intrusion into a running browser process
(Web Injections)• Mobile Phones Intrusions
#AVeSPresents
How the Cyber Fraud cycle works
#AVeSPresents
ZEUS — Main Features
• Most widespread online banking trojan out there
• ZeuS tracks which keys the user presses — virtual or physical (keyloging, screenshooting)
• ZeuS uses web injections — Man in the Browser attacks
• ZeuS is capable of bypassing the most advanced bank security system, bypassing 2-factor authentication systems
• Spreads through social engineering and drive-by downloads
#AVeSPresents
How Zeus works
• The user enters their one-time password
• Fake notification and prompts to receive the "new list", users enter their current TAN-codes
• ZeuS using web injection methods.
• All login details that are entered are sent to the cybercriminals
#AVeSPresents
CARBERP: Bank client software + Keys
• Data theft technologies:
• Injection in the web browser
• Interception of
payment data
• Fake notice/ popups
#AVeSPresents
CARBERP: Bank client software interceptor
Intercepted data (CVV/CVC, PIN etc.)
The information Carberp requests on the modified main page of an online banking system (shown in red boxes)
#AVeSPresents
SPYEYE: Bypass by means of social engineering
“One of your recent transactions was completed by mistake. You have received some funds that were designated to another recipient. Please
refund the money back as soon as possible. Thank you!”
User sees fake Warning window on banking page
User sees fake information about transaction to his account
User is requested to refund money
User enters one time passwords for making transaction… and transfers his own money to cybercriminals
#AVeSPresents
SPYEYE: Spying via Webcam
Everything you say on the phone are recorded by cybercriminals
#AVeSPresents
#AVeSPresents
LURK: Distribution and working
TOKEN Bypass:Blocks the workstation when the token inside
Remote access to the workstation for cybercriminals
LURK
#AVeSPresents
Mobile Threats
One time passwords:
SMS
ZitMoZeus in the
Mobile
SpitMoSpyEye in the
Mobile
CitMoCarberp in the
Mobile
#AVeSPresents
Mobile Threats
• How it works
• By means of social engineering user is advised to download the app from an online store
• The app is malicious, once it’s installed it steals one time SMS authentication passwords
#AVeSPresents
Conclusion
• Financial malware is getting more targeted
• New protection measures introduced by banks are quickly cracked/bypassed
• Targeted attacks are getting widespread and almost becoming a routine
• There is a lot of space for vulnerability exploitation
EffectiveSECURIT
YSOFTWAREis a
must
#AVeSPresents
The Way forward
• Banking Industry to take more responsibility
• Mobile SDK protection
• Endpoint Protection – different form std AV
• Banking Server Global monitoring
• Cyber Fraud Awareness – keep going
• Patch Management 70% of solution
#AVeSPresents
Thank You
Questions