Upload File

banks v fintech…. what about cyber security? by roman sologub, general manager, issp ukraine

  • Home
  • Economy & Finance
  • Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine
28
Banks v FinTech…. What About Cyber Security? Roman Sologub General Manager ISSP Ukraine Ukrainian Banking Forum 2016

Upload: cis-bankers

Post on 16-Apr-2017

132 views

Category:

Economy & Finance


0 download

Report

TRANSCRIPT

Page 1: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

BanksvFinTech….WhatAboutCyberSecurity?

RomanSologubGeneralManagerISSPUkraine

UkrainianBankingForum2016

Page 2: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

Page 3: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

Page 4: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

§ Data for sale§ Attack as a service§ Botnet services§ Malware / Trojans§ Bank Accounts § Payment cards§ Documents

2,1 Trillion in 2019

Page 5: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

Page 6: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

Page 7: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

Page 8: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

Page 9: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

NotjustIT–OT,IOT,Physical

AssumeCompromise

Detect&RespondFaster

IncreasedRegulation

Page 10: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

IT

Internal(Whitebox)

External (Blackbox)

AdvancedPersistentThreat

E-banking

AccountsHijacking

Sessionshijacking

Phishing

ATM/POS

DirectDispense

Malware

Skimming

Card

CardDump

Cardnotpresent

Offlineoverdrafts

SocialEngineering

Vishing

SocialNetworks

Phishing

Bankingattackvectors

Page 11: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

Morning NoonCloseofBusiness

Compromisedaccounts

ProxyBank1

ProxyBank2 Depositcards/moneywithdrawal

Start DDOS/HostSystemshutdown End

Page 12: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

Page 13: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

Recentattack:ATMDirectDispense

Ukraine09/2015– 04/2016

30+cases10bankswasaffected

Page 14: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

>AdvancedPersistentThreat

asetofstealthyandcontinuouscomputerhackingprocesses,oftenorchestratedbyhumantargetingaspecificentity.

Page 15: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

Page 16: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

1.Preparation:socialnetworks, internet,deepweb,documents,metadata

2.Intrusion:Massmail,targetedmail,candydrop,socialengineering

ActiveBreach:Keyloggers, cryptolockers,passwordcrackers,backdoors,etc…

CyberKillChain

Page 17: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

Page 18: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

10min

5min

14min

6monthfromintrusiontoblackout

8 min

Page 19: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

Hackers Spend 200+ Days Inside Before Discovery

Page 20: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

#14/07/20161000+emailswerereleasedtovariousorganizationsinUkraine

Page 21: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

MSWordhasembeddedmacroPayloaddeliverylinkswereextracted:

HTTP62.210.102.80elfaroconsultants.comelfaroconsultants.com/elfaroconsultants.com//r_uploadelfaroconsultants.com//wp-admin/post.phpelfaroconsultants.com/bug/pic.gif?siteidelfaroconsultants.com/din.aspx?s=0000000elfaroconsultants.com/p?c1=2&c2=13765216elfaroconsultants.com/pagestat/PageStatEelfaroconsultants.com/safari/content.binelfaroconsultants.com/t51.2885-15/e35/p2elfaroconsultants.com/tracker?js=13;id=1elfaroconsultants.com/wpad.datwtfismyip.com:443shougunj.com:8069.30.217.90:44352.23.245.170:80

Page 22: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

ActionsonObjectives

Command&ControlInstallationExploitationDeliveryWeaponizeRecon

1000emailaddresseswithpersonaldata

Socialengineering+

Compositemacro-codeobfuscation-sandboxevasion

Predictions

Payloadwasdownloaded14/07/16

1. Exploitationstage- October2. Finalstageperformance– Spring `17

Page 23: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

Securityisanegativegoal…

Itisaprocess

Page 24: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

ISSP - Information Systems Security Partners -

is a Group of Companies, specialized in cybersecurity, managedsecurity services, state of the art professional training, and cuttingedge research in the area of information systems security.

Page 25: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

VendorsandPartners: SecurityOperationCenters(SOC):USA,Israel,EU,Japan Kyiv(+Lab),Vilnius.

Offices: TrainingCenters:Kyiv,Tbilisi,Bratislava,Almaty Kyiv,Tbilisi

ISSP – specialized integrator and managedsecurity services provider.

ISSP Service – provides around the clocksupport and professional services.

ISSP Training Center – conductsprofessional trainings, including but notlimited to certified product-based trainingsand professional certificationprograms.

ISSP Lab & Research Center – specializeson analysis of cyber threats, challengingtasks of computer forensics.

ISSPbusinessprofile

Page 26: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

NotjustIT–OT,IOT,Physical

AssumeCompromise

Detect&RespondFaster

IncreasedRegulation

AUDIT

IOC`sDiscoveryDataAuditApplicationSecurityOSINT

SOC

IncidentDetectionIncidentResponse

RemediationForensics

ATMSecurityCounter-FRAUDSCADASecurityAccessandBehavior

ComplianceasaService

ComplianceAuditConsulting

Page 27: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

ISSP Information Systems Security Partners

CYBERSECURITY IS ENABLING

– not Defeating –

BUSINESS INNOVATIONS

Page 28: Banks v FinTech…. What About Cyber Security? by Roman Sologub, General Manager, ISSP Ukraine

www.isspgroup.com


ISSP Performance Report 2018 - westernsydney.edu.au

E Society Montenegro Issp Mk

ISSP Montenegroissp.me/wp-content/uploads/2012/10/EnMonet21.pdf · 2012. 10. 22. · ABOUT ISSP ABOUT CEPS The Institute for Strategic Studies and Prognoses (ISSP), established by

ISSP 2006 Philippines

ISSP Background Variables Questionnaire

ISSP Approved

Book Building Fomr ISSP

ISSP Admissions Handbook 2014

Sergey Sologub 'Central Park

Exploring the Body Shameful: Solov'ev, Sologub, and Original Sin

ISSP School Handbook

2014 Issp Template

ISSP Glossary of Terms

ISSP Speed Networking Session

ISSP Workshop/Symposium: MASP 2012

Republic Czech 2012 ISSP - dbk.gesis.org

Presentation Final[1] Issp

Sologub 'Technical Subjects

Issp Guidebook

CS 2710, ISSP 2160

Eisp, Issp, SysSp

ISSP 2003 National Identity II - Appendix: ISSP Study

ISSP Corporate Profile

Ibc20140921 sologub

Issp calendar 2013 2014

ISSP Background Variables Questionnaire - GESIS: Home · PDF fileIn the course of the revision the ISSP demographic methods group also compiled the “ISSP Background Variables Questionnaire”

ISSP and ESS An introduction to the surveys. The International Social Survey Programme (ISSP)

INDIGENOUS STUDENT SUCCESS PROGRAMME – 2017 ......Reward code: One of ICAS -ISSP, ICECS- ISSP, ICRS-ISSP • Offering bestowal year: 2017 Value of Scholarships awarded by the university

ISSP CERTIFICATE TRAINING PROGRAM

Issp gsa nov 14 2012

Emotion CS 3710 / ISSP 3565

ISSP 2003 National Identity II - Codebook ZA Study 3910terpconnect.umd.edu/~smilex3/stata/Data/ISSP/ZA3910_cdb.pdfISSP 2001 Social Relations and Support Systems ZA No. 3680 ISSP 2002

ISSP Montenegroissp.me/wp-content/uploads/2012/10/ENMonet19.pdfABOUT ISSP ABOUT CEPS The Institute for Strategic Studies and Prognoses (ISSP), established by Professor Vukotic in 1999,

Instant Short ISSP Story Pack

ISSP 2010 Iceland