banks v fintech…. what about cyber security? by roman sologub, general manager, issp ukraine
TRANSCRIPT
BanksvFinTech….WhatAboutCyberSecurity?
RomanSologubGeneralManagerISSPUkraine
UkrainianBankingForum2016
ISSP Information Systems Security Partners
ISSP Information Systems Security Partners
ISSP Information Systems Security Partners
§ Data for sale§ Attack as a service§ Botnet services§ Malware / Trojans§ Bank Accounts § Payment cards§ Documents
2,1 Trillion in 2019
ISSP Information Systems Security Partners
ISSP Information Systems Security Partners
ISSP Information Systems Security Partners
ISSP Information Systems Security Partners
ISSP Information Systems Security Partners
NotjustIT–OT,IOT,Physical
AssumeCompromise
Detect&RespondFaster
IncreasedRegulation
ISSP Information Systems Security Partners
IT
Internal(Whitebox)
External (Blackbox)
AdvancedPersistentThreat
E-banking
AccountsHijacking
Sessionshijacking
Phishing
ATM/POS
DirectDispense
Malware
Skimming
Card
CardDump
Cardnotpresent
Offlineoverdrafts
SocialEngineering
Vishing
SocialNetworks
Phishing
Bankingattackvectors
ISSP Information Systems Security Partners
Morning NoonCloseofBusiness
Compromisedaccounts
ProxyBank1
ProxyBank2 Depositcards/moneywithdrawal
Start DDOS/HostSystemshutdown End
ISSP Information Systems Security Partners
ISSP Information Systems Security Partners
Recentattack:ATMDirectDispense
Ukraine09/2015– 04/2016
30+cases10bankswasaffected
ISSP Information Systems Security Partners
>AdvancedPersistentThreat
asetofstealthyandcontinuouscomputerhackingprocesses,oftenorchestratedbyhumantargetingaspecificentity.
ISSP Information Systems Security Partners
ISSP Information Systems Security Partners
1.Preparation:socialnetworks, internet,deepweb,documents,metadata
2.Intrusion:Massmail,targetedmail,candydrop,socialengineering
ActiveBreach:Keyloggers, cryptolockers,passwordcrackers,backdoors,etc…
CyberKillChain
ISSP Information Systems Security Partners
ISSP Information Systems Security Partners
10min
5min
14min
6monthfromintrusiontoblackout
8 min
ISSP Information Systems Security Partners
Hackers Spend 200+ Days Inside Before Discovery
ISSP Information Systems Security Partners
#14/07/20161000+emailswerereleasedtovariousorganizationsinUkraine
ISSP Information Systems Security Partners
MSWordhasembeddedmacroPayloaddeliverylinkswereextracted:
HTTP62.210.102.80elfaroconsultants.comelfaroconsultants.com/elfaroconsultants.com//r_uploadelfaroconsultants.com//wp-admin/post.phpelfaroconsultants.com/bug/pic.gif?siteidelfaroconsultants.com/din.aspx?s=0000000elfaroconsultants.com/p?c1=2&c2=13765216elfaroconsultants.com/pagestat/PageStatEelfaroconsultants.com/safari/content.binelfaroconsultants.com/t51.2885-15/e35/p2elfaroconsultants.com/tracker?js=13;id=1elfaroconsultants.com/wpad.datwtfismyip.com:443shougunj.com:8069.30.217.90:44352.23.245.170:80
ISSP Information Systems Security Partners
ActionsonObjectives
Command&ControlInstallationExploitationDeliveryWeaponizeRecon
1000emailaddresseswithpersonaldata
Socialengineering+
Compositemacro-codeobfuscation-sandboxevasion
Predictions
Payloadwasdownloaded14/07/16
1. Exploitationstage- October2. Finalstageperformance– Spring `17
ISSP Information Systems Security Partners
Securityisanegativegoal…
Itisaprocess
ISSP Information Systems Security Partners
ISSP - Information Systems Security Partners -
is a Group of Companies, specialized in cybersecurity, managedsecurity services, state of the art professional training, and cuttingedge research in the area of information systems security.
ISSP Information Systems Security Partners
VendorsandPartners: SecurityOperationCenters(SOC):USA,Israel,EU,Japan Kyiv(+Lab),Vilnius.
Offices: TrainingCenters:Kyiv,Tbilisi,Bratislava,Almaty Kyiv,Tbilisi
ISSP – specialized integrator and managedsecurity services provider.
ISSP Service – provides around the clocksupport and professional services.
ISSP Training Center – conductsprofessional trainings, including but notlimited to certified product-based trainingsand professional certificationprograms.
ISSP Lab & Research Center – specializeson analysis of cyber threats, challengingtasks of computer forensics.
ISSPbusinessprofile
ISSP Information Systems Security Partners
NotjustIT–OT,IOT,Physical
AssumeCompromise
Detect&RespondFaster
IncreasedRegulation
AUDIT
IOC`sDiscoveryDataAuditApplicationSecurityOSINT
SOC
IncidentDetectionIncidentResponse
RemediationForensics
ATMSecurityCounter-FRAUDSCADASecurityAccessandBehavior
ComplianceasaService
ComplianceAuditConsulting
ISSP Information Systems Security Partners
CYBERSECURITY IS ENABLING
– not Defeating –
BUSINESS INNOVATIONS
www.isspgroup.com