kaspersky fraud prevention: solution overview...kaspersky fraud prevention can provide additional...
TRANSCRIPT
![Page 1: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/1.jpg)
KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW
Petr Zahálka
Avnet s.r.o.
![Page 2: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/2.jpg)
AKTUÁLNÍ SITUACE
http://www.csas.cz/banka/content/inet/internet/cs/n
ews_ie_2271.xml?archivePage=phishing&navid=nav00
156_phishing_aktuality
![Page 3: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/3.jpg)
3
![Page 4: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/4.jpg)
AKTUÁLNÍ SITUACE
http://www.csas.cz/banka/content/inet/internet/cs/n
ews_ie_2246.xml?archivePage=phishing&navid=nav00
156_phishing_aktuality
![Page 5: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/5.jpg)
5
![Page 6: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/6.jpg)
AKTUÁLNÍ SITUACE
http://www.csas.cz/banka/content/inet/internet/cs
/news_ie_2246.xml?archivePage=phishing&navid=n
av00156_phishing_aktuality
![Page 7: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/7.jpg)
7
![Page 8: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/8.jpg)
AKTUÁLNÍ SITUACE
8
![Page 9: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/9.jpg)
AKTUÁLNÍ SITUACE
9
![Page 10: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/10.jpg)
FRAUD PREVENTION IN ACTION
10
BANK
MALWARE/
CYBER-CRIMINALS
Social Engineering
Logging Phishing + Stolen Certificates
Driver “killer” DNS Change PHISHING
PAGE
Account #1
Account #2
Malicious Accounts
login
$$$ 3 days
Screenshotting
Code Injection
OBS
login
![Page 11: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/11.jpg)
KASPERSKY FRAUD PREVENTION PLATFORM
11
BANK
Kaspersky Fraud
Prevention Console
Kaspersky
Fraud Prevention
Clientless Engine
Server side protection and
Management
USER Kaspersky Fraud Prevention
for endpoints
Kaspersky Fraud Prevention SDK Mobile SDK
User protection
Kaspersky Fraud Prevention
Education Services
Kaspersky Fraud Prevention
Management Services
Kaspersky Fraud Prevention
Professional Services
Kaspersky Fraud prevention
Intelligence Services
Services
Kaspersky Security Network —
Global Security Intelligence
![Page 12: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/12.jpg)
KASPERSKY FRAUD PREVENTION:
USER PROTECTION
![Page 13: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/13.jpg)
RISKS OF UNTRUSTED BANKING
13
Website Phishing sites
Connection Substitution of DNS,
proxy or hosts file
Traffic interception
Environment Vulnerability exploitation
Code injection
Social engineering
Screenshotting and
keylogging
![Page 14: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/14.jpg)
Website Phishing sites
Connection Substitution of DNS,
proxy or hosts file
Traffic interception
Environment Vulnerability exploitation
Code injection
Social engineering
Screenshotting and
keylogging
TRUSTED BANKING
14
Website
Anti-phishing
List of trusted sites
Connection
Kaspersky
Security Network
SSL certificate database
in the cloud
Environment
Secure Browser
Secure Keyboard
Screenshot Capture
protection
Vulnerability scan
Self-protection
![Page 15: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/15.jpg)
Website
Anti-phishing
List of trusted sites
Connection
Kaspersky
Security Network
SSL certificate database
in the cloud
Environment
Secure Browser
Secure Keyboard
Screenshot Capture
protection
Vulnerability scan
Self-protection
TRUSTED BANKING
15
![Page 16: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/16.jpg)
Safe Money
BROWSER THREATS
16
Code injection
External browser Control
OS Vulnerabilities
Attacks on
the product itself (termination, damage,
modification, etc.)
Keyloggers
MiTM attacks
Phishing
Screenshotting
Fraud
Prevention
for
Endpoints
![Page 17: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/17.jpg)
PROTECTION AGAINST OS VULNERABILITIES
17
Dedicated updatable
vulnerabilities database:
Operation System Only
Kernel Mode privileges escalation only
Protection: Base is checked upon the application
launch and user is informed if the
system is vulnerable
![Page 18: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/18.jpg)
Scan code
Symbols
SECURE KEYBOARD: MAXIMUM SAFETY
18
Keyboard drivers
OS Drivers kbdclass.sys
BROWSER KASPERSKY FRAUD PREVENTION FOR ENDPOINTS
Main driver kliff.sys
Keyboard Classic Service Callback
Virtual Keyboard plugin
Protected
channel
Kaspersky keyboard driver
Sca
n c
od
e
Trojan-Banker.Win32.Fibbit
![Page 19: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/19.jpg)
PROTECTION AGAINST TAKING SNAPSHOTS
19
Protect against all used screenshotting
techniques
It’s impossible to take a screenshot if current
window belongs to Safe (protected) browser
Screenshots
are not allowed
![Page 20: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/20.jpg)
SELF-DEFENSE
20
Protect from modifying KFP for
Endpoints:
Windows registry keys
Files
Processes
Threads
One of best self-protection techniques according to independent tests:
http://www.matousec.com/projects/proactive-security-challenge-64/results.php
![Page 21: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/21.jpg)
Website
Anti-phishing
List of trusted sites
Connection
Kaspersky
Security Network
SSL certificate database
in the cloud
Environment
Secure Browser
Secure Keyboard
Screenshot capture
protection
Vulnerability scan
Self-protection
TRUSTED BANKING
21
![Page 22: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/22.jpg)
MITM ATTACKS: SSL CERTIFICATE VALIDATION
22
Internet Kaspersky
Security Network
Request for certificate
Fake certificate
Certificate from KSN
KFP for
endpoint
checks the
certificate
Phishing
web site
![Page 23: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/23.jpg)
Website
Anti-phishing
List of trusted sites
Connection
Kaspersky
Security Network
SSL certificate database
in the cloud
Environment
Secure Browser
Secure Keyboard
Screenshot capture
protection
Vulnerability scan
Self-protection
TRUSTED BANKING
23
![Page 24: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/24.jpg)
Kaspersky Security Network
Client
ANTI-PHISHING: HOW IT WORKS
26
Online base of
phishing sites
Digital certificate
verification
service
Request
Response
Offline
Data Base
Heuristics
results from
clients
Сrawlers
and robots
Content
Analysts
The most popular
KSN queries
Tens of feeds
Huge spam traps
A lot of clients’
samples
![Page 25: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/25.jpg)
WHY USE FRAUD PREVENTION IF AN ANTIVIRUS SOLUTION IS ALREADY INSTALLED?
27
Not all users install good security software or
regularly update it
Traditional signature-based AV is vulnerable to
zero-day and targeted attacks (but modern AV
products are more than just blacklisting)
FRAUD PREVENTION is compatible with the
anti-malware solutions of other vendors
![Page 26: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/26.jpg)
MOBILE CLIENT PROTECTION
IN DETAILS
![Page 27: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/27.jpg)
SDK FUNCTIONALITY
30
KFP
SDK
Self Defense
Web & Network
Protection Secure
Connection
URL Web Filter
Web Anti Virus
URL
Reputation
DNS Checker
Certificate
Validation
Data Protection
Secure SMS
Banking
Secure
Storage
Safe Input Anti Virus
(ODS)
Anti Virus
(OAS)
Device Protection
![Page 28: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/28.jpg)
SECURE MESSAGES IN SECURE STORAGE
31
Secured SMS Storage
Incoming SMS
from Bank
Kaspersky Safe Money SDK
User
SMS Secure
Interception
Malware #1
Malware #1 Standard Storage
SMS Malware Interception
![Page 29: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/29.jpg)
SDK FUNCTIONALITY
32
KFP
SDK
Self Defense
Web & Network
Protection Secure
Connection
URL Web Filter
Web Anti Virus
URL
Reputation
DNS Checker
Certificate
Validation
Data Protection
Secure SMS
Banking
Secure
Storage
Safe Input
Risk Detection
Suspicious
Applications
Device
Fingerprint
Wi-Fi Safety
Analysis
Device
Configuration
Firmware
Verification
Root /
Jailbreak
Detection
Anti Virus
(ODS)
Anti Virus
(OAS)
Device Protection
![Page 30: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/30.jpg)
KASPERSKY FRAUD PREVENTION
CLIENTLESS ENGINE
![Page 31: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/31.jpg)
KASPERSKY FRAUD PREVENTION PLATFORM
35
BANK
Kaspersky Fraud
Prevention Console
Kaspersky
Fraud Prevention
Clientless Engine
Server side protection and
Management
USER Kaspersky Fraud Prevention
for endpoints
Kaspersky Fraud Prevention SDK Mobile SDK
User protection
Kaspersky Fraud Prevention
Education Services
Kaspersky Fraud Prevention
Management Services
Kaspersky Fraud Prevention
Professional Services
Kaspersky Fraud prevention
Intelligence Services
Services
Kaspersky Security Network —
Global Security Intelligence
![Page 32: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/32.jpg)
CLIENTLESS ENGINE: WHERE THE DATA COMES FROM
36
DATA SOURCES
• Kaspersky Fraud Prevention for Endpoints
• Kaspersky Security Network
• Online banking customers
• Fraud Analyst from Bank
CLIENTLESS ENGINE
Multi-layered security approach
with Management Console.
Online banking customer
with Kaspersky Fraud
Prevention for Endpoints
Malware Detection Service
Rule Engine
Behavior Analysis
![Page 33: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/33.jpg)
VALUABLE DATA FOR ANTI-FRAUD ENGINES
Kaspersky Fraud Prevention can provide additional data for anti-fraud systems:
Presence of applications for remote access (RDP, VNC, etc.)
Usage of physical mouse or keyboard while sending the transaction
Attempts to modify banking application
Presence of vulnerable software
Kaspersky Fraud Prevention
for endpoints
Kaspersky Fraud Prevention SDK
Mobile SDK Anti-Fraud System
![Page 34: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/34.jpg)
PROTECTION AGANST ONLINE-BANKING ATTACKS
39
Web page modification
(web-injects) Social Engineering
+ Phishing Site
Keylogging /
Screenshoting /
Modifying DNS Phase #1 Credentials Stealing
(optional)
Phase #2 Making Fraud
Transaction
With Malware Without Malware
Attacker’s PC
Using stolen credentials
(incl. OTPs)
User’s infected PC
Remotely
(Sending
POST request)
Kaspersky
Fraud
Prevention
for Endpoints
Kaspersky
Clientless
Engine Social Eng. +
Web-Injects
(Spyeye
Chiptan case)
Manually (via
RDP session)
![Page 35: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/35.jpg)
KASPERSKY FRAUD PREVENTION: MATURE
TECHNOLOGY WITH MILLIONS OF USERS WORLDWIDE
46
Leading bank in
Ecuador,
750,000 online
users covered
KFP technology was introduced by Kaspersky Lab in 2011
Now used by 30M endpoint users of Kaspersky Lab products
![Page 36: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/36.jpg)
MAJOR BENEFITS FOR BANKS
47
Minimizes the number of security incidents due to targeted
attacks against online banking users
Minimizes financial risks
Increases customer loyalty and awareness of threats
Provides competitive advantage
Motivates customers to use remote banking on different
platforms: Windows, Mac OS X, Android, iOS
Improves compliance with legal regulations
Additional communication with clients
![Page 37: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/37.jpg)
TECHNICAL BENEFITS FOR BANKS
48
Provides multi-layered security for any kind of online
transactions on PC, MAC, iOS and Android
Dynamic and real-time: cloud updates keep you ahead of the
threats
One of the lowest level of false positives in the industry
proven by independent tests
Global vision and deep insight of security incidents through
intelligent reporting
Kaspersky Intelligence skills and knowledge is transferred to
your security experts through training and consulting
Compatibility with anti virus software
Cloud
![Page 38: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/38.jpg)
CHTĚJTE VÍCE
51
Požadujte ve Vaší bance vyšší stupeň zabezpečení
![Page 39: KASPERSKY FRAUD PREVENTION: SOLUTION OVERVIEW...Kaspersky Fraud Prevention can provide additional data for anti-fraud systems: Presence of applications for remote access (RDP, VNC,](https://reader030.vdocuments.net/reader030/viewer/2022040412/5f0319f17e708231d4078a78/html5/thumbnails/39.jpg)
DĚKUJI ZA POZORNOST
52
Petr Zahálka
Avnet s.r.o.
602 354 836