Upload
talor
View
56
Download
1
Tags:
Embed Size (px)
DESCRIPTION
No Silver Bullet How Malware Defeats Security Measures and What You Can Do About it. Ziv Cohen – Director, EMEA. April 2012. Malware Attacks Are on the Rise. Malware incidents increased more than 30% between 2008 and 2011, causing significant damage - PowerPoint PPT Presentation
Citation preview
© 2012 Trusteer Confidential1
© 2012 Trusteer Confidential
No Silver BulletHow Malware Defeats Security Measures and What You Can Do About it
Ziv Cohen – Director, EMEA
April 2012
© 2012 Trusteer Confidential2
Malware incidents increased more
than 30% between 2008 and 2011, causing significant damage
54 million U.S. adults said they had incidents of malware on their desktops in 2011
Malware Attacks Are on the Rise
Research - Use a Layered Security Approach to Combat Phishing and Malware-Based Attacks
Published: 26 March 2012
© 2012 Trusteer Confidential3
Online Banking Fraud is Happening
Online Banking Fraud Losses Estimated at 1B$ in US and Europe
© 2012 Trusteer Confidential4
My banking needs are being met without mobile banking
I’m concerned about the security of mobile banking
I don't trust the technology to properly process my banking transaction
The cost of data access on my wireless plan is too high
It is too difficult to see on my mobile phone’s screen
Other
It’s difficult or time consuming to set up mobile banking
I don’t have a banking account with which to use mobile banking
It is not offered by my bank or credit union
My bank charges a fee for using mobile banking
Refuse to answer 1%
2%
3%
9%
10%
13%
17%
18%
22%
48%
57%
What are the main reasons you have decided not to use mobile banking?
New Online Banking Services Adoption Hindered by Security Concerns
Federal Survey - Consumers and Mobile Financial Services March 2012
© 2012 Trusteer Confidential5
© 2010 Trusteer Confidential5
The Cost of Advanced Malware Attack
of CIOs report malware related internal breaches40%
2010 Deloitte-NASCIO Cyber Security Study
of data breaches incorporated malware49%
Verizon 2010 Data Breach Report
companies attacked with the same resources as RSA760
Almost 20% of the Fortune 100 are on this list.
Krebsonsecuirty.com, “Who else was hit by RSA Attackers”?”
© 2012 Trusteer Confidential6
© 2012 Trusteer Confidential6
The end point is the weak link
Sensitive Data and Apps
End Point User
Cyber Criminals
Difficult
Easy
Easy
© 2012 Trusteer Confidential7
Human and Automated
Credentials theft, Web injection,
Social engineering
System exploit, Malicious Code
install
Phishing, Drive-by-Download
Anatomy of Malware attack
User Target
AttackLaunch
Malware Infection
Execute Fraud /
Information Theft
© 2012 Trusteer Confidential8
Attack Setup, Execute Fraud:Man-in-the-Browser, Web Injection
PII Theft
Login:
Password:
****
Credentials Theft
Social Engineering
© 2012 Trusteer Confidential9
User Access site
1
Fraudster “Enters conformation code and redirects all future bank SMS/Calls to 1800ToFraud
5
Malware Inform user that the bank has issued a FREE SIM CARD for security reasons, user enters code to accept offer`
4
Bank Sends a confirmation SMS to previous phone, with code and new phone number
Confirmation Code: 1234For number
1800ToFraud
3
Malware Update user’s phone number
1800TrueNum1800ToFraud
2
Keeping Banks In the Dark - Change Phone
© 2012 Trusteer Confidential10
Confirmation Emails - Hidden
Malware Transfer Money
1
From Subject SentYour Trusteed Bank Transaction Confirmation - Money Transfer Tue 13 Dec 2011 12:03Jack Friend Party Saturday Night Tue 13 Dec 2011 12:02Bill Boss Promotion Tue 13 Dec 2011 12:01Jill Wife Love You Tue 13 Dec 2011 12:00
Bank Sends Confirmation Email
2
if( document.getElementById("datatable").rows[i].innerHTML.indexOf( "Faster Payment Confirmation" ) != -1 || document.getElementById("datatable").rows[i].innerHTML.indexOf( "Payment Created" ) ) { //Faster Payment Confirmation | Payment Created
document.getElementById("datatable").rows[i].style.display = "none";}
Zeus code for hiding emails
From Subject SentJack Friend Party Saturday Night Tue 13 Dec 2011 12:02Bill Boss Promotion Tue 13 Dec 2011 12:01Jill Wife Love You Tue 13 Dec 2011 12:00
Malware Hide Confirmation Email
3
© 2012 Trusteer Confidential11
Keeping Banks In the Dark - DDoS
“After the accounts are
compromised, the
perpetrators conduct a
Distributed Denial of
Service (DDoS) attack on
the financial institution”
FBI warning about Banking Trojan “GAMEOVER”
© 2012 Trusteer Confidential12
Facebook/Ukash – Cross Channel Attack
To confirm verification you have to enter 20 euro UKash voucher. Ukash vouchers are sold by UKash.com website and Ukash.com is not affiliated with Facebook company. 20 euro will be added to your Facebook main account balance. This verification is used to confirm your age and country of origin.The UKash Voucher consists of 19 numbers and face value (sum), begins on “633”. For example 6337757575757
© 2012 Trusteer Confidential13
Malware Command &
Control
5
SMS with link to Mobile malware
(“install new certificate”)
3
MITMO/ZITMO
Legitimate Website
User Accesses Site
1
Malware transfers funds
(PC is proxy)
5
Malware forwards approval SMS
7Download Malware
4
Transaction approved using
stolen SMS
8
“Please provide your mobile phone
number”
2
TransactionApproval SMS
6
© 2012 Trusteer Confidential14
FFIEC Recognizes Malware as the Root Cause of Most Cybercrime Activities
“Controls implemented in conformance with the Guidance several years ago have become less effective..”
“Malware can compromise some of the most robust online authentication techniques”
© 2012 Trusteer Confidential15
The Challenge: No Silver Bullet
Device Identification Challenge Questions Malware
OTP DevicesMan in the Browser,Real Time Phishing
TransactionVerification
Man in the Mobile
TransactionSigning
Social Engineering Malware
Virtual Browser on Stick
Memory Injection Malware
Clickstream Detection
Malware adopts Human-like behavior
x
Bypassed
© 2012 Trusteer Confidential16
Intelligent, Adaptive, Automated
Threat Intelligence
Adaptive Protection
Sustainable CybercrimePrevention
16
© 2012 Trusteer Confidential17
Trusteer: What it does?Crime Logic (100s)
Crime Logic vs. Files and Signatures
Exploit Infect Hook Inject Access Theft
An
ti-Viru
s
Legacy: What it is?Files and Signatures (1000000s)
? ?
Threat Intelligence Adaptive Protection
© 2012 Trusteer Confidential18
First to Discover New Forms of Malware
Tens of Millions of Endpoints
Endpoints Detect and stop Crime Logic
SunspotShylock
Torpig v2
OddJob
Ramnit goes financial
SpitMo for Android
Threat Intelligence Adaptive Protection
© 2012 Trusteer Confidential19
Ready, Before the Threat Reaches You
Tens of Millions of Endpoints
Endpoints Detect and stop Crime Logic
SunspotShylock
Torpig v2
OddJob
SpitMo for Android
Ramint goes financial
Threat Intelligence Adaptive Protection
© 2012 Trusteer Confidential20
Process, People, Products
Online Threats
Adaptive Protection
Cybercrime Intelligence
Analytics &Management
Crime Logic
RiskAssessment
Fraud Alert Crime Logic
Trusteer Intelligence
Center
Corp
Known crime logic
Unknown crime logic
Threat Intelligence Adaptive Protection
© 2012 Trusteer Confidential21
Trusteer Cybercrime Prevention Architecture:Industry leading solution for Online Cybercrime Activities
Stop and remove financial malware, phishing
Protect against mobile malware, high risk devices
Detect malware-infected users, devices
Detect and Stop real-time phishing
Trusteer Rapport for PC/Mac
Trusteer Rapport for Mobile
Trusteer Pinpoint for Malware Detection
Trusteer Pinpoint for Phishing
Detection
Less Cost, Less Complexity
Intelligence-based risk assessment
Multi-layer protection against malware
No malware = Transaction anomaly prevention
© 2012 Trusteer Confidential22
© 2012 Trusteer Confidential
Thank You