a year s evolution in attacks against online banking
play

A Year's Evolution in Attacks Against Online Banking Customers - PowerPoint PPT Presentation

Jan 11, 2024 •109 likes •351 views

A Year's Evolution in Attacks Against Online Banking Customers Matthew W A Pemble Information Security Crystal Ball 29 th June 2006 Group Security & Fraud Phishing, Trojans & other scams Despite appearances banks are actually (ish)

  1. A Year's Evolution in Attacks Against Online Banking Customers Matthew W A Pemble

  2. Information Security Crystal Ball 29 th June 2006 Group Security & Fraud

  3. Phishing, Trojans & other scams • Despite appearances banks are actually (ish) secure • Home-user security is terrible • Serious, professional , organised crime • Go where the money is: • Compromise bank staff • Place bank employees • Attack the communications chain outside of the Bank’s control • Attack the customers (and their computers) 29 th June 2006 Group Security & Fraud

  4. The situation at Singapore • Significant increases in basic numbers • Majority of attacks still non-financials • Attacking biggest English-speaking orgs • US / Aus / NZ / UK + ? • Rapid rise in use and utility of trojans • Losses (corporate) still low • Absolutely • Compared to other fraud (card, 419 etc) • Compared to cost of solution 29 th June 2006 Group Security & Fraud

  5. Where are we now? • Concentration on money making • More sophistication in strategy • More sophistication in technology • Mule recruitment • More effort • Fewer mugs ? • Use of non-internet channels for initial theft • First 4 / 5 / 6 (BIN) “email personalisation” • More languages (German, French, Spanish & …) • spulling dreadful still • and grimer 29 th June 2006 Group Security & Fraud

  6. “Nothing is worse than active ignorance” Goethe 29 th June 2006 Group Security & Fraud

  7. Phishing – main trends • Flat simple numerics • Inexorable rise in finance attacks • Significant (lesser) rise in reported losses • Change of tack • Non-English (at last � ) • Failure of non-strong auth (Tan etc) • Focus on smaller institutions (UK & US) • Demand for (and use of) telephony credentials • Technical sophistication of supporting infrastructure • Balkanisation • Nigerianization 29 th June 2006 Group Security & Fraud

  8. Normalised to Jun 05 10 9 8 7 6 5 4 3 2 1 0 Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May UK (norm) APWG (norm) 29 th June 2006 Group Security & Fraud

  9. “Weak” hosting • Single email • Extremely poor English • No geographical customisation (i.e. $ not £) • Single host (hacked virtual hosting box) • DNS • Often on the same box (old) • Or by legitimate server owner (ISP) • No resilience in site • New kit wave within 3 hrs of site takedown. 29 th June 2006 Group Security & Fraud

  10. “Strong” Hosting • This is not the “Rock” group MO. • 1 email wave – standard wording • Up to 4 “confusingly similar” domain names • “Fraudster friendly” registrar • + don’t work weekends � • Separate DNS • “Sensible”, fraudster owned, DNS service domain • 5 live A records at a time • Slow rotation ( ≈ 30 mins) • Botnet hosting • 30 + IP addresses seen in 32 hr lifetime 29 th June 2006 Group Security & Fraud

  11. What does this mean? • 2-factor approaching economic • Attributable cost of IR on order of financial loss • Education appears to be reducing customer response • But when you get an attack after 14 months … • Inter-bank recovery rates are consistent to improving • Wider scale spam filtering seems to be helping • Grip slowly tightening on phishing gangs • Law Enforcement effort needing • Low value crime, international & difficult 29 th June 2006 Group Security & Fraud

  12. “Spear-Phishing” • Pick your definition • Well targeted attack (only genuine customers) • Attacking only one email domain • Personalising attack emails • Scripted emails with unique identifiers • Active email / mug verification • Avoid dilution & decoys • Future proofing 29 th June 2006 Group Security & Fraud

  13. Perseverance is a great element of success: if you only knock loud and long enough at the gate, you are sure to wake up somebody. Henry Wadsworth Longfellow

  14. Pharming • I would exclude “etc/hosts” changes • Rare, but difficult to spot • Why? • Spam is easy, fools are plentiful? • Spectacularly successful when implemented • Potential for “transparent proxy” • DNS surveys suggest wide-scale susceptibility 29 th June 2006 Group Security & Fraud

  15. Trojans • Remain the “iceberg issue” • Many customer machines multiply compromised • Vast range of applicable threats • Key-logging • Keyword tailored key-loggers • Screen scraper • Disk search utilities (inc grep) • MITM Proxies (Browser Help Objects) • Etc/hosts file alterations 29 th June 2006 Group Security & Fraud

  16. Trojan Impact • Very few customers per identified variant • Spread between many banks (over 200 in some etc/ hosts) • Auto-updates • Well-established malware author shops / kits • Botnet hosting • Nasty suspicion? • What happens to real 1 st -party fraud? 29 th June 2006 Group Security & Fraud

  17. (small) Etc/hosts sample 24.14.38.190 www.halifax-online.co.uk 24.14.38.190 ibank.barclays.co.uk 24.14.38.190 online.lloydstsb.co.uk 24.14.38.190 online-business.lloydstsb.co.uk 24.14.38.190 www.ukpersonal.hsbc.co.uk 24.14.38.190 www.nwolb.com 24.14.38.190 banesnet.banesto.es 24.14.38.190 extranet.banesto.es 24.14.38.190 ebanking.bccbrescia.it 24.14.38.190 www.bankofscotlandhalifax-online.co.uk 24.14.38.190 www.rbsdigital.com 24.14.38.190 oi.cajamadrid.es 24.14.38.190 bancae.caixapenedes.com 24.14.38.190 banking.postbank.de 24.14.38.190 meine.deutsche-bank.de 24.14.38.190 myonlineaccounts2.abbeynational.co.uk 24.14.38.190 ibank.cahoot.com 29 th June 2006 Group Security & Fraud

  18. Non-IT Attacks • Telephony • Auto-diallers (espec VOIP) • SMS • Paper • Interference with the Mails • Statement stuffers • Marketing departments don’t help 29 th June 2006 Group Security & Fraud

  19. A good End cannot sanctify evil Means; nor must we ever do Evil, that Good may come of it. William Penn

  20. Summary: The state at Baltimore • Attacks steadily ramping up • Spam volumes erratic • No real learning on “hook” • Minor variations in favourite targets • $millions per month • International • Multiple languages • Transnational targeting • West Africans now playing • Technology improving • Almost time to do something about it � 29 th June 2006 Group Security & Fraud

  21. So what for next year? • Cleverer targeting • Cleaner spam lists • More / better personalisation • Theft of customer (marketing) databases • Money movement? • Away from Western Union • Suborned registrars? • Strong 2-factor transaction data signing • 2FA is not enough (though necessary) 29 th June 2006 Group Security & Fraud

  22. Just remember it’s not the only problem … The “Enron 3” Donald MacKenzie 29 th June 2006 Group Security & Fraud

  23. Some perspective Phishing & trojans Donald MacKenzie • Organised crime • Business Relationship Mgr • Hundreds of attacks • 5 year rolling scheme(r) • £23.2m UK admitted loss • Prosecuted for ≈ £21m loss • Thousands of hours ISIRT • Loan & dormant account fraud • Mostly getting away with it • 5 man-days • Apparently below LE “radar” • Computer & phone forensics • Statement writing • Sent down for 10 yrs on Tuesday 27 th June � 29 th June 2006 Group Security & Fraud

  24. Questions ?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

RP2 Online Banking: Attacks & Defences Dominic van den Ende, Tom Hendrickx University of

RP2 Online Banking: Attacks & Defences Dominic van den Ende, Tom Hendrickx University of

Outline Introduction Research Analysis Questions Conclusion RP2 Online Banking: Attacks & Defences Dominic van den Ende, Tom Hendrickx University of Amsterdam Master of Science in System and Network Engineering Class of 2008-2009

440 views • 23 slides
Future Banking and Financial Attacks Konstantinos Karagiannis Director, Ethical Hacking, BT

Future Banking and Financial Attacks Konstantinos Karagiannis Director, Ethical Hacking, BT

Future Banking and Financial Attacks Konstantinos Karagiannis Director, Ethical Hacking, BT Advise Assure 2 Agenda/topics covered Threat overview Advanced User Enumeration and DDoS Trading Turret and Timing Attacks Internal and External User

365 views • 35 slides
in memory: an evolution of attacks Mathias Payer <mathias.payer@nebelwelt.net> UC

in memory: an evolution of attacks Mathias Payer <mathias.payer@nebelwelt.net> UC

in memory: an evolution of attacks Mathias Payer <mathias.payer@nebelwelt.net> UC Berkeley Images (c) MGM, WarGames, 1983 Memory attacks: an ongoing war Vulnerability classes according to CVE Memory attacks: an ongoing war David

725 views • 44 slides
Science Evolution and Inheritance Year One Science | Year 6 | Evolution and Inheritance | Theory

Science Evolution and Inheritance Year One Science | Year 6 | Evolution and Inheritance | Theory

Science Evolution and Inheritance Year One Science | Year 6 | Evolution and Inheritance | Theory of Evolution | Lesson 2 Ai Aim I can identify the key ideas of the theory of evolution. Succe Success Cri Criteri ria I can demonstrate

551 views • 19 slides
Offering banking services in a mobile world Denise Buckton Head of Mobile and Phone Banking

Offering banking services in a mobile world Denise Buckton Head of Mobile and Phone Banking

Offering banking services in a mobile world Denise Buckton Head of Mobile and Phone Banking Evolution of ANZ & NBNZ Mobile Banking Txt Banking NBNZ iBank M-Banking ANZ goMoney NBNZ Mobile Banking and M-Banking for iPhone browser for

429 views • 8 slides
Evolution of Malware and the Next Generation Endpoint Protection against Targeted Attacks Index

Evolution of Malware and the Next Generation Endpoint Protection against Targeted Attacks Index

Evolution of Malware and the Next Generation Endpoint Protection against Targeted Attacks Index 1. Malware volume evolution 2. Malware Eras 3. Panda Adaptive Defense 1. What is it 2. Features & Benefits 3. How does it work 4.

661 views • 47 slides
Online Banking Presentation for Financial Agents ONLINE FINANCIAL PLATFORM 85 regions 1100

Online Banking Presentation for Financial Agents ONLINE FINANCIAL PLATFORM 85 regions 1100

Online Banking Presentation for Financial Agents ONLINE FINANCIAL PLATFORM 85 regions 1100 cities and towns Otkritie Bank B&N bank Promsvyazbank Metallinvestbank Alfa-bank Baikalinvestbank Absolut Bank SME bank Sberbank Raifazzen

343 views • 7 slides
Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van

Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van

Security and Usability Gap in Online Banking NSPW Presentation - Sep 19, 2007 Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van Oorschot Carleton University Mohammad Mannan Sep 19, 2007 1 Security

544 views • 22 slides
I ts Me 247 Online Banking is coming to your members on December 5! Rollout Update November

I ts Me 247 Online Banking is coming to your members on December 5! Rollout Update November

I ts Me 247 Online Banking is coming to your members on December 5! Rollout Update November 20, 2007 Beta Test Report 15 beta-sites testing with credit union staff Community GR Family Onaway CorePlus Kenowa

746 views • 20 slides
HOW TO PRESENT TRUSTLY ON YOUR WEBSITE Trustly Online Banking Payments Introduction We know it

HOW TO PRESENT TRUSTLY ON YOUR WEBSITE Trustly Online Banking Payments Introduction We know it

HOW TO PRESENT TRUSTLY ON YOUR WEBSITE Trustly Online Banking Payments Introduction We know it can be tricky to describe Trustly on your site, so weve created this best practices handbook to help you out. The tips here will aid you in

171 views • 5 slides
Infection for Breaking mTAN-based Online Banking Authentication Alexandra Dmitrienko Fraunhofer

Infection for Breaking mTAN-based Online Banking Authentication Alexandra Dmitrienko Fraunhofer

Over-the-Air Cross-platform Infection for Breaking mTAN-based Online Banking Authentication Alexandra Dmitrienko Fraunhofer Institute for Secure Information Technology/CASED, Germany Joint work with Lucas Davi Ahmad-Reza Sadeghi Christopher

482 views • 33 slides
Anti-Fraud Suite Holistic Approach to Online Banking Security About ThreatMark 2 Made Ma de

Anti-Fraud Suite Holistic Approach to Online Banking Security About ThreatMark 2 Made Ma de

Anti-Fraud Suite Holistic Approach to Online Banking Security About ThreatMark 2 Made Ma de in Czec ech h Repu public Fo Foun unded ded in 2015 15 Active on 4 continents by former Ethical Hackers 50 50+ Exper erts s 20+ million

558 views • 17 slides
On Demand Online Credit Rates in the Banking Domain A proposal for dynamic on-demand credit

On Demand Online Credit Rates in the Banking Domain A proposal for dynamic on-demand credit

On Demand Online Credit Rates in the Banking Domain A proposal for dynamic on-demand credit rates computation based on event processing. An Idea by David Luckham, Stanford University, and CITT. Daniel Jobst, Benjamin Gebauer, Thomas Schfer,

311 views • 6 slides
Computing Online Safety Computing | Year 1 | Online Safety | Staying SMART Online| Lesson 3 Aim

Computing Online Safety Computing | Year 1 | Online Safety | Staying SMART Online| Lesson 3 Aim

Computing Online Safety Computing | Year 1 | Online Safety | Staying SMART Online| Lesson 3 Aim Aim To understand how to communicate safely online. Success Criteria Success Criteria Statement 1 Lorem ipsum dolor sit amet, consectetur

419 views • 16 slides
Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning Ahmed Salem ,

Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning Ahmed Salem ,

Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning Ahmed Salem , Apratim Bhattacharya, Michael Backes Mario Fritz,Yang Zhang CISPA Helmholtz Center for Information Security, Max Planck Institute for Informatics 1

568 views • 20 slides
A comment to Rolf Strauch Online Seminar Florence School of Banking & Finance 2 May 2018

A comment to Rolf Strauch Online Seminar Florence School of Banking & Finance 2 May 2018

Marcello Messori (SEP-LUISS) The role of the ESM in a deepening EMU: A comment to Rolf Strauch Online Seminar Florence School of Banking & Finance 2 May 2018 Outline Rolf Strauchs presentation a number of stimulating suggestions:

285 views • 5 slides
TDI Enforcement Actions John Rothermel Heidi Junge December 21, 2017 In order to obtain a CE

TDI Enforcement Actions John Rothermel Heidi Junge December 21, 2017 In order to obtain a CE

TDI Enforcement Actions John Rothermel Heidi Junge December 21, 2017 In order to obtain a CE Certificate or CLE Credit, you must listen to the webinar for a minimum of 55 minutes obtain the password (provided at the end of the

1.04k views • 60 slides
The Dormant Commerce Clause What is Interstate Commerce? Commerce Clause, U.S. Const. art. 1 8,

The Dormant Commerce Clause What is Interstate Commerce? Commerce Clause, U.S. Const. art. 1 8,

The Dormant Commerce Clause What is Interstate Commerce? Commerce Clause, U.S. Const. art. 1 8, cl.3 All commercial intercourse that concerns more than one state. [Congress shall have the power to] regulate Commerce with foreign Nations, and

436 views • 18 slides
Lecture 10.1 Safety and Liveness EN 600.320/420 Instructor: Randal Burns 28 February 2018

Lecture 10.1 Safety and Liveness EN 600.320/420 Instructor: Randal Burns 28 February 2018

Lecture 10.1 Safety and Liveness EN 600.320/420 Instructor: Randal Burns 28 February 2018 Department of Computer Science, Johns Hopkins University Characterizing Concurrency Safety (correctness): what are the semantic guarantees

560 views • 8 slides
SEO JARGON KEY SEO RELATED TERMINOLOGY AND CONCEPTS YOU SHOULD KNOW Backlinks / Anchor &

SEO JARGON KEY SEO RELATED TERMINOLOGY AND CONCEPTS YOU SHOULD KNOW Backlinks / Anchor &

SEO JARGON KEY SEO RELATED TERMINOLOGY AND CONCEPTS YOU SHOULD KNOW Backlinks / Anchor & URL / Contextual Links, Image Link, Sidebar Widget, Sitewide Link where link appears Types of Backlink Sources Blog, Company Site, Directory,

745 views • 53 slides
Relevant Content to Better Tap Into Subscribers Motivations and Increased Session Title

Relevant Content to Better Tap Into Subscribers Motivations and Increased Session Title

How HomeAdvisor Tested More Relevant Content to Better Tap Into Subscribers Motivations and Increased Session Title Conversion by 85% JILL MCEWAN Director of Direct Marketing HomeAdvisor Jill McEwan Director of Direct Marketing

525 views • 39 slides
Time Savings October 4, 2017 10-11:30 am PT/ 1-2:30 pm ET Welc lcome Fr Fran Ros osebush Ba

Time Savings October 4, 2017 10-11:30 am PT/ 1-2:30 pm ET Welc lcome Fr Fran Ros osebush Ba

Connecting Your Clients to Savings: Promoting Tax Time Savings October 4, 2017 10-11:30 am PT/ 1-2:30 pm ET Welc lcome Fr Fran Ros osebush Ba Baylo lor Director, Field Engagement Prosperity Now Housekeeping This webinar is being

855 views • 51 slides
Example: Simple Forensics >>> Pretty sure based on the same domain lookups and http

Example: Simple Forensics >>> Pretty sure based on the same domain lookups and http

Example: Simple Forensics >>> Pretty sure based on the same domain lookups and http logs. >>> Jul 9 23:04:31 131.243.X.Y A.B.C.D 80 GET elided .ru / curl/7.32.0 200 OK (empty) text/plain >> I am looking for the comptuer

700 views • 49 slides
Miscellaneous: Malware contd & start on Bitcoin CS 161: Computer Security Prof. Raluca

Miscellaneous: Malware contd & start on Bitcoin CS 161: Computer Security Prof. Raluca

Miscellaneous: Malware contd & start on Bitcoin CS 161: Computer Security Prof. Raluca Ada Popa April 19, 2018 Credit: some slides are adapted from previous offerings of this course Viruses vs. Worms VIRUS WORM Propagates by

757 views • 56 slides

More recommend