phishing m alware vs brazilian banks what each side is
play

Phishing M alware vs Brazilian Banks: What each side is doing to - PowerPoint PPT Presentation

Oct 26, 2023 •170 likes •554 views

Phishing M alware vs Brazilian Banks: What each side is doing to raise the bar Jacomo Piccolini Security Academic Coordinator IT Governance Academic Coordinator Brazilian Research and Academic Network RNP Educational Team ESR

  1. Phishing M alware vs Brazilian Banks: What each side is doing to raise the bar Jacomo Piccolini Security Academic Coordinator IT Governance Academic Coordinator Brazilian Research and Academic Network – RNP Educational Team – ESR www.esr.rnp.br jacomo@rnp.br Ivo Peixinho Computer Forensics Expert Head of the IT Division – DINF/ CTI/ DPF Brazilian Federal Police www.dpf.gov.br peixinho.icp@dpf.gov.br

  2. Brazilian home banking facts: • Brazil started home banking operations in late 1990 with modem + proprietary software sent to users by floppy disks, remember those? • Web access to home banking came around 1999 and fraud was limited until 2003 when phishing attacks started to become epidemic. • Until 2007 almost all phishing attacks were based on simple fake web pages, sometimes with low quality, old images and old layout and non-working buttons. • Since 2007 malware based attacks are the main door to collect user’s banking information but from time to time we do see a raise on fake banking pages, now with much better quality.

  3. Brazilian home banking facts: • Brazil has one of the largest banking operations on the world and is now heavily dependent on home banking and on ATM usage. • Brazil is also one of the biggest Internet users population. • Some official and non-official estimative says Internet banking fraud is generation losses around U$ 300,000,000 / year • Wait one second … . that ’s ONE billon in 3 years, that ’s a lot of money …

  4. Raising the bar: • First steps to defeat miscreants was based on virtual keyboards that were supposed to be immune to logging. They became standard to all banks in Brazil, and many run in Java

  5. Raising the bar: • Java can be easily decompiled Base 64 Encoded Gifs

  6. Raising the bar: • Java can be easily decompiled Huh?? Embedded CPU and Disk binary on Java data => Host code? identification (more on that later...)

  7. M iscreants are hard to beat: • Click logging start to kick in malware, it ’s rudimentary but effective … … the hard work is to assemble all the clicks …

  8. M iscreants are hard to beat: • Click logging start to kick in malware, it ’s rudimentary but effective … Information can only be retrieved by a real person: 4/ 8 1/ 7 4/ 8 4/ 8 1/ 7 4/ 8 <ok>

  9. Raising the bar: • Second step used were to use two-way authentication with tan-code cards • We call those “battleship” cards • People carry them on wallets and even take pictures with cell phones  not very safe • And miscreants love those …

  10. M iscreants are hard to beat: • Two way authentication with 70 entries, miscreants make you fill ALL positions  before you can access the fake bank page  … and people have time and patience to do that …

  11. Raising the bar: • Browser plugins (g-buster)

  12. Raising the bar: • Browser plugins (g-buster) “Infect ” the machine before the miscreants do. G-buster monitors system for suspicious activity and reports back to the bank security team.

  13. M iscreants are hard to beat: removing g-buster with Avenger tool Thanks to Kaspersky

  14. M iscreants are hard to beat: trading remover tools g-buster If you have a g-buster killer or remover I will buy it or trade

  15. Raising the bar: Tokens • Tokens with timed password (few banks use those – only two?) • expensive • hard to maintain (helpdesk services) • users keep loosing, destroying, so on … • Tokens with digital certificates • not very used • user must buy one himself • uses Brazilian government PKI infrastructure (ICP-Brasil) • A3 certificates (hardware based)

  16. Raising the bar: • It started a new malware business - man in the “net ” attack User get infected M iscreant wait until his M iscreant collect application play a song – we M alware check with database username/ password and have a bank http request server – we have a new one! access the bank M iscreant receive the token Done! M iscreant send a T oken T oken is sent to database New song is played request to User

  17. Slide removed from original presentation

  18. Slide removed from original presentation

  19. M iscreants are hard to beat: Tokens pop-up

  20. Raising the bar: Computer registration • Bank of Brazil “computer registration” used to be like M icrosoft WGA • if you change your HD or video card you need to register it again • if you make a new install you need to register it again • this was very effective for a short period of time …

  21. M iscreants are hard to beat: computer registration … so M iscreants started to clone all information they need to defeat this …

  22. Raising the bar: SM S message for transaction commit • Internet banking software send an SM S with a transaction validation to a pre- recorded cell phone number • User must type SM S code to continue • Used also to validate a new computer for the user • Cheap way to have a “token” • M ay be subject to SM S network congestion (bigger timeouts?)

  23. M iscreants are hard to beat: Cell phone cloning by harvesting passwords of carrier websites • Carrier stores use the Internet for registering new cell phones • Store workers get bored and click on stuff they receive by email  • With access, miscreants can “clone” cell phones and obtain SM S transaction codes

  24. M iscreants are hard to beat: Cell phone cloning by harvesting passwords of operator software M alware source (found on Google  ) Uses DELPHI language Cell phone carriers

  25. M iscreants are hard to beat: Cell phone cloning by harvesting passwords of operator software “advanced” crypto

  26. Raising the bar: Cellular registration – NEW • This is new in the Brazilian Banking economy • Cell phone is a commodity – we have 180 million x 200 million population • Cost is transferred to end user – you use your phone • Different architecture – less malware (for now) • Have some issues – dead battery – no signal (inside a bunker) – network congestion (mia sms) • M obile will be the new desktop – FACT • M iscreants will target cell phones / technology / carriers • Y ou will be kidnapped with your phone 

  27. M iscreants are hard to beat: ATM skimmers are always present Picture removed from original presentation

  28. M iscreants are hard to beat: .pac files to change proxy configuration … and the winner is … M iscreants, since this .pac file is online for more than two months … Sorry guys but #FAIL

  29. M iscreants are hard to beat: hosts manipulation are common This hosts file has ‘only’ 422 entries 

  30. Defacing is still not a crime  in Brazil Picture removed from original presentation

  31. M iscreants at large: Vídeo

  32. What ’s next? What ’s the next move? What ’s the solution? Please THIS IS a JOKE: This is NOT a JOKE: M iscreants will compromise WIFI routers to route traffic … or any other kind of home user equipment to make this …

  33. Latest police operations on bank fraud • Operação espelho – 04/ 16/ 2009 • 10 search warrants on 4 states • Credit card cloning (goat sucker) and cash withdrawal fraud • Inside job – miscreants infiltrated inside a government bank • Operação trilha – 05/ 28/ 2009 • Greatest police operation on Internet bank fraud so far • 136 search warrants on 13 states • M ultiple frauds – Trojans spread by email and cameras on ATM machines • Pictures of the miscreants (one was arrested on the US)

  34. Latest police operations on bank fraud • Operação Nômade – 06/ 04/ 2009 • 20 criminals arrested • Goat suckers used for cloning of the magnetic strip of cards • Fake credit card billing machines for storing card information • Operation name (nomad) came from constant address changes from miscreants • Operação Contrafação – 06/ 04/ 2009 • 4 criminals arrested • M ultiple operations – document forgery, credit card cloning and Internet fraud • Fake IDs, credit cards and computer software (trojans) found • Operação Clonagem – 09/ 16/ 2009 • Bank card cloning • Electronic devices for card cloning found with the criminals • Also R$ 4.000,00 in CASH 

  35. Latest police operations on bank fraud • Operação Ícaro – 03/ 04/ 2010 • 4 states involved • Credit card cloning • Criminals used the cards to purchase products on the Internet, specially plane tickets • Use of social engineering – calling victims home to get card information • Selling of credit card numbers – from R$ 3,00 to R$ 150,00 depending on the limit • Operação Neverland – 05/ 03/ 2010 • Harvesting of bank passwords using trojans • Payment of bills using these passwords • This operation was a result of the “tentáculos” project • The leader of the group had a nickname of “M ichael Jackson”  • R$ 700.000,00 on financial loss

  36. Latest police operations on bank fraud • Operação RAS TRO – 05/ 28/ 2010 • Credit card cloning • 1.500 cards found with the criminals • Greatest card seizure EVER from the Federal Police • M oney laundry – criminals buy stuff with cards and sells them with lower price • Group leader used the cards to buy construction materials for him to build his house  • Gang acquired R$ 1.500.000,00 on stuff • This picture is not his house 

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

PHISHI PHISHING NG AWARENESS AWARENESS Feedback on a banks strategy PTS 2019 TABLE OF

PHISHI PHISHING NG AWARENESS AWARENESS Feedback on a banks strategy PTS 2019 TABLE OF

0 2 . 0 7 . 2 0 1 9 T L P : W H I T E P A S S T H E S A L T PHISHI PHISHING NG AWARENESS AWARENESS Feedback on a banks strategy PTS 2019 TABLE OF CONTENT 1. PRESENTATION 2. SWORDPHISH GENESIS 3. TOOL OVERVIEW 4. USAGE AT SOCIT

296 views • 28 slides
The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing In a Nutshell 2. Phishing Types &amp; Techniques 3. Phishing Stats &amp; Modern Trends 4. Case-Study 5. Stay Safe 2 Speaker ABOUT ME

478 views • 24 slides
Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing sensitive information such as passwords, usernames, and credit card details for malicious reasons. Phishing can be in the form of emails, social

530 views • 20 slides
Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

School of Fin ine Arts Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the attempt to obtain personal information such as passwords and logins for malicious purposes. By appearing to be legitimate the

255 views • 13 slides
VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

THE STATE OF PHISHING ATTACK VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of Phishing Counter Measures Reports on Phishing Isaac K. Acheampong Facilities Manager BSc IT, Dip. IT, Sec+ STATE OF

711 views • 34 slides
Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing? Phishing email messages, websites, and phone calls are designed to steal money or sensitive information. Cybercriminals can do this by installing

264 views • 24 slides
PHISHING IN DEPTH (ATTACKS &amp; MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing

PHISHING IN DEPTH (ATTACKS &amp; MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing

PHISHING IN DEPTH (ATTACKS &amp; MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing 3.0 Phishing kit 4.0 Types of Phishing 5.0 Avoidance Techniques 6.0 Effect of Phishing on Businesses 7.0 Demos &amp; Practical INTRODUCTION

565 views • 27 slides
Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring:

Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring:

Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring: What is phishing? How phishing can damage a business What are the difgerent types of phishing? How to spot a phishing email What to do if

159 views • 12 slides
of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results

of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results

PhishEye: Xiao Han Nizar Kheir Live Monitoring Davide Balzarotti of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results [APWG Phishing Activity Trends Report 2 nd Quarter 2016] All time high record

921 views • 59 slides
Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing

Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing

Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing 2. Strategic defense techniques 3. A new client based solution: DOMAntiPhish 4. Conclusions Nature of Phishing Statistics from the Anti

536 views • 31 slides
Brazilian Pharmacopoeia: vision and expectations for cooperation and convergence Brazilian

Brazilian Pharmacopoeia: vision and expectations for cooperation and convergence Brazilian

Brazilian Pharmacopoeia: vision and expectations for cooperation and convergence Brazilian Pharmacopoeia Coordination Brazilian Health Regulatory Agency ANVISA Arthur Leonardo Lopes da Silva Feb/2020 The views expressed herein are those of

555 views • 16 slides
Ne Needle in a Haystack: : Tracking Do Down Elite Ph Phishing g Dom Domains in the Wild Ke

Ne Needle in a Haystack: : Tracking Do Down Elite Ph Phishing g Dom Domains in the Wild Ke

Ne Needle in a Haystack: : Tracking Do Down Elite Ph Phishing g Dom Domains in the Wild Ke Tian, Steve T.K. Jan , Hang Hu, Danfeng Yao, Gang Wang Computer Science, Virginia Tech Phishing is a Big Th Threat Phishing: fraudulent attempt

411 views • 30 slides
Dont Take The Bait: How To Stay Safe From Phishing Goals After this section, youll be able

Dont Take The Bait: How To Stay Safe From Phishing Goals After this section, youll be able

Dont Take The Bait: How To Stay Safe From Phishing Goals After this section, youll be able to: Define phishing Identify signs of a potential phishing email Know where to report phishing emails to and how to report them

168 views • 15 slides
Fraud and Phishing Scam Response Arrangements in Brazil Marcelo H. P . C. Chaves mhp@cert.br

Fraud and Phishing Scam Response Arrangements in Brazil Marcelo H. P . C. Chaves mhp@cert.br

Fraud and Phishing Scam Response Arrangements in Brazil Marcelo H. P . C. Chaves mhp@cert.br Computer Emergency Response Team Brazil CERT.br http://www.cert.br/ Brazilian Internet Steering Committee http://www.cgi.br/ October 2005 FIRST

443 views • 25 slides
Phishing By: Joanna Georgiou Dhamija, R., Tygar, J. D., &amp; Hearst, M. (2006, April 22). Why

Phishing By: Joanna Georgiou Dhamija, R., Tygar, J. D., &amp; Hearst, M. (2006, April 22). Why

Phishing By: Joanna Georgiou Dhamija, R., Tygar, J. D., &amp; Hearst, M. (2006, April 22). Why Phishing Works. Gelernter, N., Kalma, S., Magnezi, B., &amp; Porcilan, H. (2017). The Password Reset MitM Attack. What is Phishing? Dhamija, R.,

528 views • 50 slides
Federal Information Systems Security Education Association Spear Phishing Agenda Definition

Federal Information Systems Security Education Association Spear Phishing Agenda Definition

Federal Information Systems Security Education Association Spear Phishing Agenda Definition of spear phishing Why is spear phishing so valuable to attackers Spear phishing defenses / countermeasures Training concepts and delivery

434 views • 8 slides
LIFE LIFE STEM Future of Future of CELLS, CLONING How- -to 2 to 2 How SYSTEMS 3 D

LIFE LIFE STEM Future of Future of CELLS, CLONING How- -to 2 to 2 How SYSTEMS 3 D

LIFE LIFE STEM Future of Future of CELLS, CLONING How- -to 2 to 2 How SYSTEMS 3 D PROBLEMS PROBLEMS STRUCTURE CANCER NERVOUS FORMATION FORMATION VIRUSES C E L L SYSTEMS SYSTEMS T Y P E How- -to 1 to 1 How REC. DNA

189 views • 15 slides
Part II: Timing Closure Today Lou Scheffer Lou Scheffer Cadence Cadence San Jose, CA San

Part II: Timing Closure Today Lou Scheffer Lou Scheffer Cadence Cadence San Jose, CA San

Part II: Timing Closure Today Lou Scheffer Lou Scheffer Cadence Cadence San Jose, CA San Jose, CA Lou@cadence.com Lou@cadence.com ASP-DAC'01 Lou Scheffer 1 Timing Closure Today Design Entry Timing more accurate as flow progresses

1.37k views • 91 slides
Roma Caput Mundi Giovanni Viviani Timeline Founding of Rome 753 BC Capitoline Wolf

Roma Caput Mundi Giovanni Viviani Timeline Founding of Rome 753 BC Capitoline Wolf

Roma Caput Mundi Giovanni Viviani Timeline Founding of Rome 753 BC Capitoline Wolf Romulus/Remus Regnum Romanorum Roman Kingdom Roman Kings Romulus - 36 Years Foundation of Rome Rape of the Sabine Women Creation of the

522 views • 25 slides
ZOOLOGY SLIDE SETS Cat #: CH-ZO1 - ZOOLOGY - PORIFERA, COELENTERATA AND ECHINODERMATA SLIDE SET -

ZOOLOGY SLIDE SETS Cat #: CH-ZO1 - ZOOLOGY - PORIFERA, COELENTERATA AND ECHINODERMATA SLIDE SET -

ZOOLOGY SLIDE SETS Cat #: CH-ZO1 - ZOOLOGY - PORIFERA, COELENTERATA AND ECHINODERMATA SLIDE SET - 28 slides 1 - Freshwater spongia w.m. 23 - 8-cell stage of egg of Sea urchin w.m. 2 - Spincule of Spongia (calcium) w.m. 24 - 16-cell stage of egg

90 views • 7 slides
Modular Internet Programming with Cells Ran Rinat Scott Smith http://www.jcells.org

Modular Internet Programming with Cells Ran Rinat Scott Smith http://www.jcells.org

Modular Internet Programming with Cells Ran Rinat Scott Smith http://www.jcells.org Motivations Persistent language-level network connections Tightly coupled Internet protocols keep a persistent socket connection; no language-layer

319 views • 28 slides
Femtocells: a Poisonous Needle in the Operator's Hay Stack . Ravishankar Borgaonkar, Nico Golde,

Femtocells: a Poisonous Needle in the Operator's Hay Stack . Ravishankar Borgaonkar, Nico Golde,

. Femtocells: a Poisonous Needle in the Operator's Hay Stack . Ravishankar Borgaonkar, Nico Golde, Kvin Redon T echnische Universitt Berlin, Security in T elecommunications femtocell@sec.t-labs.tu-berlin.de Black Hat 2011, Las Vegas,

954 views • 76 slides
Imitation Learning Spring 2019, CMU 10-403 Katerina Fragkiadaki Reinforcement learning Agent

Imitation Learning Spring 2019, CMU 10-403 Katerina Fragkiadaki Reinforcement learning Agent

Carnegie Mellon School of Computer Science Deep Reinforcement Learning and Control Imitation Learning Spring 2019, CMU 10-403 Katerina Fragkiadaki Reinforcement learning Agent state reward action S t R t A t R t+ 1 Environment S t+ 1

1.07k views • 52 slides
Argumentative Writing Support: Structure Identification and Quality Assessment of Arguments

Argumentative Writing Support: Structure Identification and Quality Assessment of Arguments

Argumentative Writing Support: Structure Identification and Quality Assessment of Arguments Dagstuhl Seminar: Natural Language Argumentation: Mining, Processing, and Reasoning over Textual Arguments Christian Stab Iryna Gurevych Ubiquitous

918 views • 26 slides

More recommend