Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2012 Trusteer Confidential 1 No Silver Bullet How Malware Defeats Security Measures and What You Can Do About it Ziv Cohen – Director, EMEA April 2012.

Similar presentations


Presentation on theme: "© 2012 Trusteer Confidential 1 No Silver Bullet How Malware Defeats Security Measures and What You Can Do About it Ziv Cohen – Director, EMEA April 2012."— Presentation transcript:

1 © 2012 Trusteer Confidential 1 No Silver Bullet How Malware Defeats Security Measures and What You Can Do About it Ziv Cohen – Director, EMEA April 2012

2 © 2012 Trusteer Confidential 2 Malware incidents increased more than 30% between 2008 and 2011, causing significant damage 54 million U.S. adults said they had incidents of malware on their desktops in 2011 Malware Attacks Are on the Rise Research - Use a Layered Security Approach to Combat Phishing and Malware-Based Attacks Published: 26 March 2012

3 © 2012 Trusteer Confidential 3 Online Banking Fraud is Happening Online Banking Fraud Losses Estimated at 1B$ in US and Europe

4 © 2012 Trusteer Confidential 4 My banking needs are being met without mobile banking Im concerned about the security of mobile banking I don't trust the technology to properly process my banking transaction The cost of data access on my wireless plan is too high It is too difficult to see on my mobile phones screen Other Its difficult or time consuming to set up mobile banking I dont have a banking account with which to use mobile banking It is not offered by my bank or credit union My bank charges a fee for using mobile banking Refuse to answer What are the main reasons you have decided not to use mobile banking? New Online Banking Services Adoption Hindered by Security Concerns Federal Survey - Consumers and Mobile Financial Services March 2012

5 © 2012 Trusteer Confidential 5 © 2010 Trusteer Confidential The Cost of Advanced Malware Attack of CIOs report malware related internal breaches 40% 2010 Deloitte-NASCIO Cyber Security Study of data breaches incorporated malware 49% Verizon 2010 Data Breach Report companies attacked with the same resources as RSA 760 Almost 20% of the Fortune 100 are on this list. Krebsonsecuirty.com, Who else was hit by RSA Attackers? 5

6 © 2012 Trusteer Confidential 6 The end point is the weak link Sensitive Data and Apps End Point User Cyber Criminals Difficult Easy 6

7 © 2012 Trusteer Confidential 7 Human and Automated Credentials theft, Web injection, Social engineering System exploit, Malicious Code install Phishing, Drive-by-Download Anatomy of Malware attack User Target Attack Launch Malware Infection Execute Fraud / Information Theft

8 © 2012 Trusteer Confidential 8 Attack Setup, Execute Fraud: Man-in-the-Browser, Web Injection PII Theft Login: Password: **** Credentials Theft Social Engineering

9 © 2012 Trusteer Confidential 9 User Access site 1 1 FraudsterEnters conformation code and redirects all future bank SMS/Calls to 1800ToFraud 5 5 Malware Inform user that the bank has issued a FREE SIM CARD for security reasons, user enters code to accept offer ` 4 4 Bank Sends a confirmation SMS to previous phone, with code and new phone number Confirmation Code: 1234 For number 1800ToFraud 3 3 Malware Update users phone number 1800TrueNum 1800ToFraud 2 2 Keeping Banks In the Dark - Change Phone

10 © 2012 Trusteer Confidential 10 Confirmation s - Hidden Malware Transfer Money 1 1 Bank Sends Confirmation 2 2 if( document.getElementById("datatable").rows[i].innerHTML.indexOf( "Faster Payment Confirmation" ) != -1 || document.getElementById("datatable").rows[i].innerHTML.indexOf( "Payment Created" ) ) { //Faster Payment Confirmation | Payment Created document.getElementById("datatable").rows[i].style.display = "none"; } if( document.getElementById("datatable").rows[i].innerHTML.indexOf( "Faster Payment Confirmation" ) != -1 || document.getElementById("datatable").rows[i].innerHTML.indexOf( "Payment Created" ) ) { //Faster Payment Confirmation | Payment Created document.getElementById("datatable").rows[i].style.display = "none"; } Zeus code for hiding s Malware Hide Confirmation 3 3

11 © 2012 Trusteer Confidential 11 Keeping Banks In the Dark - DDoS After the accounts are compromised, the perpetrators conduct a Distributed Denial of Service (DDoS) attack on the financial institution FBI warning about Banking Trojan GAMEOVER

12 © 2012 Trusteer Confidential 12 Facebook/Ukash – Cross Channel Attack To confirm verification you have to enter 20 euro UKash voucher. Ukash vouchers are sold by UKash.com website and Ukash.com is not affiliated with Facebook company. 20 euro will be added to your Facebook main account balance. This verification is used to confirm your age and country of origin. The UKash Voucher consists of 19 numbers and face value (sum), begins on 633. For example

13 © 2012 Trusteer Confidential 13 Malware Command & Control 5 5 SMS with link to Mobile malware (install new certificate) SMS with link to Mobile malware (install new certificate) 3 3 MITMO/ZITMO Legitimate Website User Accesses Site 1 1 Malware transfers funds (PC is proxy) 5 5 Malware forwards approval SMS 7 7 Download Malware 4 4 Transaction approved using stolen SMS 8 8 Please provide your mobile phone number 2 2 Transaction Approval SMS Transaction Approval SMS 6 6

14 © 2012 Trusteer Confidential 14 FFIEC Recognizes Malware as the Root Cause of Most Cybercrime Activities Controls implemented in conformance with the Guidance several years ago have become less effective.. Malware can compromise some of the most robust online authentication techniques

15 © 2012 Trusteer Confidential 15 The Challenge: No Silver Bullet Device Identification Challenge Questions Malware OTP Devices Man in the Browser, Real Time Phishing Transaction Verification Man in the Mobile Transaction Signing Social Engineering Malware Virtual Browser on Stick Memory Injection Malware Clickstream Detection Malware adopts Human-like behavior x Bypassed

16 © 2012 Trusteer Confidential 16 Intelligent, Adaptive, Automated Threat Intelligence Adaptive Protection Sustainable Cybercrime Prevention 16

17 © 2012 Trusteer Confidential 17 Trusteer: What it does? Crime Logic (100s) Crime Logic vs. Files and Signatures ExploitInfectHookInjectAccessTheft Anti-Virus Legacy: What it is? Files and Signatures ( s) ?? Threat IntelligenceAdaptive Protection

18 © 2012 Trusteer Confidential 18 First to Discover New Forms of Malware Tens of Millions of Endpoints Endpoints Detect and stop Crime Logic Sunspot Shylock Torpig v2 OddJob Ramnit goes financial SpitMo for Android Threat IntelligenceAdaptive Protection

19 © 2012 Trusteer Confidential 19 Ready, Before the Threat Reaches You Tens of Millions of Endpoints Endpoints Detect and stop Crime Logic SunspotShylockTorpig v2 OddJob SpitMo for Android Ramint goes financial Threat IntelligenceAdaptive Protection

20 © 2012 Trusteer Confidential 20 Process, People, Products Online Threats Adaptive Protection Cybercrime Intelligence Analytics & Management Crime Logic Risk Assessment Fraud AlertCrime Logic Trusteer Intelligence Center Corp Known crime logic Unknown crime logic Threat IntelligenceAdaptive Protection

21 © 2012 Trusteer Confidential 21 Trusteer Cybercrime Prevention Architecture: Industry leading solution for Online Cybercrime Activities Stop and remove financial malware, phishing Protect against mobile malware, high risk devices Detect malware- infected users, devices Detect and Stop real-time phishing Trusteer Rapport for PC/Mac Trusteer Rapport for Mobile Trusteer Pinpoint for Malware Detection Trusteer Pinpoint for Phishing Detection Less Cost, Less Complexity Intelligence- based risk assessment Multi-layer protection against malware No malware = Transaction anomaly prevention

22 © 2012 Trusteer Confidential 22 © 2012 Trusteer Confidential Thank You


Download ppt "© 2012 Trusteer Confidential 1 No Silver Bullet How Malware Defeats Security Measures and What You Can Do About it Ziv Cohen – Director, EMEA April 2012."

Similar presentations


Ads by Google