Presentation is loading. Please wait.

Presentation is loading. Please wait.

EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group.

Similar presentations


Presentation on theme: "EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group."— Presentation transcript:

1 EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group

2 Scope Cybercrime explained Key implications for financial services A short Cyber Security overview Conclusions Q&A

3 Risk in one simple image Threat factors Threat agents Vulnerabilities Exploit Controls Designed to correct Risks Lead to Assets Impact so as to reduce and protect

4 Cybercrime is …committed via the Internet when… 1 …the target is digital material on a connected device, or… 2 …the aim is to disrupt systems or services. 3

5 Cyber threats 1980 1985 1990 1995 2000 2005 2010 PC viruses Key- loggers Worm Rootkits MSDOS virus Spy ware Phishing DoS DDoS Spam Session hijack SQL Worm Large Botnet Email virus SQL injection XSS virus Cloud attack Cyber weapon Malnet The 1980s threats are still challenges today, but attackers sophistication is increasing APT War dialling Digit grabbers Man-in- middle

6 Threat actors Hackers Malware developers Anarchists Negligent employees Spies Fraudsters and organised criminals Plus many others…

7 Cybercrime is evolving From one-to-one Through one-to-many To many-to-one Plus hybrid, multi-stage attacks

8 Attacker exfiltrates empty directories Victim removes data from known compromised systems Victim removes malware Case study: attack timeline Day 1 Day 32 Day 34 Day 37 Day 38 Day 39 Day 41 Attacker installs malware on target machines & creates backdoor Attacker installs new malware via backdoor Attacker pushes Day 1 malware to new systems Attacker pushes Day 34 malware to new systems Source: Mandiant

9 Malware is a key vector Attacker Infected Website User User action required Automatically

10 1980 1985 1990 1995 2000 2005 2010 PC viruses Key- loggers Worm Rootkits MSDOS virus Spy ware Phishing DoS DDoS Spam Session hijack SQL Worm Large Botnet Email virus SQL injection XSS virus Man-in- middle Cyber weapon APT War dialling Digit grabbers Cloud attack Malnet Selected examples

11 1980 1985 1990 1995 2000 2005 2010 Rootkits PC viruses Key- loggers Worm MSDOS virus Spy ware Phishing DoS DDoS Spam Session hijack SQL Worm Large Botnet Email virus SQL injection XSS virus Cloud attack Cyber weapon Malnet APT War dialling Digit grabbers Man-in- middle

12 Rootkits Applications (Word, Outlook, Explorer, games etc.) Data (Docs, contacts, saved game files...) Operating System (Windows, Mac OS...) Rootkits attack the lowest level of the operating system so that they execute on start up and avoid detection.

13 DOGMA Millions Rootkit Offers payment to partners who download their App. Similar model to Google toolbar etc. Then offers crime-as-a- service. User $ $ $ dogmamillions.com

14 1980 1985 1990 1995 2000 2005 2010 Spyware PC viruses Key- loggers Worm Rootkit MSDOS virus Spy ware Phishing DoS DDoS Spam Session hijack SQL Worm Large Botnet Email virus SQL injection XSS virus Cloud attack Cyber weapon Malnet APT War dialling Digit grabbers Man-in- middle

15 Spyware Sits on infected device and captures: –Passwords and usernames –Visited URLs –Keystrokes –Credit card and bank details –Other personal data May also change device settings Can turn off Firewall and Anti-virus

16 Keylogger software http://www.relytec.com/ This particular Keylogger needs to be installed directly on the target machine

17 SerialGhost key logger

18 KeyGrabber hardware

19 Pwn Plug hacking tool Network hacking toolkit With inbuilt WiFi Remote command and control Would your users or security staff remove this if they saw it?

20 1980 1985 1990 1995 2000 2005 2010 DDoS PC viruses Key- loggers Worm Rootkit MSDOS virus DDoS Phishing Spyware DoS Spam Session hijack SQL Worm Large Botnet Email virus SQL injection XSS virus Cloud attack Cyber weapon Malnet APT War dialling Digit grabbers Man-in- middle

21 Flooding example 2. Targeted device responds & assigns capacity to deal with the expected traffic SYN Packet SYN-ACK Packet Final ACK Packet X 3. Final ACK Packet is not sent and process is repeated in high volume, flooding the target with incomplete requests. 1. Attacker sends communication requests 1 2 3

22 Distributed denial of service Botnet Herder or Agitator Infected network of Bot machines or volunteers Target(s) Command & Control Multiple attacks 1 3 2

23 The Low Orbit Ion Cannon The Low Orbit Ion Cannon is an open source application designed to launch what is known as a denial of service attack. It does this by flooding a target server with messages. The Met Police report 34,000 UK downloads in only 3 days during the 2012 attacks on the US financial services sector and videos can be found on YouTube that provide lessons in how to use the tool.YouTube

24 1980 1985 1990 1995 2000 2005 2010 The 1980s threats are still challenges today, but attackers sophistication is increasing Code Injection PC viruses Key- loggers Worm Rootkit MSDOS virus Spy ware Phishing DoS DDoS Spam Session hijack SQL Worm Large Botnet Email virus SQL injection XSS virus Cloud attack Cyber weapon Malnet APT War dialling Digit grabbers Man-in- middle

25 Injection - extraction Attacker Vulnerable Web server exploited Insecure web form (e.g.) SQL Commands injected via the form Password or PCI databases compromised SQL Commands Stolen data extracted 12 3 4 5

26 Code injection example Over several months in early 2011 hackers: –executed a series of successful SQL Code Injection attacks against the servers of Sony Online Entertainment (SOE) –reportedly exposed the personal data of 100m SOE customers –Cost SOE $178 million in the process (mainly lost business through downtime)

27 1980 1985 1990 1995 2000 2005 2010 The 1980s threats are still challenges today, but attackers sophistication is increasing Man-in-the-Middle PC viruses Key- loggers Worm Rootkit MSDOS virus Spy ware Phishing DoS DDoS Spam Session hijack SQL Worm Large Botnet Email virus SQL injection XSS virus Cloud attack Cyber weapon Malnet APT War dialling Digit grabbers Man-in- middle

28 Definition 1 You wish to send me a message You Me

29 Definition 1 You Me 2 John manages to convince you that he is actually me… He also convinces me that he is actually you. You Me John

30 Definition 1 You Me 2 You Me John 3 You now innocently send your message to John, thinking he is me. John takes a copy or alters the message and then sends it on to me. John is the man-in-the- middle. You Me John

31 Man-in-the-Middle http://hakshop.myshopify.com/products/wifi-pineapple The equipment to attack Wireless (WiFi) networks can be purchased online

32 1980 1985 1990 1995 2000 2005 2010 The 1980s threats are still challenges today, but attackers sophistication is increasing Cyber Weapons PC viruses Key- loggers Worm Rootkit MSDOS virus Spy ware Phishing DoS DDoS Spam Session hijack SQL Worm Large Botnet Email virus SQL injection XSS virus Cloud attack Cyber weapon Malnet APT War dialling Digit grabbers Man-in- middle

33 Cyber weapon examples Flame & Stuxnet: –Adapted to attack Irans nuclear programme –Flame designed to collect target data –Stuxnet designed to attack SCADA systems Shamoon (2012) –Attacked PCs on Saudi Aramco network –30,000 PCs had to be written off The Low Orbit Ion Cannon…

34 Drop, Report & Wipe 1.The malware is dropped onto the target machine 2.The malware executes its payload and the extracted data is sent to the attacker 3.The eventually wipes itself off the machine, hiding the evidence of its activities Wipe (may persist for an extended period before wiping) Report 1 3 2 Drop

35 Common APT vectors Advanced Persistent Threats: –Internet-based malware infection –Physical malware infection –External exploitation/hacking Internet Malware Infections Drive-by downloads Email attachments File sharing Pirated software DNS routing mods Physical Malware Infections Infected USB sticks Infected DVDs or CDs Infected memory cards Infected appliances Back-doored IT equipment External exploitation Professional hacking Co-location host exploits Cloud provider penetration WiFi penetration Device attacks

36 Trusted connections Insider Threats Rogue employee Malicious sub-contractor Social engineering Funded placement Criminal break-in Walk in Trusted connections Stolen VPN credentials Partner system breaches External hosting breaches Grey market equipment

37 1980 1985 1990 1995 2000 2005 2010 The 1980s threats are still challenges today, but attackers sophistication is increasing Malnets PC viruses Key- loggers Worm Rootkit MSDOS virus Spy ware Phishing DoS DDoS Spam Session hijack SQL Worm Large Botnet Email virus SQL injection XSS virus Cloud attack Cyber weapon Malnet APT War dialling Digit grabbers Man-in- middle

38 Simple Malnet Malicious server Infected site Innocent users Innocent user Innocent users Infected site

39 Real Malnets A Malnet is comprised of unique domains, servers and websites working together to funnel users to the Malware payload. This visual map, produced by Blue Coat, shows the relationships between trusted sites, relays and exploit servers to which users are directed.Blue Coat

40 The Blackhole Exploit Kit Currently the most prevalent web threat (Q3 2012 28% of all web threats detected by Sophos and 91% by AVG are due to Blackhole Delivers a malicious payload to a victim's computer Suspected creators are Russian hackers named "HodLuM" and "Paunch"

41 How Blackhole works Attacker buys the kit & specifies the attack options. Victim: –Loads a compromised web page or; –Opens a malicious link in a spammed email Malformed page or email sends user to a Blackhole landing page. Landing page contains code that determines what is on the victim's computers and loads all exploits to which it is vulnerable.

42 Key implications for Firms Data integrity and compliance: –Data protection –PCI –Corporate data Fraud & other financial risks Reputation & public trust Legal liability Operational sustainability

43 Key controls The perimeter: –Firewalls –Intrusion detection –Antivirus Cloud and Social Media security Device security and BYOD management Data classification & encryption User awareness

44 Conclusion Threat factors Threat agents Vulnerabilities ControlsRisks Assets User awareness is the most important governing factor at all points in the chain of cause and effect.

45 Q&A www.trmg.biz info@trmg.biz

46 The CISI would like to thank Mark Johnson, Chairman, The Risk Management Group

47 Enjoy this event? Then why not attend one of our short courses Building a Client-Focussed Professional Service for the New World London 29 January 2013 Anti Money Laundering & Terrorist Financing Introductory Workshop London 31 January 2013 Manchester 5 February 2013 www.cisi.org/courses


Download ppt "EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group."

Similar presentations


Ads by Google