Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protecting Against Online Fraud F5 SIT Forum

Published bySilvester Ethelbert Barrett Modified over 8 years ago

Similar presentations

Presentation on theme: "Protecting Against Online Fraud F5 SIT Forum"— Presentation transcript:

1 Protecting Against Online Fraud F5 SIT Forum
Laurent BOUTET FSE France

2 Everything Evolves Application Security Anti-Fraud, Anti-Malware,
Anti-Phishing Network Firewall Access Control DDoS Protection SSL DNS Security 3 evolves, SSL heartbleed, user interact with application : asm, dns security digging into dns protocol and vuln mitm spoof could be exploit by malware ?, malware infiltrate user

3 Fraud and Malware Remains a Challenge
Malware/Fraud Statistics 15% increase in malware - McAfee threat report 2013 196 Million Unique malware samples in 2013 70% of malware targeting financial services companies Phishing Attacks 37.3 million users around the world were subjected to phishing attacks 72,758 unique phishing attacks recorded in 1st half (worldwide) Mobile Malware 22,750 new modifications of malicious programs target mobile devices throughout the year 99% of newly discovered mobile malware attacks target Android devices Reason : money, customer account, but more and more corporate doing corporate transaction Phising : cheap and easy to do 1,000,000 U.S. computers hit by banking trojan malware - Symantec report, “The State of Financial Trojans: 2013,” “In 2012, more than 40 million Windows systems were infected with malware” – Microsoft (from Five Habits Of Highly Successful Malware: Scanners only detect up to 25% of real-world malware, , and only caught 40% of malicious downloads. - Google (from Five Habits Of Highly Successful Malware: Symantec State of financial Trojan landscape December 2013 Sources for phishing attacks stats | source for phishing attacks stats. Pace of mobile malware increasing - 22,750 new modifications of malicious programs targeting mobile devices detected by Kaspersky labs 99% of newly discovered mobile malware attacks Android devices – Kapersky Security Bulletin 2012 33% increase in Android malware samples during the second half of Mc Afee 0.9% of total online revenue is loss to fraud (Cybersource, 2012) 2%-6% of banking customers are infected with financial malware (Gartner, MQ for web a.fraud, May 2012) Data sources include Symantec, Microsoft, Kaspersky, McAfee, DarkReading, Gartner, and Cybersource

4 Malware Threat Landscape – Growth and Targets
25 Total Malware Samples in the McAfee Labs Database % of real-world malware is caught by anti-virus 50 % of malware code is logic to bypass defenses 79 % existing malware strains are Trojans Reinventing themselves : polymorphisme 1) Only 25% of real-world malware is caught by anti-viruses – Google Research (from Five Habits Of Highly Successful Malware: 2) More than half of malware code is to bypass defenses and evade detection. – Palo Alto Analyst (from Five Habits Of Highly Successful Malware: 3) 79% of all malware sampled are Trojans – PandaLabs Q1 Report ( 4) 82% of malware is reported to an institution by a customer. - ISMG’s 2012 Fraud Survey ( Monetization of malware – sale off source code – banking trojen, web exploit kits 82 % of institutions learned about fraud incidents from their customers Data sources: Dark Reading, PandaLabs, and ISMG

5 The Increasing Complexity of Securing Users to Apps
issue : complexity, need user interaction, app hosted every where, saas, Cloud, sdn, saas apps – salesforce, concur, complexiity : how application interact together application himself, techno evolving, websockets, http 2.0 (november) security illusion with ssl cross origin resource sharing : CORS multiprotocol TCP

6 (complexity of apps) Cloud, sdn, saas apps – salesforce, concur, The way we as business extend our applications to customers

7 BotNets and Server Malware
Hackers and Hacktivism State sponsored espionage (complexity of securing users to apps) Blended attacks Traditional network devices are failing under load…

8 Traditional Malware Solutions Focus on the Enterprise
Rising Security Threats/Attacks Enterprise Copied Pages and Phishing Enterprise Anti-Malware Hacktivism Firewall Internet [Some protection] Malware DMZ Applications DMZ Database State Sponsored Attacks [Unprotected] Attacker

9 Securing Against Banking Fraud Can Be Complex
Ownership Customers expect the banks to secure against all forms of fraud regardless of devices used or actions taken Browser the weakest link Trojans, MitB attack the client browser or device where the bank has no security footprint Changing threats Increasing in complexity requiring full threat reconnaissance Attack visibility Often lacking details to truly track and identify attacks and their source Endless customer devices Desktop, laptop, tablet, phone, internet café, game consoles, smart TVs Compliance Ensuring compliance with regulations and FFIEC requirements As well as the technical challenges we have to consider the business requirements These challenges are prevalent but not exclusive to banking increasingly affect all verticals not only banking : ecommerce application , transaction human is the weaken link using http/https how implement our protection as close to the user/browser

10 Web Fraud Protection

11 Protecting Against Fraud, Phishing, and Malware
Site Visit Site Log In User Navigation Transactions Transaction Execution Device ID Generic malware detection Phishing and MitM detection Credential protection Targeted malware (injections) Behavioral and click analysis Automatic transaction Transaction integrity checks Customer fraud alerts Current protection (typical) in organizations we speak with provide security in each phase of a transaction process. (CLICK) Protections are focused on these areas. (click) With WebSafe and MobileSafe you can feel in the gaps where attackers target with malware. Transition to Mark/Scot for handoff on Implementation slide & demo Phishing Threats Credential Grabbing Malware Injections Transaction Manipulation Automatic Transactions

12 Anti-Fraud, Anti-Phishing, Anti-Malware Best practices for anti-fraud, -phishing, and -malware services Prevent Fraud Protect Online User On All Devices Full Transparency In Real Time Security Operations Center Targeted malware, MitB, zero-days, MitM, phishing automated transactions Clientless solution, enabling 100% coverage Application level encryption Desktop, tablets, and mobile devices No software or user involvement required Alerts and customisable rules 24x7 research, investigation, and site take-down …specifically securing online users against advanced fraud that may threaten accounts, transactions and funds in real time

13 Generic and Targeted Malware Detection
Identify compromised sessions, malicious scripts, phishing attacks, and malware Including MitM, MitB, Bots, and fraudulent transactions with real-time analysis Analyse browser for traces of common malware (Zeus, Citadel, Carberp, etc.) Detect browser redressing Perform checks on domain and other components --We have code that stimulate the malware to send us signals and identify itself -- Identifies changes to the way the page should have been displayed to the user (for example injections, pop-ups or new windows) we don t want to load /download and install anything (bdst practice) we want something clientless, send as part of the app redressing : click jacking signature is not enough/ behaviour

14 Advanced Application-Layer Encryption Secure the credentials and other valuable data submitted on webforms Encrypt any sensitive information at the message level Encrypt then submitt user credentials and information Decrypt data using web fraud protection solution Render intercepted information useless to MitM attacker silent malware, into the browser, using browser api once again we want something clientless, send as part of the app

15 Automatic Transaction Detection
Analyse the way users interact with browser Analyse the way users interact with website Conduct track site navigation Trigger alerts upon detecting non-human behavior My Bank.com Gather client details related to the transaction Run a series of checks to identify suspicious activity Assign risk score to transaction Send alert based on score Apply L7 encryption to all communications between client and server My Bank.com Visualization of user is interacting with the browser and a bOT -- typing -- Simulate detecting both cases

16 Advanced Phishing Attack Detection and Prevention Identify phishing threats early on and stop attacks before s are sent Alert of extensive site copying or scanning Alert on uploads to a hosting server or company Alert upon login and testing of phishing site Shut down identified phishing server sites during testing Capture user credentials 4. Test spoofed site 1. Copy website Web Application Internet 3. Upload copy to spoofed site Key part of our strategy Animate the attack Copy a website Put it some where else Test it Send an blast User starts using it. Alert on download of image Alert on upload to a hosting company User log in to the phishing website we get an alert with details Shut down phishing proxy before sent to victims The minute hacker starts to test we shut it down. Alert at each stage of phishing site development 2. Save copy to computer

17 Key Features of a Web Fraud Protection Solution
Provide transparent anti-fraud solution Simplify product rollout Protect users data in use Protect all customers on all devices clientless : we inject code as reverse proxy Ensures Regulatory Compliance Satisfies PCI-DSS Requirement 1.3.7 GLB ACT Consolidates infrastructure and maintenance costs Single integrated solution (BIG-IP, VIPRION, VE) vs. multi-box solutions Total cost of ownership savings between 29% - 72%, depending on service option selected, subscription length, and number of users Combine fraud detection and protection Ensure compliance Prevent phishing attacks

18 Security Operations Center
fraud analysis team

19 Security Operations Center (SOC)
Leverage a 24x7x365 fraud analysis team that extends your security team Research and investigate new global fraud technology and schemes Provide detailed incident reports Offer continuous web fraud component checks Send real-time alerts by phone, SMS, and Take down phishing sites and brand abuse sites

20 Cyber Intelligence Always on cyber research and analysis
Source information from a variety of resources Analyse malware files and research drop zones Provide quarterly dedicated reports Deliver the right information Identify attackers, command & control, drop zones, mule accounts, compromised users Identify social network scheming, sophisti- cated online fraud and brand abuse

21 Phishing Site Take-Down Service Quickly identify and shut down brand abuse websites
monitoring and response team Complete attack assessment and post-partum attack report Leverage relationships with ISPs, anti-phishing groups, and key international agencies Offer malicious site take-down in minimal time Provide recommendations for counter security measures

22 Key Benefits of Using a Security Operations Center
Provide 24x7 expert security watch Integrate with SIEM and risk management systems Turn on services immediately Only web gateway to secure against inbound and outbound malware Maps and tracks user identity to network addresses Fully tracks activity by user identity and their device Links user identity with endpoint integrity, assuring endpoint health prior to and after Web access One-stop for all access policy, inbound and outbound Reduces chances of human error Strengthens policies Reduces overhead Increases security posture Delivers consolidated policy views – both inbound and outbound Ensures Regulatory Compliance Satisfies PCI-DSS Requirement 1.3.7 GLB ACT Consolidates infrastructure and maintenance costs Single integrated solution (BIG-IP, VIPRION, VE) vs. multi-box solutions Total cost of ownership savings between 29% - 72%, depending on service option selected, subscription length, and number of users Offer immediate phishing site shutdown Provide up-to-date threat intelligence Reduce fraud loss

23 Example Architecture

24 Example of a Web Fraud Protection Architecture
Local alert server and/or SIEM Online Customers A Man-in-the- Browser Attacks Copied Pages and Phishing Web Fraud Protection Online Customers B Network Firewall Application C Security Operations Center Account Automated Transactions and Transaction integrity Amount Highlight the multi tenancy of the F5 SOC, webGUI, reports,… Referenz Architecture Fraud detection and protection components are stored and configured on BIG-IP Transfer Funds Online Customers Customer Scenarios Malware detection and protection Anti-phishing Transaction analysis A B C

25 Anti-Fraud, Anti-Phishing, Anti-Malware
Prevent Fraud Protect Online User On All Devices Full Transparency In Real Time Security Operations Center

26 Solutions for an Application World.

Download ppt "Protecting Against Online Fraud F5 SIT Forum"

Similar presentations

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.
Welcome to the Award Winning Easiest to Use & Most Advanced View, Manage, and Control Security, Access Control, Video, Energy & Lighting Systems, & Critical.

Welcome to the Award Winning Easiest to Use & Most Advanced View, Manage, and Control Security, Access Control, Video, Energy & Lighting Systems, & Critical.
Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.

Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.
Www.cleo.com Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.

Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.

Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.
Bucharest, July 31, 2012 | Bitdefender 2012 Cloud Security for Endpoints Customer Presentation.

Bucharest, July 31, 2012 | Bitdefender 2012 Cloud Security for Endpoints Customer Presentation.
Secure | Resolutions Over 1 million computers are currently protected by Secure Resolutions’ technology.

Secure | Resolutions Over 1 million computers are currently protected by Secure Resolutions’ technology.
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.

Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.

Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
First Community Bank www.fcbnm.com Prevx Safe Online Rollout & Best Practice Presentation.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.

Similar presentations

Ads by Google