1 / 28

The evolution of eCrime and the remote banking channels

The evolution of eCrime and the remote banking channels. Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas. Overview. Setting the Scene Attacks & Exploits Monetising the attack The bigger picture. Setting the Scene. What is eCrime?.

Download Presentation

The evolution of eCrime and the remote banking channels

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas

  2. Overview • Setting the Scene • Attacks & Exploits • Monetising the attack • The bigger picture

  3. Setting the Scene

  4. What is eCrime?

  5. Organised Crime

  6. Remote banking?

  7. What is being attacked?

  8. Why? In economic terms In criminal terms Wider Market Base. Greater ROI. Cost/Benefit Model. I rob banks ‘cos that’s where the money is Willie Sutton c1930

  9. Attacks & Exploits

  10. Phishing

  11. Phishing Explained 4. Phished Credentials forwarded to Drop server 6. Creds traded on online forums 5. Creds forwarded to phisher 1. Attacker creates / hijacks website 2. Phishing email sent 3. Victim directed to phishing site 7. Phishers use credentials to access genuine accounts

  12. Phishing evolved MITM/Real-time Phishing Capture & use victim 2-FA pass code in real time thus defeating multi factor authentication. HTML form attachment Doesn't require a phishing a site and so evades traditional phishing takedown. Vhishing & Smishing Use of traditional social engineering techniques to gather credentials Use of VOIP technology to spoof & evade detection

  13. Malware

  14. Malware Carberp ICE IX ZEUS Spyeye Citadel Shylock

  15. Attack vectors www.XXX.com

  16. Monetising the attack

  17. Beneficiaries/Money Mules Job offer We have found your resume at Monster.com and would like to suggest you a "Transfer manager" vacancy. We have thoroughly studied your resume and are happy to inform you that your skills completely meet our requirements for this position. Our company buy, sell, and exchange digital currencies, like E-gold and E-bullion. • Continues to be the Bottleneck • lots of credentials not enough mule accounts • Money Mule categories • The professionals • The unsuspecting/duped • Developments • Pre-Paid card accounts- lack of KYC • Fake online businesses • International Payments (SEPA) • International fraud payments to mule accounts across the EU.

  18. Putting it all together

  19. Crime as a Service

  20. Op HighRoller • Customised Zeus / Spyeye variant. • Automated. • Checked balance. • High net-worth accounts >e200,000. • Targeted over 60 institutions • Global network of mules.

  21. The Wider Picture

  22. Global View

  23. Future Challenges

  24. Things to think about

  25. The next generation….

  26. Don’t underestimate the adversary

  27. Maintain situational awareness

  28. Questions?

More Related