240 likes | 408 Views
Lex Informatica – SA Cyberlaw / ICT conference – 2014. AVeS Cyber Security Confidence in your Digital Information. ONLINE A N D M OBILE BANKI N G THR E A TS. Charl Ueckermann Managing Director AVeS Cyber Security. 2014/09/25. Agenda. Welcome AVeS Overview
E N D
Lex Informatica – SA Cyberlaw / ICT conference – 2014 AVeS Cyber SecurityConfidence in your Digital Information ONLINEAND MOBILE BANKINGTHREATS Charl Ueckermann ManagingDirector AVeS CyberSecurity 2014/09/25
Agenda • Welcome • AVeS Overview • Online and Mobile Banking Threats • Questions
AVeS Overview • Since 1997 • 500+ clients in Southern Africa • Focus on Professional Services • Reducing Risk – IT Security • Improving Efficiency – Advanced Microsoft Infrastructure • Improving Consistency – Corporate Governance (ISO Std’s) • Increasing Revenue – CRM • Product Support (the building blocks)
Online and Mobile Banking Threats Online payments are popular but unsecure 98% of respondents regularly use online banking , online shopping or e- payment services 59% of users have concerns about banking fraud online 69% of people fear for the safety of their personal data (including banking credentials) Kaspersky Lab and B2B International Study - 8,605 respondents,19 countries http://media.kaspersky.com/pdf/Kaspersky_Lab_B2C_Summary_2013_final_EN.pdf
Which type of data loss is the most critical for Internet users? Passwords, account details Personal email messages Banking details 37% TOTAL 60% TOTAL 58% TOTAL HarrisInteractiveKaspersky DigitalConsumers InternetSecurityNeeds-Topline Report,2012
Attacking the Bank vs Attacking the User • Before criminals used to crack the banks • But it’s too expensive, complicated and risky • Now they fraud users to steal money from them • And unfortunately they are very successful in doing that
Problems users encounter whilst online 36% of malware incidents resulted in financial loss Did you incur any financial costs as a result of a virus / malware infection? Bankingtrojansworldwide Problemsusers encounterwhileonline Zeus Carberp 36% YES SpyEye 64% NO Shiz Sinowal Other More than 25% of consumers have experienced a malware incident during last 12 months Source:Kaspersky Lab,September2013
…..”And you thought you were safe!” Online banking site: login, password Online banking site: login, password Carberp Authorization: CVV2 Authorization: CVV2 Zeus One time passwords: SMS, Token, printed receipts, TAN generators Carberp, SpyEye, Zeus for mobile, Lurk Onetimepasswords: SMS,Token, printedreceipts,TANgenerators Transaction approval: cell phone SpyEye Readmoredetailsin “Stayingsafe fromvirtualrobbers” http://www.securelist.com/en/analysis/204792304/Staying_safe_from_virtual_robbers
Malicious programs use the following techniques • Keylogging • Screenshot Capturing • Modifying the hosts file • Intrusion into a running browser process (Web Injections) • Mobile Phones Intrusions
ZEUS — Main Features • Most widespread online banking trojan out there • ZeuS tracks which keys the user presses — virtual or physical (keyloging, screenshooting) • ZeuS uses web injections — Man in the Browser attacks • ZeuS is capable of bypassing the most advanced bank security system, bypassing 2-factor authentication systems • Spreads through social engineering and drive-by downloads
How Zeus works • The user enters their one-time password • Fake notification and prompts to receive the "new list", users enter their current TAN-codes • ZeuS using web injection methods. • All login details that are entered are sent to the cybercriminals
CARBERP: Bank client software + Keys • Data theft technologies: • Injection in the web browser • Interception of payment data • Fake notice/ popups
CARBERP: Bank client software interceptor Intercepted data (CVV/CVC, PIN etc.) The information Carberp requests on the modified main page of an online banking system (shown in red boxes)
SPYEYE: Bypass by means of social engineering User is requested to refund money User enters one time passwords for making transaction… and transfers his own money to cybercriminals User sees fake Warning window on banking page User sees fake information about transaction to his account “One of your recent transactions was completed by mistake. You have received some funds that were designated to another recipient. Please refund the money back as soon as possible. Thank you!”
SPYEYE: Spying via Webcam Everythingyousay onthephonearerecordedbycybercriminals
LURK: Distribution and working TOKEN Bypass: Blocks the workstation when the token inside Remote access to the workstation for cybercriminals LURK
Mobile Threats ZitMo ZeusintheMobile Onetimepasswords: SMS SpitMo SpyEyeintheMobile CitMo Carberp intheMobile
Mobile Threats • How it works • By means of social engineering user is advised to download the app from an online store • The app is malicious, once it’s installed it steals one time SMS authentication passwords
Conclusion • Financial malware is getting more targeted • New protection measures introduced by banks are quickly cracked/bypassed • Targeted attacks are getting widespread and almost becoming a routine • There is a lot of space for vulnerability exploitation Effective SECURITY SOFTWARE isamust
The Way forward • Banking Industry to take more responsibility • Mobile SDK protection • Endpoint Protection – different form std AV • Banking Server Global monitoring • Cyber Fraud Awareness – keep going • Patch Management 70% of solution
Thank You Questions