sign in sign up
<<
Home , SpyEye

ONLINE AND MOBILE BANKING THREATS ONLINE PAYMENTS ARE VERY POPULAR BUT NOT SECURE

of respondents regularly use online 98% banking , online shopping or e- payment services of users have concerns about 59% banking fraud online

of people fear for the safety of their 69% personal data (including banking credentials)

Kaspersky Lab and B2B International Study - 8,605 respondents,19 countries http://media.kaspersky.com/pdf/Kaspersky_Lab_B2C_Summary_2013_final_EN.pdf

2 WHICH TYPE OF DATA LOSS IS MOST CRITICAL TO INTERNET USERS?

Personal , Banking email messages account details details

37% 58% 60% TOTAL TOTAL TOTAL

Harris Interactive Kaspersky Digital Consumers Internet Security Needs - Topline Report, 2012

3 ATTACKING THE BANK VS. ATTACKING THE USER

• Before criminals used to crack the banks

• But it’s too expensive, complicated and risky

• Now they fraud users to steal money from them

• And unfortunately they are very successful in doing that

4 TODAY CYBERCRIMINALS SELL USER CREDENTIALS IN AN EASY WAY- LIKE IN A SHOP

5 PROBLEMS USERS ENCOUNTER WHILE ONLINE

Problems users 36% of incidents Banking trojans worldwide encounter while online resulted in financial loss Did you incur any financial costs as a result of a virus / malware infection? 72,1%

Carberp 7,2% 36% SpyEye 4,4% YES 64% NO Shiz 4,2%

Sinowal 2,0%

Other 10,1% More than 25% of consumers have experienced a malware incident during last 12 months

Source: Kaspersky Lab, September 2013

6 YOU THOUGHT YOU WERE PROTECTING YOUR USERS….. …..”AND YOU THOUGHT YOU WERE SAFE!”

Online banking site: login, Carberp

Authorization: CVV2 Zeus

One time passwords: Carberp, SpyEye, SMS, Token, printed receipts, TAN generators Zeus for mobile, Lurk

Transaction approval: cell phone SpyEye

Read more details in “Staying safe from virtual robbers” http://www.securelist.com/en/analysis/204792304/Staying_safe_from_virtual_robbers

7 HOW THE FRAUD WORKS

8 MODERN PROTECTION MECHANISMS USED BY BANKS VS. BANKING TROJANS

Authentication: login/password, CVV2, ZEUS SMS, printed receipts

9 ZEUS — MAIN FEATURES

Most widespread online banking trojan out there

ZeuS tracks which keys the user presses — virtual or physical (keyloging, screenshooting)

ZeuS uses web injections — Man in the Browser attacks

ZeuS is capable of bypassing the most advanced bank security system, bypassing 2-factor authentication systems

Spreads through social engineering and drive-by downloads

10 MODERN PROTECTION MECHANISMS USED BY BANKS VS. BANKING TROJANS

Authentication: login, password, SMS Carberp

11 CARBERP: BANK CLIENT SOFTWARE + KEYS

Data theft technologies: Injection in the web browser Interception of payment data Fake notice/ popups

12 CARBERP: BANK CLIENT SOFTWARE INTERCEPTOR

Intercepted data (CVV/CVC, PIN etc.)

13 MODERN PROTECTION MECHANISMS USED BY BANKS VS. BANKING TROJANS

Authentication: login/password, SMS, Token, SpyEye TAN generators, Cam capture

14 SPYEYE: TAN GENERATORS BYPASS

TAN benefits: The user must have the unique device The user must know the PIN Unique transaction code

15 SPYEYE: CHIPTAN BYPASS BY MEANS OF SOCIAL ENGINEERING

User sees fake Warning User sees fake User is requested User enters one time window on banking page information about to refund money passwords for making transaction to his account transaction… and transfers his own money to cybercriminals “One of your recent transactions was completed by mistake. You have received some funds that were designated to another recipient. Please refund the money back as soon as possible. Thank you!”

16 SPYEYE: SPYING VIA A WEBCAM

Everything you say on the phone are recorded by cybercriminals

17 MODERN PROTECTION MECHANISMS USED BY BANKS VS. BANKING TROJANS

Authentication: Token Lurk

18 LURK: DISTRIBUTION AND PRINCIPLES OF WORK

TOKEN Bypass: Blocks the workstation when the token inside Remote access to the workstation for cybercriminals

LURK

19 MOBILE THREATS

ZitMo Zeus in the Mobile

One time passwords: SpitMo SMS SpyEye in the Mobile

CitMo Carberp in the Mobile

20 MOBILE THREATS: FEW EXAMPLES CyberSafe App

How it works By means of social engineering user is advised to download the app from an online store The app is malicious, once it’s installed it steals one time SMS authentication passwords

SMS Authorization codes stealing

21 CONCLUSIONS

Financial malware is getting more targeted Effective New protection measures introduced by banks are quickly cracked/bypassed SECURITY Targeted attacks are getting widespread and almost SOFTWARE becoming a routine There is a lot of space for vulnerability exploitation is a must

22 LET'S TALK? [email protected] www.kaspersky.com/fraudprevention