ONLINE AND MOBILE BANKING THREATS ONLINE PAYMENTS ARE VERY POPULAR BUT NOT SECURE
of respondents regularly use online 98% banking , online shopping or e- payment services of users have concerns about 59% banking fraud online
of people fear for the safety of their 69% personal data (including banking credentials)
Kaspersky Lab and B2B International Study - 8,605 respondents,19 countries http://media.kaspersky.com/pdf/Kaspersky_Lab_B2C_Summary_2013_final_EN.pdf
2 WHICH TYPE OF DATA LOSS IS MOST CRITICAL TO INTERNET USERS?
Personal Passwords, Banking email messages account details details
37% 58% 60% TOTAL TOTAL TOTAL
Harris Interactive Kaspersky Digital Consumers Internet Security Needs - Topline Report, 2012
3 ATTACKING THE BANK VS. ATTACKING THE USER
• Before criminals used to crack the banks
• But it’s too expensive, complicated and risky
• Now they fraud users to steal money from them
• And unfortunately they are very successful in doing that
4 TODAY CYBERCRIMINALS SELL USER CREDENTIALS IN AN EASY WAY- LIKE IN A SHOP
5 PROBLEMS USERS ENCOUNTER WHILE ONLINE
Problems users 36% of malware incidents Banking trojans worldwide encounter while online resulted in financial loss Did you incur any financial costs as a result of a virus / malware infection? Zeus 72,1%
Carberp 7,2% 36% SpyEye 4,4% YES 64% NO Shiz 4,2%
Sinowal 2,0%
Other 10,1% More than 25% of consumers have experienced a malware incident during last 12 months
Source: Kaspersky Lab, September 2013
6 YOU THOUGHT YOU WERE PROTECTING YOUR USERS….. …..”AND YOU THOUGHT YOU WERE SAFE!”
Online banking site: login, password Carberp
Authorization: CVV2 Zeus
One time passwords: Carberp, SpyEye, SMS, Token, printed receipts, TAN generators Zeus for mobile, Lurk
Transaction approval: cell phone SpyEye
Read more details in “Staying safe from virtual robbers” http://www.securelist.com/en/analysis/204792304/Staying_safe_from_virtual_robbers
7 HOW THE FRAUD WORKS
8 MODERN PROTECTION MECHANISMS USED BY BANKS VS. BANKING TROJANS
Authentication: login/password, CVV2, ZEUS SMS, printed receipts
9 ZEUS — MAIN FEATURES
Most widespread online banking trojan out there
ZeuS tracks which keys the user presses — virtual or physical (keyloging, screenshooting)
ZeuS uses web injections — Man in the Browser attacks
ZeuS is capable of bypassing the most advanced bank security system, bypassing 2-factor authentication systems
Spreads through social engineering and drive-by downloads
10 MODERN PROTECTION MECHANISMS USED BY BANKS VS. BANKING TROJANS
Authentication: login, password, SMS Carberp
11 CARBERP: BANK CLIENT SOFTWARE + KEYS
Data theft technologies: Injection in the web browser Interception of payment data Fake notice/ popups
12 CARBERP: BANK CLIENT SOFTWARE INTERCEPTOR
Intercepted data (CVV/CVC, PIN etc.)
13 MODERN PROTECTION MECHANISMS USED BY BANKS VS. BANKING TROJANS
Authentication: login/password, SMS, Token, SpyEye TAN generators, Cam capture
14 SPYEYE: TAN GENERATORS BYPASS
TAN benefits: The user must have the unique device The user must know the PIN Unique transaction code
15 SPYEYE: CHIPTAN BYPASS BY MEANS OF SOCIAL ENGINEERING
User sees fake Warning User sees fake User is requested User enters one time window on banking page information about to refund money passwords for making transaction to his account transaction… and transfers his own money to cybercriminals “One of your recent transactions was completed by mistake. You have received some funds that were designated to another recipient. Please refund the money back as soon as possible. Thank you!”
16 SPYEYE: SPYING VIA A WEBCAM
Everything you say on the phone are recorded by cybercriminals
17 MODERN PROTECTION MECHANISMS USED BY BANKS VS. BANKING TROJANS
Authentication: Token Lurk
18 LURK: DISTRIBUTION AND PRINCIPLES OF WORK
TOKEN Bypass: Blocks the workstation when the token inside Remote access to the workstation for cybercriminals
LURK
19 MOBILE THREATS
ZitMo Zeus in the Mobile
One time passwords: SpitMo SMS SpyEye in the Mobile
CitMo Carberp in the Mobile
20 MOBILE THREATS: FEW EXAMPLES CyberSafe App
How it works By means of social engineering user is advised to download the app from an online store The app is malicious, once it’s installed it steals one time SMS authentication passwords
SMS Authorization codes stealing
21 CONCLUSIONS
Financial malware is getting more targeted Effective New protection measures introduced by banks are quickly cracked/bypassed SECURITY Targeted attacks are getting widespread and almost SOFTWARE becoming a routine There is a lot of space for vulnerability exploitation is a must
22 LET'S TALK? [email protected] www.kaspersky.com/fraudprevention