banks v fintech…. what about cyber security? by roman sologub, general manager, issp ukraine

BanksvFinTech….WhatAboutCyberSecurity?

RomanSologubGeneralManagerISSPUkraine

UkrainianBankingForum2016

ISSP Information Systems Security Partners

§ Data for sale§ Attack as a service§ Botnet services§ Malware / Trojans§ Bank Accounts § Payment cards§ Documents

2,1 Trillion in 2019

NotjustIT–OT,IOT,Physical

AssumeCompromise

Detect&RespondFaster

IncreasedRegulation

Internal(Whitebox)

External (Blackbox)

AdvancedPersistentThreat

E-banking

AccountsHijacking

Sessionshijacking

Phishing

ATM/POS

DirectDispense

Malware

Skimming

CardDump

Cardnotpresent

Offlineoverdrafts

SocialEngineering

Vishing

SocialNetworks

Phishing

Bankingattackvectors

Morning NoonCloseofBusiness

Compromisedaccounts

ProxyBank1

ProxyBank2 Depositcards/moneywithdrawal

Start DDOS/HostSystemshutdown End

Recentattack:ATMDirectDispense

Ukraine09/2015– 04/2016

30+cases10bankswasaffected

>AdvancedPersistentThreat

asetofstealthyandcontinuouscomputerhackingprocesses,oftenorchestratedbyhumantargetingaspecificentity.

1.Preparation:socialnetworks, internet,deepweb,documents,metadata

2.Intrusion:Massmail,targetedmail,candydrop,socialengineering

ActiveBreach:Keyloggers, cryptolockers,passwordcrackers,backdoors,etc…

CyberKillChain

6monthfromintrusiontoblackout

Hackers Spend 200+ Days Inside Before Discovery

#14/07/20161000+emailswerereleasedtovariousorganizationsinUkraine

MSWordhasembeddedmacroPayloaddeliverylinkswereextracted:

HTTP62.210.102.80elfaroconsultants.comelfaroconsultants.com/elfaroconsultants.com//r_uploadelfaroconsultants.com//wp-admin/post.phpelfaroconsultants.com/bug/pic.gif?siteidelfaroconsultants.com/din.aspx?s=0000000elfaroconsultants.com/p?c1=2&c2=13765216elfaroconsultants.com/pagestat/PageStatEelfaroconsultants.com/safari/content.binelfaroconsultants.com/t51.2885-15/e35/p2elfaroconsultants.com/tracker?js=13;id=1elfaroconsultants.com/wpad.datwtfismyip.com:443shougunj.com:8069.30.217.90:44352.23.245.170:80

ActionsonObjectives

Command&ControlInstallationExploitationDeliveryWeaponizeRecon

1000emailaddresseswithpersonaldata

Socialengineering+

Compositemacro-codeobfuscation-sandboxevasion

Predictions

Payloadwasdownloaded14/07/16

1. Exploitationstage- October2. Finalstageperformance– Spring `17

Securityisanegativegoal…

Itisaprocess

ISSP - Information Systems Security Partners -

is a Group of Companies, specialized in cybersecurity, managedsecurity services, state of the art professional training, and cuttingedge research in the area of information systems security.

VendorsandPartners: SecurityOperationCenters(SOC):USA,Israel,EU,Japan Kyiv(+Lab),Vilnius.

Offices: TrainingCenters:Kyiv,Tbilisi,Bratislava,Almaty Kyiv,Tbilisi

ISSP – specialized integrator and managedsecurity services provider.

ISSP Service – provides around the clocksupport and professional services.

ISSP Training Center – conductsprofessional trainings, including but notlimited to certified product-based trainingsand professional certificationprograms.

ISSP Lab & Research Center – specializeson analysis of cyber threats, challengingtasks of computer forensics.

ISSPbusinessprofile

NotjustIT–OT,IOT,Physical

AssumeCompromise

Detect&RespondFaster

IncreasedRegulation

IOC`sDiscoveryDataAuditApplicationSecurityOSINT

IncidentDetectionIncidentResponse

RemediationForensics

ATMSecurityCounter-FRAUDSCADASecurityAccessandBehavior

ComplianceasaService

ComplianceAuditConsulting

CYBERSECURITY IS ENABLING

– not Defeating –

BUSINESS INNOVATIONS

www.isspgroup.com

banks v fintech…. what about cyber security? by roman sologub, general manager, issp ukraine

Economy & Finance

presentation final[1] issp

emotion cs 3710 / issp 3565

issp...

issp newsletter january 2014

issp security standard application security.doc.doc

issp 2003 national identity ii - codebook za study...

issp 2006 philippines

exploring the body shameful: solov'ev, sologub, and original...

2014 issp template

issp...

republic czech 2012 issp - dbk.gesis.org

issp background variable documentation - template

issp glossary of terms

acme, inc. issp · web viewacme, inc. issp. csol 550...

information systems strategic plan (issp)

issp calendar 2013 2014

issp background variables questionnaire

story packs issp - prestwick house

issp food for thought panel

issp school handbook