the impact of malware on uk financial the impact of ... · the impact of malware on uk financial...
Post on 25-Dec-2018
217 Views
Preview:
TRANSCRIPT
Pres
ente
d by
The
Impa
ct o
f Mal
war
eon
UK
Fin
anci
al
Inst
itutio
nsTh
e Im
pact
of M
alw
are
on U
K F
inan
cial
In
stitu
tions
Col
in W
hitta
ker
Col
in W
hitta
ker
Hea
d of
Sec
urity
Hea
d of
Sec
urity
Age
nda
Age
nda
The
The
Mal
war
eM
alw
are
Thre
at P
rofil
e to
UK
Fin
anci
al In
stitu
tions
Thre
at P
rofil
e to
UK
Fin
anci
al In
stitu
tions
The
Con
sequ
ence
s:Th
e C
onse
quen
ces:
Dire
ct F
inan
cial
Los
ses
Dire
ct F
inan
cial
Los
ses
Loss
of B
usin
ess
Loss
of B
usin
ess
Shar
ehol
der W
orth
Shar
ehol
der W
orth
Col
late
ral d
amag
e th
roug
h In
form
atio
n Le
akag
eC
olla
tera
l dam
age
thro
ugh
Info
rmat
ion
Leak
age
Ero
sion
of e
ffect
ive
cont
rols
Ero
sion
of e
ffect
ive
cont
rols
APA
CS
-an
Intr
oduc
tion
APA
CS
-an
Intr
oduc
tion
AP
AC
S, t
he U
K p
aym
ents
ass
ocia
tion,
is a
trad
e as
soci
atio
n A
PA
CS
, the
UK
pay
men
ts a
ssoc
iatio
n, is
a tr
ade
asso
ciat
ion
for i
nstit
utio
ns d
eliv
erin
g pa
ymen
ts s
ervi
ces
to e
nd c
usto
mer
sfo
r ins
titut
ions
del
iver
ing
paym
ents
ser
vice
s to
end
cus
tom
ers
It pr
ovid
es th
e fo
rum
to a
ddre
ss c
oIt
prov
ides
the
foru
m to
add
ress
co --
oper
ativ
e as
pect
s of
op
erat
ive
aspe
cts
of
paym
ents
and
thei
r dev
elop
men
tpa
ymen
ts a
nd th
eir d
evel
opm
ent
It is
als
o th
e m
ain
indu
stry
voi
ce o
n is
sues
suc
h as
pla
stic
It
is a
lso
the
mai
n in
dust
ry v
oice
on
issu
es s
uch
as p
last
ic
card
s, c
ard
fraud
, che
ques
, eca
rds,
car
d fra
ud, c
hequ
es, e
-- ban
king
sec
urity
, ele
ctro
nic
bank
ing
secu
rity,
ele
ctro
nic
paym
ents
and
cas
hpa
ymen
ts a
nd c
ash
Wor
king
Gro
ups
addr
ess
coW
orki
ng G
roup
s ad
dres
s co
-- ope
rativ
e ar
eas
such
dev
elop
ing
oper
ativ
e ar
eas
such
dev
elop
ing
auth
entic
atio
n so
lutio
ns a
nd re
spon
ding
to a
ttack
s on
eau
then
ticat
ion
solu
tions
and
resp
ondi
ng to
atta
cks
on e
--ba
nkin
g cu
stom
ers
bank
ing
cust
omer
s
APA
CS
Mem
bers
APA
CS
Mem
bers
Age
nda
Age
nda
The
The
Mal
war
eM
alw
are
Thre
at P
rofil
e to
UK
Fin
anci
al In
stitu
tions
Thre
at P
rofil
e to
UK
Fin
anci
al In
stitu
tions
Phis
hing
Inci
dent
s –
UK
ban
ksPh
ishi
ng In
cide
nts
–U
K b
anks
Mal
war
eM
alw
are
prov
ides
the
prov
ides
the
capa
bilit
y to
com
prom
ise
capa
bilit
y to
com
prom
ise
host
s in
ord
er to
:ho
sts
in o
rder
to:
Hos
t phi
shin
g si
tes
Hos
t phi
shin
g si
tes
Dis
tribu
te th
e D
istri
bute
the
Phi
shP
hish
Cap
ture
the
data
Cap
ture
the
data
Uni
que
Phis
hing
Att
acks
targ
etin
g U
K b
anks
.
0
500
1000
1500
2000 Ja
n-05 Feb
-05 Mar-05 Apr-0
5 May-05 Jun-05 Jul-0
5 Aug-05 Sep-05 Oct-05 Nov-05 Dec-0
5 Jan-0
6 Feb-06 Mar-06 Apr-0
6 May-06 Jun-06 Jul-0
6 Aug-06 Sep-06 Oct-06 Nov-06 Dec-0
6 Jan-0
7 Feb-07
No. Unique Phishing Attacks targeting UK Banks
Troj
an In
cide
nts
targ
etin
g U
K b
anks
Troj
an In
cide
nts
targ
etin
g U
K b
anks
Troj
an
Troj
an m
alw
are
mal
war
eis
the
is th
e di
rect
thre
at to
di
rect
thre
at to
co
nsum
ers
cond
uctin
g co
nsum
ers
cond
uctin
g onon
-- line
ban
king
in U
Klin
e ba
nkin
g in
UK
The
The
troja
nstro
jans
are
diffi
cult
are
diffi
cult
to d
etec
tto
det
ect
Oth
er
Oth
er m
alw
are
mal
war
epr
ovid
es
prov
ides
th
e ca
pabi
lity
to
the
capa
bilit
y to
co
mpr
omis
e ho
sts
in
com
prom
ise
host
s in
or
der t
o ca
ptur
e th
e da
ta
orde
r to
capt
ure
the
data
an
d di
strib
ute
bank
ing
and
dist
ribut
e ba
nkin
g tro
jans
troja
ns
Mon
ey m
ule/
ben
efic
iary
Rec
ruitm
ent
Mon
ey m
ule/
ben
efic
iary
Rec
ruitm
ent
Mal
war
eM
alw
are
prov
ides
the
prov
ides
the
capa
bilit
y to
com
prom
ise
capa
bilit
y to
com
prom
ise
host
s in
ord
er to
hos
t ho
sts
in o
rder
to h
ost
and
cont
rol M
ule
and
cont
rol M
ule
recr
uitm
ent s
ites
recr
uitm
ent s
ites
Thre
at P
rofil
eTh
reat
Pro
file
Tran
sTr
ans --
natio
nal o
rgan
ised
crim
e ga
ngs
natio
nal o
rgan
ised
crim
e ga
ngs
Cur
rent
wav
eC
urre
nt w
ave
Phi
shin
g vi
a R
ussi
a, R
oman
ia, U
krai
neP
hish
ing
via
Rus
sia,
Rom
ania
, Ukr
aine
……M
oney
laun
derin
g vi
a M
oney
laun
derin
g vi
a B
altic
sB
altic
s&
St P
eter
sbur
g&
St P
eter
sbur
gTh
e ne
w w
ave
The
new
wav
eW
est A
frica
nsW
est A
frica
nsB
uild
ing
on e
stab
lishe
d 41
9 in
frast
ruct
ure
Bui
ldin
g on
est
ablis
hed
419
infra
stru
ctur
eTh
e ne
xt w
ave
The
next
wav
eE
ast A
sian
sE
ast A
sian
sBr
azili
ans
Braz
ilian
s
Tech
nica
l and
org
anis
atio
nal c
apab
ilitie
s of
atta
cker
s pr
oven
Te
chni
cal a
nd o
rgan
isat
iona
l cap
abilit
ies
of a
ttack
ers
prov
en ––
thre
at n
ot
thre
at n
ot
goin
g to
dim
inis
h go
ing
to d
imin
ish
Fuel
ling
iden
tity
thef
t: C
rede
ntia
ls &
iden
titie
s be
ing
used
to
Fuel
ling
iden
tity
thef
t: C
rede
ntia
ls &
iden
titie
s be
ing
used
to s
uppo
rt su
ppor
t ca
rdin
g, a
ccou
nt ta
keov
er, l
oan
fraud
etc
card
ing,
acc
ount
take
over
, loa
n fra
ud e
tc
Age
nda
Age
nda
The
The
Mal
war
eM
alw
are
Thre
at P
rofil
e to
UK
Fin
anci
al In
stitu
tions
Thre
at P
rofil
e to
UK
Fin
anci
al In
stitu
tions
The
Con
sequ
ence
s:Th
e C
onse
quen
ces:
Dire
ct F
inan
cial
Los
ses
Dire
ct F
inan
cial
Los
ses
Dire
ct L
osse
s in
Con
text
Dire
ct L
osse
s in
Con
text
Dire
ct lo
sses
(net
):D
irect
loss
es (n
et):
2004
: £12
.2M
2004
: £12
.2M
2005
: £23
.2M
20
05: £
23.2
M ––
up 9
0%up
90%
2006
: £33
.5M
20
06: £
33.5
M ––
up 4
4%up
44%
Dire
ct lo
sses
not
fully
repr
esen
tativ
e of
pro
blem
:D
irect
loss
es n
ot fu
lly re
pres
enta
tive
of p
robl
em:
Trus
t in
onlin
e ch
anne
lsTr
ust i
n on
line
chan
nels
Rep
utat
iona
l asp
ects
R
eput
atio
nal a
spec
ts ––
impa
ct o
n th
e br
and
impa
ct o
n th
e br
and
Indi
rect
cos
ts &
opp
ortu
nity
cos
ts d
iffic
ult t
o qu
antif
yIn
dire
ct c
osts
& o
ppor
tuni
ty c
osts
diff
icul
t to
quan
tify
Pos
itive
Act
ion
Pos
itive
Act
ion
Col
lect
ive
unde
rsta
ndin
g C
olle
ctiv
e un
ders
tand
ing
Sha
ring
of in
telli
genc
e an
d le
sson
s le
arnt
Sha
ring
of in
telli
genc
e an
d le
sson
s le
arnt
Ben
efic
iary
inte
llige
nce
shar
ing
Ben
efic
iary
inte
llige
nce
shar
ing
Enh
ance
d Fr
aud
Det
ectio
nE
nhan
ced
Frau
d D
etec
tion
Age
nda
Age
nda
The
The
Mal
war
eM
alw
are
Thre
at P
rofil
e to
UK
Fin
anci
al In
stitu
tions
Thre
at P
rofil
e to
UK
Fin
anci
al In
stitu
tions
The
Con
sequ
ence
s:Th
e C
onse
quen
ces:
Dire
ct F
inan
cial
Los
ses
Dire
ct F
inan
cial
Los
ses
Loss
of B
usin
ess
Loss
of B
usin
ess
Loss
of B
usin
ess
Loss
of B
usin
ess
Are
con
sum
ers
turn
ing
away
from
the
eA
re c
onsu
mer
s tu
rnin
g aw
ay fr
om th
e e --
chan
nel?
chan
nel?
How
muc
h ar
e th
ey u
sing
the
chan
nel?
How
muc
h ar
e th
ey u
sing
the
chan
nel?
How
muc
h m
ore
wou
ld th
ey u
se th
e ch
anne
l if t
hey
felt
mor
e H
ow m
uch
mor
e w
ould
they
use
the
chan
nel i
f the
y fe
lt m
ore
secu
re?
secu
re?
Are
we
limite
d to
wha
t ser
vice
s w
e ca
n of
fer t
o ou
r A
re w
e lim
ited
to w
hat s
ervi
ces
we
can
offe
r to
our
cust
omer
s?cu
stom
ers?
Do
we
stop
doi
ng b
usin
ess
with
our
cus
tom
ers
who
are
D
o w
e st
op d
oing
bus
ines
s w
ith o
ur c
usto
mer
s w
ho a
re
infe
cted
with
in
fect
ed w
ith m
alw
are
mal
war
eth
ey c
anno
t rem
ove?
they
can
not r
emov
e?
024681012141618
Jun-0
0
Dec-00
Jun-0
1
Dec-01
Jun-0
2
Dec-02
Jun-0
3
Dec-03
Jun-0
4
Dec-04
Jun-0
5
Dec-05
Online banking customers (millions)
The
Mar
ket a
nd th
e C
usto
mer
s’
conf
iden
ce in
onl
ine
bank
ing
The
Mar
ket a
nd th
e C
usto
mer
s’
conf
iden
ce in
onl
ine
bank
ing
Age
nda
Age
nda
The
The
Mal
war
eM
alw
are
Thre
at P
rofil
e to
UK
Fin
anci
al In
stitu
tions
Thre
at P
rofil
e to
UK
Fin
anci
al In
stitu
tions
The
Con
sequ
ence
s:Th
e C
onse
quen
ces:
Dire
ct F
inan
cial
Los
ses
Dire
ct F
inan
cial
Los
ses
Loss
of B
usin
ess
Loss
of B
usin
ess
Shar
ehol
der W
orth
Shar
ehol
der W
orth
The
Pum
p an
d D
ump
Thre
atTh
e Pu
mp
and
Dum
p Th
reat
CO
MP
AN
Y
ASH
AR
ES
OR
GA
NIS
EDC
RIM
INA
LS1.
BU
Y £
MU
LTIP
LE C
OM
PR
OM
ISED
AC
CO
UN
TS
(CO
NTR
OLL
ED B
Y Z
OM
BIE
BO
T-N
ET)
2. B
UY
££££
3. S
ELL
££££
PRO
FIT
Impa
ct o
f Pum
p an
d D
ump
Impa
ct o
f Pum
p an
d D
ump
Loss
to th
e co
nsum
erLo
ss to
the
cons
umer
Thre
aten
s eq
uity
and
sha
re tr
adin
g, a
nd in
vest
men
tTh
reat
ens
equi
ty a
nd s
hare
trad
ing,
and
inve
stm
ent
Thre
aten
s re
puta
tion
and
wor
th o
f the
ent
erpr
ise
Thre
aten
s re
puta
tion
and
wor
th o
f the
ent
erpr
ise
Age
nda
Age
nda
The
The
Mal
war
eM
alw
are
Thre
at P
rofil
e to
UK
Fin
anci
al In
stitu
tions
Thre
at P
rofil
e to
UK
Fin
anci
al In
stitu
tions
The
Con
sequ
ence
s:Th
e C
onse
quen
ces:
Dire
ct F
inan
cial
Los
ses
Dire
ct F
inan
cial
Los
ses
Loss
of B
usin
ess
Loss
of B
usin
ess
Shar
ehol
der W
orth
Shar
ehol
der W
orth
Col
late
ral d
amag
e th
roug
h In
form
atio
n Le
akag
eC
olla
tera
l dam
age
thro
ugh
Info
rmat
ion
Leak
age
Our
mos
t rec
ent d
ata
reco
very
Our
mos
t rec
ent d
ata
reco
very
4 G
B T
ext F
ile4
GB
Tex
t File
Rec
over
ed a
ppro
xim
atel
y 50
0 U
K e
Rec
over
ed a
ppro
xim
atel
y 50
0 U
K e
-- ban
king
cus
tom
ers
bank
ing
cust
omer
s de
tails
deta
ils
Oth
er fe
atur
es e
xam
ined
:O
ther
feat
ures
exa
min
ed:
Sea
rch
term
"S
earc
h te
rm "
card
num
ber
card
num
ber “
, 16
,826
mat
ches
“, 1
6,82
6 m
atch
esS
earc
h te
rm ".
Sea
rch
term
".go
v.uk
gov.
uk“,
2,77
4 m
atch
es“,
2,77
4 m
atch
es
Age
nda
Age
nda
The
The
Mal
war
eM
alw
are
Thre
at P
rofil
e to
UK
Fin
anci
al In
stitu
tions
Thre
at P
rofil
e to
UK
Fin
anci
al In
stitu
tions
The
Con
sequ
ence
s:Th
e C
onse
quen
ces:
Dire
ct F
inan
cial
Los
ses
Dire
ct F
inan
cial
Los
ses
Loss
of B
usin
ess
Loss
of B
usin
ess
Shar
ehol
der W
orth
Shar
ehol
der W
orth
Col
late
ral d
amag
e th
roug
h In
form
atio
n Le
akag
eC
olla
tera
l dam
age
thro
ugh
Info
rmat
ion
Leak
age
Ero
sion
of e
ffect
ive
cont
rols
Ero
sion
of e
ffect
ive
cont
rols
TAN
s(T
rans
actio
n A
utho
risat
ion
Num
ber)
TAN
s(T
rans
actio
n A
utho
risat
ion
Num
ber)
A3
–H
ost R
edire
ctio
nA
3 –
Hos
t Red
irect
ion
Ban
k C
usto
mer
Atta
cker
On-
Line
B
ank
1
Cov
ertly
the
atta
cker
mod
ifies
the
clie
nt’s
hos
t file
2 Cus
tom
er in
itiat
es a
con
nect
ion
to
thei
r on-
line
bank
and
are
una
war
e th
at th
ey a
re re
dire
cted
and
logg
ing
to th
e at
tack
er’s
bog
us h
ost.
The
atta
cker
kee
ps s
endi
ng e
rror
mes
sage
s ba
ck to
the
cust
omer
af
ter e
very
OTP
unt
il th
ey h
ave
all
the
OTP
s.
3
Atta
cker
use
the
OTP
sdu
ring
the
cust
omer
’s
legi
timat
e se
ssio
n or
at
any
time
in th
e fu
ture
4
The
atta
cker
cle
ans
up
by re
mov
ing
the
mal
icio
us h
ost f
ile
Sum
mar
ySu
mm
ary
The
The
Mal
war
eM
alw
are
thre
at to
UK
Fin
anci
al In
stitu
tions
is s
ever
eth
reat
to U
K F
inan
cial
Inst
itutio
ns is
sev
ere
The
curr
ent c
onse
quen
ces
are:
The
curr
ent c
onse
quen
ces
are:
Dire
ct F
inan
cial
Los
ses
Dire
ct F
inan
cial
Los
ses
Loss
of B
usin
ess
Loss
of B
usin
ess
Shar
ehol
der W
orth
Shar
ehol
der W
orth
Col
late
ral d
amag
e th
roug
h In
form
atio
n Le
akag
eC
olla
tera
l dam
age
thro
ugh
Info
rmat
ion
Leak
age
Ero
sion
of e
ffect
ive
cont
rols
Ero
sion
of e
ffect
ive
cont
rols
the
UK
bank
ing
indu
stry
initi
ativ
e to
he
lp o
nlin
e ba
nkin
g us
ers
stay
saf
e on
line
Ban
k Sa
fe O
nlin
e
ww
w.b
anks
afeo
nlin
e.or
g.uk w
ww
.iden
tityt
heft.
org.
ukH
ow to
pro
tect
you
rsel
f and
wha
t to
do if
you
thin
k yo
u’re
a v
ictim
top related