emerging cyber risks facing financial services presented by the risk management group
TRANSCRIPT
![Page 1: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/1.jpg)
EMERGING CYBER RISKS FACING FINANCIAL SERVICES
Presented by The Risk Management Group
![Page 2: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/2.jpg)
Scope
• Cybercrime explained• Key implications for financial services• A short Cyber Security overview• Conclusions• Q&A
![Page 3: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/3.jpg)
Risk in one simple image
Threat factors
Threat agents
VulnerabilitiesExploit
Controls
Designed tocorrect
Risks
Lead to
Assets
Impact
so as to reduce
and protect
![Page 4: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/4.jpg)
Cybercrime is
…committed via the Internet when…
1
…the target is digital material on a connected device, or…
2
…the aim is to disrupt systems or services.
3
![Page 5: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/5.jpg)
Cyber threats 1980 1985 1990 1995 2000 2005 2010
PC viruses
Key-loggers
Worm
Rootkits
MSDOS virus
Spy ware
Phishing
DoS
DDoS
Spam
Session hijack
SQL Worm
Large Botnet
Email virus
SQL injection
XSS virus
Cloud attack
Cyber weapon
Malnet
The 1980s threats are still challenges today, but attackers’ sophistication is increasing
APT
War dialling
Digit grabbers
Man-in-middle
![Page 6: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/6.jpg)
Threat actors
• Hackers• Malware developers• Anarchists• Negligent employees• Spies• Fraudsters and organised criminals• Plus many others…
![Page 7: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/7.jpg)
Cybercrime is evolving
From one-to-one
Through one-to-many
To many-to-one
Plus hybrid, multi-stage attacks
![Page 8: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/8.jpg)
Attacker exfiltrates empty directories
Victim removes data from known compromised systems
Victim removes malware
Case study: attack timeline
Day 1
Day 32
Day 34
Day 37
Day 38
Day 39
Day 41
Attacker installs malware on target machines & creates backdoor
Attacker installs new malware via backdoor
Attacker pushes Day 1 malware to new systems
Attacker pushes Day 34 malware to new systems
Source: Mandiant
![Page 9: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/9.jpg)
Malware is a key vector
Attacker InfectedWebsite
User
User action required
Automatically
![Page 10: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/10.jpg)
1980 1985 1990 1995 2000 2005 2010
PC viruses
Key-loggers
Worm
Rootkits
MSDOS virus
Spy ware
Phishing
DoS
DDoS
Spam
Session hijack
SQL Worm
Large Botnet
Email virus
SQL injection
XSS virus
Man-in-middle
Cyber weapon
APT
War dialling
Digit grabbers
Cloud attack
Malnet
Selected examples
![Page 11: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/11.jpg)
1980 1985 1990 1995 2000 2005 2010
Rootkits
Rootkits
PC viruses
Key-loggers
Worm
MSDOS virus
Spy ware
Phishing
DoS
DDoS
Spam
Session hijack
SQL Worm
Large Botnet
Email virus
SQL injection
XSS virus
Cloud attack
Cyber weapon
Malnet
APT
War dialling
Digit grabbers
Man-in-middle
![Page 12: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/12.jpg)
Rootkits
Applications (Word, Outlook, Explorer,
games etc.)
Data (Docs, contacts, saved game files...)
Operating System (Windows, Mac OS...) Rootkits attack the lowest
level of the operating system so that they execute on start up and avoid detection.
![Page 13: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/13.jpg)
DOGMA Millions Rootkit
• Offers payment to partners who download their App.
• Similar model to Google toolbar etc.
• Then offers crime-as-a-service. User User User User User User
$$
$
dogmamillions.com
![Page 14: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/14.jpg)
1980 1985 1990 1995 2000 2005 2010
Spyware
PC viruses
Key-loggers
Worm
Rootkit
MSDOS virus
Spy ware
Phishing
DoS
DDoS
Spam
Session hijack
SQL Worm
Large Botnet
Email virus
SQL injection
XSS virus
Cloud attack
Cyber weapon
Malnet
APT
War dialling
Digit grabbers
Man-in-middle
![Page 15: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/15.jpg)
Spyware
• Sits on infected device and captures:– Passwords and usernames– Visited URLs– Keystrokes– Credit card and bank details– Other personal data
• May also change device settings• Can turn off Firewall and Anti-virus
![Page 16: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/16.jpg)
Keylogger software
http://www.relytec.com/
This particular Keylogger needs to be installed directly on the target machine
![Page 19: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/19.jpg)
Pwn Plug hacking tool
• Network hacking toolkit
• With inbuilt WiFi• Remote command and
control
Would your users or security staff remove this if they saw it?
![Page 20: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/20.jpg)
1980 1985 1990 1995 2000 2005 2010
DDoS
PC viruses
Key-loggers
Worm
Rootkit
MSDOS virus
DDoS
Phishing
Spyware
DoS
Spam
Session hijack
SQL Worm
Large Botnet
Email virus
SQL injection
XSS virus
Cloud attack
Cyber weapon
Malnet
APT
War dialling
Digit grabbers
Man-in-middle
![Page 21: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/21.jpg)
Flooding example
2. Targeteddevice responds & assigns capacity to deal with the expected traffic
SYN PacketSYN-ACK PacketFinal ACK Packet
X3. Final ACK Packetis not sent and process is repeated in high volume, flooding the target with incomplete requests.
1. Attacker sends communication requests
1
2
3
![Page 22: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/22.jpg)
Distributed denial of serviceBo
tnet
‘Her
der’
or A
gita
tor
Infected network of ‘Bot’ machines or volunteers
Target(s)
Command & Control
Multiple attacks
1
3
2
![Page 23: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/23.jpg)
The Low Orbit Ion Cannon
The Low Orbit Ion Cannon is an open source application designed to launch what is known as a denial of service attack. It does this by flooding a target server with messages.
The Met Police report 34,000 UK downloads in only 3 days during the 2012 attacks on the US financial services sector and videos can be found on YouTube that provide lessons in how to use the tool.
![Page 24: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/24.jpg)
1980 1985 1990 1995 2000 2005 2010
The 1980s threats are still challenges today, but attackers’ sophistication is increasing
Code Injection
PC viruses
Key-loggers
Worm
Rootkit
MSDOS virus
Spy ware
Phishing
DoS
DDoS
Spam
Session hijack
SQL Worm
Large Botnet
Email virus
SQL injection
XSS virus
Cloud attack
Cyber weapon
Malnet
APT
War dialling
Digit grabbers
Man-in-middle
![Page 25: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/25.jpg)
Injection - extraction
Attacker
Vulnerable Web server exploited
Insecure web form(e.g.) SQL Commands injected via the form
Password or PCI databases compromised
SQL Commands
Stolen data extracted
1 2
3
4
5
![Page 26: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/26.jpg)
Code injection example
• Over several months in early 2011 hackers:– executed a series of successful SQL Code Injection
attacks against the servers of Sony Online Entertainment (SOE)
– reportedly exposed the personal data of 100m SOE customers
– Cost SOE $178 million in the process (mainly lost business through downtime)
![Page 27: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/27.jpg)
1980 1985 1990 1995 2000 2005 2010
The 1980s threats are still challenges today, but attackers’ sophistication is increasing
Man-in-the-Middle
PC viruses
Key-loggers
Worm
Rootkit
MSDOS virus
Spy ware
Phishing
DoS
DDoS
Spam
Session hijack
SQL Worm
Large Botnet
Email virus
SQL injection
XSS virus
Cloud attack
Cyber weapon
Malnet
APT
War dialling
Digit grabbers
Man-in-middle
![Page 29: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/29.jpg)
Definition1
You Me
2
John manages to convince you
that he is actually me…
He also convinces me
that he is actually you.You Me
John
![Page 30: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/30.jpg)
Definition1
You Me
2
You Me
John
3
You now innocently send your message to John, thinking he
is me.
John takes a copy or alters the
message and then sends it on to me. John is
the man-in-the-middle.
You Me
John
![Page 31: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/31.jpg)
Man-in-the-Middlehttp://hakshop.myshopify.com/products/wifi-pineapple
The equipment to attack Wireless (WiFi) networks can be purchased online
![Page 32: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/32.jpg)
1980 1985 1990 1995 2000 2005 2010
The 1980s threats are still challenges today, but attackers’ sophistication is increasing
Cyber Weapons
PC viruses
Key-loggers
Worm
Rootkit
MSDOS virus
Spy ware
Phishing
DoS
DDoS
Spam
Session hijack
SQL Worm
Large Botnet
Email virus
SQL injection
XSS virus
Cloud attack
Cyber weapon
Malnet
APT
War dialling
Digit grabbers
Man-in-middle
![Page 33: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/33.jpg)
Cyber weapon examples
• Flame & Stuxnet:– Adapted to attack Iran’s nuclear programme– Flame designed to collect target data– Stuxnet designed to attack SCADA systems
• Shamoon (2012)– Attacked PCs on Saudi Aramco network– 30,000 PCs had to be written off
• The Low Orbit Ion Cannon…
![Page 34: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/34.jpg)
Drop, Report & Wipe
1. The malware is dropped onto the target machine2. The malware executes its payload and the extracted data is sent to the attacker3. The eventually wipes itself off the machine, hiding the evidence of its activities
Wipe (may persist for an extended period before wiping)
Report
1
3
2
Drop
![Page 35: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/35.jpg)
Common APT vectors• Advanced Persistent Threats:
– Internet-based malware infection– Physical malware infection– External exploitation/hacking
Internet Malware Infections• Drive-by downloads• Email attachments• File sharing• Pirated software• DNS routing mods
Physical Malware Infections• Infected USB sticks• Infected DVDs or CDs• Infected memory cards• Infected appliances• Back-doored IT equipment
External exploitation• Professional hacking• Co-location host exploits• Cloud provider penetration• WiFi penetration• Device attacks
![Page 36: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/36.jpg)
Trusted connections
Insider Threats• Rogue employee• Malicious sub-contractor• Social engineering• Funded placement• Criminal break-in• Walk in
Trusted connections• Stolen VPN credentials• Partner system breaches• External hosting breaches• Grey market equipment
![Page 37: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/37.jpg)
1980 1985 1990 1995 2000 2005 2010
The 1980s threats are still challenges today, but attackers’ sophistication is increasing
Malnets
PC viruses
Key-loggers
Worm
Rootkit
MSDOS virus
Spy ware
Phishing
DoS
DDoS
Spam
Session hijack
SQL Worm
Large Botnet
Email virus
SQL injection
XSS virus
Cloud attack
Cyber weapon
Malnet
APT
War dialling
Digit grabbers
Man-in-middle
![Page 38: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/38.jpg)
Simple Malnet
Maliciousserver
Infected site
Innocent users
Innocent users
Innocent user
Innocent users
Infected site
Infected site
Infected site
![Page 39: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/39.jpg)
Real Malnets
A Malnet is comprised of unique domains, servers and websites working together to funnel users to the Malware payload.
This visual map, produced by Blue Coat, shows the relationships between trusted sites, relays and exploit servers to which users are directed.
![Page 40: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/40.jpg)
The Blackhole Exploit Kit
• Currently the most prevalent web threat (Q3 2012
• 28% of all web threats detected by Sophos and 91% by AVG are due to Blackhole
• Delivers a malicious payload to a victim's computer
• Suspected creators are Russian hackers named "HodLuM" and "Paunch"
![Page 41: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/41.jpg)
How Blackhole works
• Attacker buys the kit & specifies the attack options.• Victim:
– Loads a compromised web page or;– Opens a malicious link in a spammed email
• Malformed page or email sends user to a Blackhole landing page.
• Landing page contains code that determines what is on the victim's computers and loads all exploits to which it is vulnerable.
![Page 42: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/42.jpg)
Key implications for Firms
• Data integrity and compliance:– Data protection– PCI– Corporate data
• Fraud & other financial risks• Reputation & public trust• Legal liability• Operational sustainability
![Page 43: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/43.jpg)
Key controls
• The perimeter:– Firewalls– Intrusion detection– Antivirus
• Cloud and Social Media security• Device security and BYOD management• Data classification & encryption• User awareness
![Page 44: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/44.jpg)
Conclusion
Threat factors
Threat agents
Vulnerabilities
Controls
Risks Assets
User awareness is the most important governing factor at all points in the chain of cause and effect.
![Page 45: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/45.jpg)
Q&A
www.trmg.biz
![Page 46: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/46.jpg)
The CISI would like to thank
Mark Johnson, Chairman, The Risk Management Group
![Page 47: EMERGING CYBER RISKS FACING FINANCIAL SERVICES Presented by The Risk Management Group](https://reader035.vdocument.in/reader035/viewer/2022062307/5519fa8f550346ab0c8b484b/html5/thumbnails/47.jpg)
Enjoy this event? Then why not attend one of our short courses
Building a Client-Focussed Professional Service for the New World London 29 January 2013
Anti Money Laundering & Terrorist Financing Introductory WorkshopLondon 31 January 2013
Manchester 5 February 2013
www.cisi.org/courses