Advanced Security Methods for efraud and Messaging

Transcription

1 Advanced Security Methods for efraud and Messaging

2 Company Overview Offices: New York, Singapore, London, Tokyo & Sydney Specialization: Leader in the Messaging Intelligence space Market focus: Enterprise, Government and Service Providers Cool Vendors in User and Data Security, 2011 Vendors selected for the Cool Vendor report are innovative, impactful and intriguing Awards: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

3 Growing Security Concerns 2012 kicked off with an increase of over 40 percent in global attacks (RSA March 2012) US Bank Types Attacked U.S. nationwide brands and regional banks both saw an eight percent increase in attacks in February (RSA March 2012) APT: Persistent, Personal, Control Focused and Automated (Imperva 2012) Attacks by country Feb 2012

4 Adaptive Security Access Management According to Verizon's 2012 Data Breach Investigations Report, about 20 percent of all breaches now involve social engineering, including pretexting and phishing. Adaptive Access Management is based on real time risk scoring Limiting authorization, alerting security systems, layering black and white listing and using multiple factors in determining risk

5 Adaptive Security Processing Real time data feeds Layered security formats Risk score processing for authentication and authorization Alerts and blocking as well as reporting Education Used for and online transactions

6 Fraud is on the Rise Online banking fraud rose over 28% in the first half of this year over what was reported in the same period in 2011 Some 111,396 phishing sites were identified in the first half of this year, a rise of 199 % on the same period in (Sept Cybercriminals attempted to steal at least $75 million from high-balance business and consumer bank accounts by using sophisticated fraud automation techniques that can bypass two-factor authentication (June 2012 McAfee) Attackers are increasingly combining malware-based Web injection with serverhosted scripts in order to piggyback on active online banking sessions and initiate fraudulent transfers in real time

7 Risks are online and through Dramatic shifts in attack strategy (movement towards targeted, intelligent, one-off and automated strategies) New security evasion tactics continuously changing the signature of the attacks An evolution of the targeted threat model is moving from spam to phish to spear phishing Security as social engineering is on the rise

8 Top five phishing subject lines *Based on July September 2012 research 1. Your account has been accessed by a third party 2. (Bank Name) Internet Banking Customer Service Message 3. Security Measures 4. Verify your activity 5. Account Security Notification

9 Two of the most difficult attacks to combat are always changing Two major systems are always kept open for business and provide the largest risks for organizations from malware, bots, social threats and fraud. They are the two primary vectors of compromise and data loss transactions Spear Phishing: Used to steal source code, financial information and intellectual property Web based ebusiness transactions ebanking Fraud: Interactions with compromised machines used to wreak havoc on systems and steal funds and financial information

10 transactions: Spear Phishing Spear Phishing is an advanced personalized attack that is trying to steal personal, financial, security and intellectual property Recent Examples: White house was a recent victim of spear-phishing Oak Ridge National Laboratory was a victim before the organization cut off internet access to workers RSA last year announced that a possible breach of their SecurID product started from a spear-phishing attack

11 Solving the increasing threat of spear phishing and targeted phishing: 3 components to Spear Phishing: A spoofed Something which is urgent (a pending situation) Something to do (click on, download, or phone about)

12 The TrustSphere Solution TrustVault TrustSphere provides a messaging intelligence solution called TrustVault that mitigates your risk of spear phishing attacks creating a map of your organization. TrustCloud TrustCloud is the world s largest whitelist to help secure your environment. TrustCloud also offers unique, rich security data providing a data feed targeted for financial institutions and online businesses to secure against efraud.

13 Using your own data to stop Spear Phishing with TrustSphere

14 Using your own data to stop Spear Phishing with TrustSphere TrustSphere solves the spoofing component of the spear phishing attempt and can show anomalies to make your safer Uses our own inference method of linking senders and recipients Checking SPF and DKIM where available as well as MX Records

15 Using your own data to stop Spear Phishing with TrustSphere TrustSphere solves the spoofing component of the spear phishing attempt and can show anomalies to make your safer Uses our own inference method of linking senders and recipients Checking SPF and DKIM where available as well as MX Records

16 Trustsphere s Approach Mapping communications to build a trusted whitelist of senders

17 Enterprise Security Intelligence Spear Phishing Mitigation TELLS THE USER THE IS REVIEWED AND SAFE, UNKNOWN or SUSPICIOUS From Subject Greg Owen [Reviewed] Re: support agreement Boe Customer Care [unknown] Re: Account not working [#148260] Samantha Noel [Reviewed] Re: meeting up an introductions Brooke Parker [Reviewed] Re: Wed Sept 28 in Melb Barry Stone [unknown] Re: Security Forum - no charge registration code expires tomorrow Michael Lewis [Reviewed] Re: Steve Appointment Corporate Security [SUSPICIOUS] please review your account Normal Bale [unknown] Re: New client list for newsletter John Pearson [unknown] please review for our show Peter Walls [Reviewed] content archiving market trends report Peter Lock [Reviewed] corporate lunch meeting sept 30 Yahoo! Alerts [Reviewed] Keyword news

18 Enterprise Security Intelligence Spear Phishing Mitigation TELLS THE USER THE IS REVIEWED AND SAFE, UNKNOWN or SUSPICIOUS From Subject Greg Owen [Reviewed] Re: support agreement Boe Customer Care [unknown] Re: Account not working [#148260] Samantha Noel [Reviewed] Re: meeting up an introductions Brooke Parker [Reviewed] Re: Wed Sept 28 in Melb Barry Stone [unknown] Re: Security Forum - no charge registration code expires tomorrow Michael Lewis [Reviewed] Re: Steve Appointment Corporate Security [SUSPICIOUS] please review your account Normal Bale [unknown] Re: New client list for newsletter John Pearson [unknown] please review for our show Peter Walls [Reviewed] content archiving market trends report Peter Lock [Reviewed] corporate lunch meeting sept 30 Yahoo! Alerts [Reviewed] Keyword news

19 Mitigate the risk of spear phishing Works in mobile applications, web and client formats Can show what s are: - Known good - Suspect Popular methods for education: - header tagging - Subject line pre-pend - Use of client icons and colors

20 TrustSphere for ebanking and ebusiness Fraud Currently over 1.5 Billion users are protected with this data This creates incredible telemetry on a worldwide basis, and coupled with the world s largest whitelist, we have a very rich dataset Providing reputation data on IP and domains Used by and added to by: ISP, network and security community Registrars and Regulators Law enforcement Research community

21 Illegal access to online resources Through sophisticated means (phishing, malware) criminals try to gain access to legit banking or trading portals using stolen credentials and/or resources. Criminals may attempt to access via compromised machines

22 Scoring system the use of IP reputation in the mix Username and passwords are not adequate to control access Logins to customer portals should be scored based on the characteristics of the incoming connection Connections from sources known to be in recent use by criminals have a high fraud risk IP address reputation can play an important part in this scoring system Several datasets are available that allow for scoring on known-bad characteristics

23 Data Set: IPs showing compromise We provide dataset of IP addresses used by computers known to be infected with malware that has had an ebusiness and financial fraud related component If a customer connects from such an IP address, there is a high chance that transactions about to be done will be fraudulent or include a fraudulent component

24 Data Set: IPs showing compromise Very rich dataset Timestamp for most recent known to be active For a lot of the entries: exact names of malware (allows for more precise scoring, remediation)

25 Set: IPs showing compromise Dataset is updated and published every 15 minutes. Window-of-opportunity for criminals gets almost impossibly small Typically provided for your security element of your web application Offered as a flat file delivered by rsync

26 Data Set: Known end-user IP ranges This list contains address blocks that are allocated to mobile phone and home based internet connections If a connection is NOT on this list, it might be that the login is done from IP ranges used for servers rather than end users Thus connections from IP addresses not on this list should be treated as machines with a higher risk profile

27 efraud and Spear Phishing TrustSphere can provide a unique data set to better secure your ebusiness and ebanking applications that is easily consumed by your current systems TrustSphere can provide a unique approach to removing the spear phishing risk to the enterprise while leveraging your current environment

28 To Learn More: TrustSphere can provide a simple feed for your organization to use our efraud data for your systems and can provide an out of band audit to show anomalies within your environment Come visit us on the web at: Michael Knight Michael.Knight@TrustSphere.com