CUSTOMERS & CRIMINALS: USE WEB SESSION INTELLIGENCE TO DETECT WHO IS WHO ONLINE

Similar documents
Analytics, Big Data, & Threat Intelligence: How Security is Transforming

RSA Web Threat Detection

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

DETECTING SOPHISTICATED ONLINE ATTACKS WITH STREAMING ANALYTICS

Protect Your Business and Customers from Online Fraud

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

The 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season

Beyond passwords: Protect the mobile enterprise with smarter security solutions

10 Things Every Web Application Firewall Should Provide Share this ebook

Where every interaction matters.

OVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft

Agenda , Palo Alto Networks. Confidential and Proprietary.

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT

BASELINE SECURITY TEST PLAN FOR EDUCATIONAL WEB AND MOBILE APPLICATIONS

Rational AppScan & Ounce Products

[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks

Advanced Persistent Threats

3 day Workshop on Cyber Security & Ethical Hacking

HP ArcSight User Behavior Analytics

CS5008: Internet Computing

What Next Gen Firewalls Miss: 6 Requirements to Protect Web Applications

FSOEP Web Banking & Fraud: Corporate Treasury Attacks

Application Security Testing. Generic Test Strategy

Fighting Cyber Crime in the Telecommunications Industry. Sachi Chakrabarty

Five Trends to Track in E-Commerce Fraud

Web Application Security Considerations

Six Essential Elements of Web Application Security. Cost Effective Strategies for Defending Your Business

Detailed Description about course module wise:

National Cyber Security Month 2015: Daily Security Awareness Tips

Using Foundstone CookieDigger to Analyze Web Session Management

DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario

INTRUSION DECEPTION CZYLI BAW SIĘ W CIUCIUBABKĘ Z NAMI

September 20, 2013 Senior IT Examiner Gene Lilienthal

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

TrustDefender Mobile Technical Brief

BioCatch Fraud Detection CHECKLIST. 6 Use Cases Solved with Behavioral Biometrics Technology

DATA SHEET. What Darktrace Finds

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

2015 TRUSTWAVE GLOBAL SECURITY REPORT

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Rashmi Knowles Chief Security Architect EMEA

APIs The Next Hacker Target Or a Business and Security Opportunity?

Protecting your business from fraud

Bank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM

Web Security. Discovering, Analyzing and Mitigating Web Security Threats

SecurityMetrics Vision whitepaper

Marble & MobileIron Mobile App Risk Mitigation

RSA Security Anatomy of an Attack Lessons learned

WHITEPAPER. Real Time Trust Analytics Next Generation Cybercrime Protection

Magento Security and Vulnerabilities. Roman Stepanov

CYBERTRON NETWORK SOLUTIONS

An Anatomy of a web hack: SQL injection explained

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

Bridging the gap between COTS tool alerting and raw data analysis

Visualizing Threats: Improved Cyber Security Through Network Visualization

Protecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks

Rise of the Machines: An Internet-Wide Analysis of Web Bots in 2014

Web Engineering Web Application Security Issues

Device Fingerprinting and Fraud Protection Whitepaper

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

The Top Web Application Attacks: Are you vulnerable?

Web Application Security

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Complete Protection against Evolving DDoS Threats

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Fighting Advanced Threats

Security and Privacy

THE EVOLUTION OF SIEM

The Key to Secure Online Financial Transactions

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

Web application security

Mobile E-Commerce: Friend or Foe? A Cyber Security Study

STOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect

Prevent Malware attacks with F5 WebSafe and MobileSafe. Alfredo Vistola Security Solution Architect, EMEA

Developing Secure Software in the Age of Advanced Persistent Threats

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering

ACI Response to FFIEC Guidance

WHITE PAPER Moving Beyond the FFIEC Guidelines

What is Web Security? Motivation

Transcription:

CUSTOMERS & CRIMINALS: USE WEB SESSION INTELLIGENCE TO DETECT WHO IS WHO ONLINE Jason Sloderbeck Silver Tail Systems, Part of RSA Session ID: SPO1-W22 Session Classification: General Track

Question Do criminals in a retail store behave differently from typical customers?

Retail Circa 2013 Security cameracapture events Security Guard stop shoplifters Price tag swapper- Mis-representing prices Cashier Protect & Ensure sales Shoplifter- Taking items

Question Do criminals on your web site behave differently from typical customers?

The Web Has Evolved Web Transaction vs Web Interaction

Big Data Meets Web Sessions Just Logs Limited transaction visibility No traceability into behavior Disconnected story Full Session Data Click-by-click visibility Entire HTTP request insight Understand behavior

Behavioral Analytics

Population-based Behavior

Man-in-the-Browser Attack Criminals Look Different than Customers Velocity Page Sequence Origin Contextual Information

Business Logic Abuse

What is Business Logic Abuse? Business logic abuse results when a criminal uses the legitimate pages of the website to perpetrate cyber attacks, hacks or fraud. Source: Ponemon Institute The Risk of Business Logic Abuse: U.S. Study (September 2012)

Scope of Business Logic Abuse Site Scraping Account Hijacking Password Guessing Pay-per-click Fraud Fraudulent Money Testing Stolen Credit Cards Movement Denial of Service Vulnerability Probing ecoupons ewallet Abuse App Store Abuse Mass Registration

Survey of US IT Executives 90% Report lost revenue due to Business Logic Abuse 64% No clear visibility into their web session traffic 74% Can t tell if a web session is a customer or a criminal 1/3 Do not know who is responsible for addressing business logic abuse

Real-world Examples

Vulnerability Probing What were they doing? Jiggling doorknobs Probing for vulnerabilities Site reconnaissance What looked suspicious? Sub-second clicks Modified user-agent strings Alphabetical page requests Multiple password reset attempts Requests for non-existent pages

Horizontal Password Guessing What was happening? Testing a common password e.g. Faceb00k! What looked suspicious? Spike in login page hits Multiple login attempts with one password Scripted variability Elevated behavior scores for sessions driving the spike

Mobile Account Penetration What were they doing? Stealing credentials on public WiFi from low-security mobile application Spoofing mobile user agents Different UA Strings What looked suspicious? Cluster of IPs generated a high behavior score Clickstream showed the same cookie being used by two devices Same Cookie

Fraudulent Money Movement What where they doing? Compromising accounts with malware Creating a virtual account number (VAN) Receiving a new line of credit Maxing credit limit with fraudulent purchases Clickstream shows different IPs, UA strings and activities intermingled What looked suspicious? High Man-in-the-Middle score Fast clicks Multiple IP addresses in one session IPs traced to disparate geographies User-agent variation

E-Commerce Fraud The customer knew the what Omniture reported revenue drop for affiliate orders New Seasonal Promotion Behavior exposed the how in minutes Users added a sale item to their cart The sale price persisted in the cart after the sale ended Users stacked the next promotion in their cart Inconsistent price floors were exploited Accepted orders were sub-floor or negative value Cart Logic Flaw Staring at a sixfigure loss in an Afternoon

Session DDoS What where they doing? Application resource exhaustion Botnets sending Search, Login New Account, Purchase queries What looked suspicious? Device ID / User-Agent randomization Thousands of IP addresses were acting in concert Identical activity on a specific set of pages

Spectrum of Threats Beginning of Web Session DDOS Attacks Site Scraping Vulnerability Probing Parameter Injection Login Man In The Browser Password Guessing New Account Registration Fraud Man In The Middle Promotion Abuse Account Takeover Transaction and Logout High Risk Checkout Unauthorized Account Activity Fraudulent Money Movement

Thank You jason.sloderbeck@rsa.com info@silvertailsystems.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information