Challenges and Best Practices in Fighting Financial Fraud in Brazil

Similar documents
Information Security Awareness Videos

The Global ecrime Outlook CERT.br National Report

Phishing and Banking Trojan Cases Affecting Brazil

Evolution of Financial Fraud in Brazil

CERT.br Incident Handling and Network Monitoring Activities

Use of Honeypots for Network Monitoring and Situational Awareness

Fraud and Phishing Scam Response Arrangements in Brazil

honeytarg Chapter Activities

Development of an IPv6 Honeypot

A Multistakeholder Effort to Reduce Spam The Case of Brazil

Incident Handling and Internet Security in Brazil

DNS Amplification Attacks as a DDoS Tool and Mitigation Techniques

Spampots Project Mapping the Abuse of Internet Infrastructure by Spammers

Spampots Project First Results of the International Phase and its Regional Utilization

Cybersecurity and Incident Response Initiatives: Brazil and Americas

Incident Handling in Brazil

Preventing your Network from Being Abused by Spammers

Distributed Honeypots Project: How It s Being Useful for CERT.br

Monitoring the Abuse of Open Proxies for Sending Spam

CERT.br: Mission and Services

SpamPots Project: Using Honeypots to Measure the Abuse of End-User Machines to Send Spam

Phishing Activity Trends

Phishing Activity Trends Report June, 2006

The Importance of a Multistakeholder Approach to Cybersecurity Effectiveness

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

Incident Response and Early Warning Initiatives in Brazil

Phishing Activity Trends Report for the Month of December, 2007

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

Lima, PE May 21, 2015 LAC-CSIRTs Meeting

The Information Security Problem

LACNIC 25 CSIRTs Meeting Havana, Cuba May 4 th, 2016

WEB ATTACKS AND COUNTERMEASURES

Phishing Activity Trends Report. 1 st Half Committed to Wiping Out Internet Scams and Fraud

Current counter-measures and responses by CERTs

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

How To Understand The Security Posture Of Home Internet Users In Australia

Emerging Security Technological Threats

Current Threat Scenario and Recent Attack Trends

Security Incidents And Trends In Croatia. Domagoj Klasić

About Botnet, and the influence that Botnet gives to broadband ISP

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

The anatomy of an online banking fraud

Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com

MALICIOUS REDIRECTION A Look at DNS-Changing Malware

Cyber Security and Critical Information Infrastructure

The State of Spam A Monthly Report August Generated by Symantec Messaging and Web Security

Addressing Big Data Security Challenges: The Right Tools for Smart Protection

Cybersecurity: Thailand s and ASEAN s priorities. Soranun Jiwasurat

The Key to Secure Online Financial Transactions

Phishing Activity Trends Report. 1 st Quarter Unifying the. To Cybercrime. January March 2014

Common Cyber Threats. Common cyber threats include:

COMPUTER-INTERNET SECURITY. How am I vulnerable?

Defending Against Data Beaches: Internal Controls for Cybersecurity

General Service Level Agreement

Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data

Protect Your Business and Customers from Online Fraud

Malware & Botnets. Botnets

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Identity Theft. CHRISTOS TOPAKAS Head of Group IT Security and Control Office

SPAM, VIRUSES AND PHISHING, OH MY! Michael Starks, CISSP, CISA ISSA Fellow 10/08/2015

Computer Security Literacy

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Managing Web Security in an Increasingly Challenging Threat Landscape

LASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains

Information Security. Louis Morgan, CISSP Information Security Officer

WildFire. Preparing for Modern Network Attacks

Microsoft Security Intelligence Report volume 7 (January through June 2009)

Retail/Consumer Client. Internet Banking Awareness and Education Program

Learn to protect yourself from Identity Theft. First National Bank can help.

BE SAFE ONLINE: Lesson Plan

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

The Brazilian Internet Steering Committee CGI.br Internet Governance Model in Brazil

Deciphering and Mitigating Blackhole Spam from -borne Threats

Before the DEPARTMENT OF COMMERCE Internet Policy Task Force

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May TrustInAds.org. Keeping people safe from bad online ads

Spyware Linkages to Malware and its Affects A Multi-Layered Approach to Stopping Information Theft

Phishing Activity Trends Report. 1 st Half Unifying the. Global Response To Cybercrime

LASTLINE WHITEPAPER. In-Depth Analysis of Malware

Trust the Innovator to Simplify Cloud Security

User Documentation Web Traffic Security. University of Stavanger

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010)

3 day Workshop on Cyber Security & Ethical Hacking

E-Banking Regulatory Update

Ten Tips to Avoid Viruses and Spyware

Information Security Threat Trends

Some Perspectives On Cybersecurity. Shernon Osepa Manager Regional Affairs Latin America & Caribbean

Promoting Network Security (A Service Provider Perspective)

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

How to effectively respond to an information security incident

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance

Cyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in

24/7 Visibility into Advanced Malware on Networks and Endpoints

Simplicity Value Documentation 3.5/5 5/5 4.5/5 Functionality Performance Overall 4/5 4.5/5 86%

Cybersecurity Awareness. Part 1

電 子 銀 行 風 險 - 認 證 與 核 實. Fraud Risk Management The Past and the Future 欺 詐 風 險 管 理 - 過 去 與 未 來

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Transcription:

Challenges and Best Practices in Fighting Financial Fraud in Brazil Cristine Hoepers cristine@cert.br CERT.br Computer Emergency Response Team Brazil NIC.br - Network Information Center Brazil CGI.br - Brazilian Internet Steering Committee CERT.br - Brazilian National CERT Created in 1997 as a national focal point to handle computer security incident reports and activities related to networks connected to the Internet in Brazil. 1

Brazilian Internet Steering Committee (CGI.br) Structure 1 Ministry of Science and Technology (Coordination) 2 Ministry of Communications 3 Presidential Cabinet 4 Ministry of Defense 5 Ministry of Development, Industry and Foreign Trade 6 Ministry of Planning, Budget and Management 7 National Telecommunications Agency 8 National Council of Scientific and Technological Development 9 National Forum of Estate Science and Technology Secretaries 10 Internet Expert 11 Internet Service Providers 12 Telecommunication Infrastructure Providers 13 Hardware and Software Industries 14 General Business Sector Users 15 Non-governmental Entity 16 Non-governmental Entity 17 Non-governmental Entity 18 Non-governmental Entity 19 Academia 20 Academia 21 Academia Agenda Evolution of financial fraud in Brazil Cooperation User awareness initiatives 2

Evolution of Financial Fraud in Brazil (1/2) 2001: brute force attacks looking for easy passwords 2002-2003: increase in phishing and heavy use of compromised DNS servers (Pharming) 2003-2004: increase in more sophisticated phishing Phony pages very similar to the real ones Data sent to other sites to be processed Pharming actualy changing the user hosts file Evolution of Financial Fraud in Brazil (2/2) 2005-2007: Traditional phishing very rare (less than 1%) Spams with links to trojans Spam is not associated with the target (usually banks or e-commerce sites) E-mails use the name of well-known institutions or popular sites (airline, charity, shows, telecom, news) The link is usually to an executable, or to html pages with JavaScript or heavilly obfuscated Drive-by downloads are becoming more common Via compromised websites with iframe or a malicious ActiveX or JavaScript 3

Statistics - Trojans Related to Financial Fraud / ID Theft Category Unique hosting URLs Hosts Domains Contacts for the domains/networks IP Addresses IP Allocation s Country Codes Unique trojan samples (unique hashes) Unique trojan samples / day Trojans file names File Extensions AntiVirus signatures (unique) AntiVirus signatures (grouped by family ) Email notifications sent by CERT.br 2006 25087 9671 5587 2143 3859 74 19148 52.56 10155 73 1988 141 18839 2007* 16989 9226 6731 1981 3820 76 14453 47.54 8398 86 2366 105 14930 Includes: Keyloggers Screen loggers Trojan Downloaders Does NOT include: Bots/Botnets Worms General Spyware * January 1 to October 31 Undetected Trojans Sent to AV Companies - 2007 4

AV Detection Rate - 2007 Cooperating to Fight the Problems (1/2) CERT.br focus: Notify sites hosting malware related to frauds and phishing pages Mostly in other countries Other CSIRTs with National Resposibility are being of big help Send undetected malware/trojans to 35+ antivirus vendors Send new trojans to artifact analysis groups Develop user awareness materials Risks, threats, early signs of problems, basic tips, etc Now in use by some banks in awareness campaigns Used by major ISPs to inform their users 5

Cooperating to Fight the Problems (2/2) Regular meetings between CERT.br, financial sector and ISPs Share new trends Discuss best practices CERT.br takes the discussions as input for the CGI.br task forces Define strategies for user awareness spam/phishing detection and prevention Site with Security Information for End Users 6

Site with Security Information for End Users - Book Antispam.br Website - Malicious Code Through E-mail 7

Antispam.br Website - Fraud, Phishing, Scam, etc Other Initiatives Best practices are being translated to Spanish by ANTEL Uruguay Incident Response Team 4 videos Navigating is Necessary Invaders Spam Defense http://www.antispam.br/videos/ 8

Video 1: Navigating is Necessary Video 2: Invaders 9

Video 3: Spam Video 4: Defense 10

Stickers Additional References This presentation (next week) http://www.cert.br/docs/presentations/ Awareness videos http://www.antispam.br/videos/ CERT.br - Computer Emergency Response Team Brazil http://www.cert.br/ NIC.br - Network Information Center Brazil http://www.nic.br/ CGI.br - Brazilian Internet Steering Committee http://www.cgi.br/ 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information