Protecting Your Business from Online Banking Fraud



Similar documents
Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

Fighting Advanced Threats

Corporate Account Takeover & Information Security Awareness. Customer Training

Securing Your Business s Bank Account

Top tips for improved network security

The Hillstone and Trend Micro Joint Solution

Anti-Phishing Best Practices for ISPs and Mailbox Providers

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

CMPT 471 Networking II

Preventing Corporate Account Takeover Fraud

Protecting your business from fraud

Five Trends to Track in E-Commerce Fraud

MITB Grabbing Login Credentials

Malware, Spyware, Adware, Viruses. Gracie White, Scott Black Information Technology Services

Payment Fraud and Risk Management

Recognizing Spam. IT Computer Technical Support Newsletter

WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security

APPLICATION PROGRAMMING INTERFACE

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Anti-exploit tools: The next wave of enterprise security

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Information Security Awareness

Remote Deposit Quick Start Guide

24/7 Visibility into Advanced Malware on Networks and Endpoints

Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team

The Key to Secure Online Financial Transactions

Don t Fall Victim to Cybercrime:

Retail/Consumer Client. Internet Banking Awareness and Education Program

TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS. Corporate Account Takeover & Information Security Awareness

Identity Theft Protection

Internet Banking Attacks. Karel Miko, CISA DCIT, a.s. (Prague, Czech Republic)

Protect Your Business and Customers from Online Fraud

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Defending Against. Phishing Attacks

FILTERING FAQ

The SMB Cyber Security Survival Guide

Multi-Factor Authentication (FMA) A new security feature for Home Banking. Frequently Asked Questions 8/17/2006

AVG AntiVirus. How does this benefit you?

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking


4/20/2015. Fraud Watch Campaign. AARP is Fighting for You. AARP is Fighting for You. Campaign Tactics. AARP can help you Spot & Report Fraud

Supplement to Authentication in an Internet Banking Environment

eprism Security Suite

Guideline for Prevention of Spyware and other Potentially Unwanted Software

Analyzing HTTP/HTTPS Traffic Logs

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

All Information is derived from Mandiant consulting in a non-classified environment.

Secure FAQs for External Stakeholders

WHITE PAPER. Understanding How File Size Affects Malware Detection

Factoring Malware and Organized Crime in to Web Application Security

Endpoint protection for physical and virtual desktops

Electronic Fraud Awareness Advisory

Recommended Practice Case Study: Cross-Site Scripting. February 2007

Practical Threat Intelligence. with Bromium LAVA

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Quarantined Messages 5 What are quarantined messages? 5 What username and password do I use to access my quarantined messages? 5

IT Security Risks & Trends

AntiVirus and AntiSpam scanning The Axigen-Kaspersky solution

Your security is our priority

BioCatch Fraud Detection CHECKLIST. 6 Use Cases Solved with Behavioral Biometrics Technology

FORBIDDEN - Ethical Hacking Workshop Duration

KASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT. Kaspersky Open Space Security

Malware & Botnets. Botnets

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Firewalls, Tunnels, and Network Intrusion Detection

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL

Using Security to Protect Against Phishing, Spam, and Targeted Attacks: Combining Features for Higher Education

Information Security. Louis Morgan, CISSP Information Security Officer

Stopping zombies, botnets and other - and web-borne threats

Computer Security: Best Practices for Home Computing. Presented by Student Help Desk Merced Community College

Driving Company Security is Challenging. Centralized Management Makes it Simple.

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

Transcription:

Protecting Your Business from Online Banking Fraud Robert Comella, Greg Farnham, John Jarocki October 2009

Objective According to Brian Krebs of The Washington Post, smaller organizations are suffering significant financial loss when accounting staff are identified and their machines compromised with malicious code that accesses passwords and banking credentials. This SANS Technology Institute (STI) Joint Written Project (JWP) will provide guidance organizations can use to mitigate the risk of this attack vector.

Threat Description Organized cyber-gangs in Eastern Europe are increasingly preying on small and mid-size companies in the United States, setting off a multimillion-dollar online crime wave that has begun to worry the nation's largest financial institutions. Brian Krebs, August 25, 2009 Smaller institutions have several disadvantages... Smaller or non-existent IT staff and legal teams, Larger bank balances than individuals, and Fewer protections from fraud. The Bad Guys have figured this out

The Rise of the Bots In 1999, PrettyPark was the first worm to include remote Command and Control (C&C) via Internet Relay Chat. The botnet was born. Gradually, bots were sending billions of emails to sell Viagra and Cialis, and to pump and dump stock. Malware was stealing passwords. But sometime in the mid-2000 s, malware authors learned how to create a lucrative service industry out of crimeware. Financial crimeware today is focused on direct theft of banking credentials, fraudulent transfer of funds to money mules, and even hijacking live online banking sessions with Man-in-the- Browser (MITB) attacks.

Analysis of Crimeware Features (at viruslist.com) Form grabber. The Trojan intercepts all data entered in a form transmitted via the browser. The list of monitored addresses (to which data relating to will be stolen) is made up, as a rule, of banks and payment systems. This is how payment accounts are stolen. The contents of the page are modified on the user's computer prior to the page being displayed by the browser. Before After Simulation based on Sinowal trojan behavior. From viruslist.com

Protect comptroller email Network Detection and Protection - Web Proxy - Email Gateway - Detect Outbound Info Loss Endpoint Protection - Antivirus - Reputation Filtering - Whitelisting Applications Dedicated Host for Financial Transactions - Separate host - Dual Boot - Virtual Machine - ROBAM (Read-Only Bootable Alternative Media)

Protect Comptroller Email Protecting the finance staff from phishing and email-borne crimeware is key. Consider: Using a separate email account dedicated to banking Running the mail client in a sandbox, like Sandboxie: http://www.sandboxie.com/index.php?emailprotection Most malware is delivered by HTML email or attachments, so also consider: Reading email in plain-text format. Here are instructions: http://www2.slac.stanford.edu/comp/messaging/using/plaintext.htm Saving attachments and reading them with a text editor or at least virus scanning them again manually

Network Protection Use a web proxy: Bluecoat $$; Websense $$; Squid (FREE); DansGuardian (FREE) Explicitly set proxy settings rather than using a transparent proxy Use a whitelist to limit Internet sites your PCs can talk to Use a firewall: Block inbound traffic of course, but Also block outbound traffic except from web and email proxy servers Then watch the firewall logs! Any outbound traffic not coming from your proxy servers are either misconfigurations... or EVIL Tools like BotHunter watch for suspicious activity on your network: http://www.bothunter.net/

Endpoint Protection Use antivirus software Signature based as well as behavior based Use reputation filtering Block sites on known bad lists Whitelist applications Only approved binaries should run on your systems Use a dedicated host Separate host, dual boot, virtual machines, or bootable alternative media (see the next slide...)

Read-Only Bootable Alternative Media (ROBAM) A separate computer for banking is a recommended best practice But, extra computers cost & software gets out-of-date Solution: ROBAM provides a step-by-step process for making bootable CD-ROMs and keeping them up-to-date This report includes full details as an Appendix

Monitor Financial Transactions Businesses are not alone in fighting fraud Banks have responsibility and motivation as well Most banks have some level of transaction monitoring Be aware that businesses don't have the same protection as a consumer: FDIC Regulation E protects consumers from fraud if reported in 60 days Small and medium-sized businesses need to monitor transactions carefully and constantly Ask your bank what anti-fraud features they offer You might have to pay more for these features, but they are worth it

Training & Security Awareness and Policy Changes Avoid risky behavior Don't read email in HTML format first Use a dedicated PC for finances Use extra caution on untrusted networks Recognize threats as they are manifested Slow computer; mouse moving by itself; unexpected pop-up windows; suspicious email Provide additional training for the Finance staff and Executives who are prime targets Policy Changes: As a business becomes larger, information security practices need to be formalized

Summary There is a significant threat to Small/Medium Businesses (SMBs) for large financial losses SMBs need to recognize the risk and take actions A Defense in Depth approach is required Several Mitigation Steps are Required The top recommendation is to use read-only bootable alternative media (ROBAM) to provide a secure isolated environment for financial transactions

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information