RSA ADVANCED FRAUD INTELLIGENCE

Similar documents
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

RSA Adaptive Authentication For ecommerce

CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

INTELLIGENCE DRIVEN FRAUD PREVENTION

Security Analytics for Smart Grid

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

IBM Security X-Force Threat Intelligence

Advanced Threat Protection with Dell SecureWorks Security Services

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Addressing Big Data Security Challenges: The Right Tools for Smart Protection

Security Intelligence Services.

MALWARE TOOLS FOR SALE ON THE OPEN WEB

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

How To Create An Insight Analysis For Cyber Security

DETECT MONITORING SERVICES MITIGATING THE EPSILON BREACH SUMMARY

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

ONLINE AND MOBILE BANKING, YOUR RISKS COVERED

Separating Signal from Noise: Taking Threat Intelligence to the Next Level

The author(s) shown below used Federal funds provided by the U.S. Department of Justice and prepared the following final report:

Fraud Threat Intelligence

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

2012 Bit9 Cyber Security Research Report

BEHIND THE SCENES OF A FAKE TOKEN MOBILE APP OPERATION

Gaining the upper hand in today s cyber security battle

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

AANVAL INDUSTRY FOCUS SOLUTIONS BRIEF. Aanval for Financial Services

Selecting the right cybercrime-prevention solution

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

ACCOUNT TAKEOVER TO IDENTITY TAKEOVER

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

Into the cybersecurity breach

Overcoming Five Critical Cybersecurity Gaps

Increase insight. Reduce risk. Feel confident.

Spear Phishing Attacks Why They are Successful and How to Stop Them

How To Integrate Intelligence Based Security Into Your Organisation

CYBER SECURITY INFORMATION SHARING & COLLABORATION

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper

Executive Summary. McAfee Labs Threats Report: Third Quarter 2013

CITADEL TROJAN OUTGROWING ITS ZEUS ORIGINS

Fraud Solution for Financial Services

We believe successful global organisations can confront fraud, corruption and abuse PwC Finland Forensic Services

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

Detect & Investigate Threats. OVERVIEW

Information Security Incident Management Guidelines

A Primer on Cyber Threat Intelligence

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Reducing the Cost and Complexity of Web Vulnerability Management

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

CSM-ACE 2014 Cyber Threat Intelligence Driven Environments

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

Accredited Reporter Program Introduction

Overall, which types of fraud has your organisation experienced in the past year?

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

PHISHING IN SEASON TAX TIME MALWARE, PHISHING AND FRAUD

Rich Baich Principal March 22, 2012

ETPL Extract, Transform, Predict and Load

Reducing Cyber Risk in Your Organization

Making critical connections: predictive analytics in government

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

McAfee Network Security Platform

Discover & Investigate Advanced Threats. OVERVIEW

Securing Internet Payments across Europe. Guidelines for Detecting and Preventing Fraud

How To Buy Nitro Security

Integrating MSS, SEP and NGFW to catch targeted APTs

Who s Doing the Hacking?

Doyourwebsitebot defensesaddressthe changingthreat landscape?

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Security strategies to stay off the Børsen front page

Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention. White Paper

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR

Can We Become Resilient to Cyber Attacks?

Attack Intelligence: Why It Matters

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Balancing Cloud-Based Benefits With Security. White Paper

Best Practices in Account Takeover

IBM Security QRadar Vulnerability Manager

REPORT State of Vulnerability Risk Management

CYBER SECURITY, A GROWING CIO PRIORITY

Teradata and Protegrity High-Value Protection for High-Value Data

Cyber intelligence exchange in business environment : a battle for trust and data

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

WHITE PAPER Moving Beyond the FFIEC Guidelines

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

CYBERCRIME AND THE HEALTHCARE INDUSTRY

Threat Intelligence for Dummies. Karen Scarfone Scarfone Cybersecurity

Introducing IBM s Advanced Threat Protection Platform

Digital Evidence and Threat Intelligence

Transcription:

RSA ADVANCED FRAUD INTELLIGENCE Service Description AT A GLANCE RSA s Advanced Fraud Intelligence is a service that provides organizations with the actionable intelligence they need to better understand and counteract today s cyber-fraud threats. The service can help organizations: Identify Threat Clusters across phishing and malware attacks Identify Threat Vectors - potential weaknesses in processes and procedures that are leveraged by fraudsters in their attacks Identify the criminals behind the attacks Carry out Targeted Research by leveraging RSA s team of experienced threat researchers and investigators RSA FRAUDACTION Cybercrime, fraud, and online attacks are becoming increasingly sophisticated every day. What is your plan to best mitigate the threats they pose to your organization? RSA FraudAction is a proven suite of services geared toward preventing and mitigating online threats. RSA FraudAction enables organizations to minimize resource investment while deploying an efficient solution quickly. FraudAction offers fraud protection from phishing, Trojan, and mobile rogue app attacks, with its intelligence service being the advanced choice for financial institutions and large organizations that provide web-based services and are therefore exposed to fraud through the online channel. In 2014, FraudAction Services have: Detected nearly 500,000 phishing attacks globally (~1 attack/minute) Analyzed over 20 billion malware samples (~400k/week) Recovered over 10 million actionable intelligence findings from the deep web RSA ADVANCED FRAUD INTELLIGENCE The online channel has never before experienced such a sophisticated and globallyintegrated technological crime network as it faces today. Cybercriminals have new tools at their disposal, and are becoming more adaptive than ever. Phishing continues to be one of the fastest growing types of online fraud. Each month, there are tens of thousands of unique phishing attacks targeting organizations of all types and sizes. And while financial institutions have traditionally been the primary focus, fraudsters are now waging attacks in other industries such as government, healthcare, retail, insurance, and education. Given the many channels that fraudsters use to carry out their attacks, gaining a wide-angle perspective on the threat has become a necessity. To do this, organizations must collect, consolidate and correlate threat data from many different sources a task that could prove to be extremely resource intensive. RSA s Advanced Fraud Intelligence (AFI) is a service that provides organizations with actionable intelligence that they need to better understand and counteract today s advanced cyber-fraud threats. AFI can help organizations: Identify Threat Clusters across phishing and malware attacks Identify Threat Vectors: potential weaknesses in processes and procedures that are being leveraged by fraudsters in their attacks Identify the criminals or groups behind the attacks AFI Service Description H14126

The service leverages various sources of intelligence, including forensic data from hundreds of thousands of online attacks (SIGINT), and from human intelligence (HUMINT) operations monitoring online forums within the criminal underground. These venues serve fraudsters as platforms and/or hubs for exchanging and sharing their criminal tools, including phishing kits know-how, trade craft, selling fraud-related services, and trading compromised information such as payment card and bank account details. Leveraging highlyskilled expertise and nearly a decade of knowledge of the fraud underground environments, the dedicated RSA team is very adept at maintaining a longstanding and watchful presence in the different cybercrime communities it monitors. The vast quantities of data amassed is then consolidated and correlated by the dedicated RSA team to provide unique insight into the criminal activities and the methods used to commit fraud. These insights are translated into a monthly ThreatTracker report one of our many service deliverables that tracks the different aspects of attacks targeting your organization. OUR INTELLIGENCE OPERATION RSA s team monitors the fraud underground to gather intelligence and deliver it to your organization. A dedicated RSA team (whose members have military experience and are multilingual), monitors cyber-criminal web forums, IRC chat rooms, Twitter feeds, open source intelligence (OSINT), and other communication channels. Often, direct encounters with the fraudsters lead to uncovering specific methods of operation, and reveal emerging fraud trends. The RSA team works to: Report on a wide range of underground services that facilitate identity-theft and cybercrime, and recognize emerging threats and fraud trends Identify cashout and cross-channel exploits targeting your organization(s) worldwide Uncover mule accounts and item drops Reveal underground stores selling compromised online banking and payment card accounts Enable coordination of sting operations to reveal the fraudster s infrastructure (including insiders) Collaborate with law enforcement agencies worldwide to provide intelligence conducive to investigations, and indictments of fraud perpetrators and their accomplices Leveraging RSA highly-skilled expertise and nearly a decade of knowledge about fraud and the fraudsters underground involvement, the RSA Team is very adept at maintaining a longstanding and watchful presence in the different cybercrime communities it monitors. One of the benefits of choosing RSA is the ability to leverage other RSA products for deeper fraud investigations. The efraudnetwork, VBV/MCSC registrations and transactions, and the 24/7 Anti-Fraud Command Center (AFCC) data repository are only a few of the RSA resources leveraged by our intelligence operation to offer unparalleled quality of service. AFI SERVICE DELIVERABLES The following are the deliverables provided by the Advanced Fraud Intelligence: THE THREATTRACKER REPORT A monthly report that provides a holistic and insightful view into the threat your organization faces, including attack clusters, threat vectors, and the actors behind the attacks. TARGETED INTELLIGENCE As findings are made that relate directly to your organization(s), notifications are immediately sent out to alert you to the threat, providing as much info and actionable intelligence as possible.

TARGETED DATA FEEDS Machine-readable intelligence feeds providing intelligence that may be directly associated with your organization. TARGETED RESEARCH With the continued strain placed on security teams, the ability to carry out research requests and investigations is limited. Targeted Research provides you with the ability to request research and investigations into different indicators - on demand. THE THREATTRACKER REPORT The ThreatTracker report provides a holistic and insightful view into the threat your organization faces by consolidating data gathered from our Phishing, malware, and cybercrime intelligence operations. The data is correlated and contextualized to deliver insight into three key areas: Threat Clusters With Phishing and malware attack volumes constantly rising (in 2014 the AFCC detected nearly 500,000 attacks worldwide, signifying an 11% increase over the previous year), it becomes increasingly difficult to assess the risk associated with each attack. Does each Phishing attack carry the same level of risk? Is a specific Trojan attack considered a more significant threat than another? With the increase in attack volumes, more noise is generated in the system and assessing risk becomes challenging. RSA AFI takes a holistic approach to assessing the threat (or risk) level by gathering and correlating data points from across the different attacks, identifying commonalities, and connecting attacks together based on numerous similarities and advanced corrolation algorithms into a Threat Cluster. The Threat Cluster represents an attack campaign targeting your organization. By clustering attacks together, we can better understand the severity of a single attack and of the entire cluster. The ThreatTracker report will provides insight into specific clusters, as well as graphs showing cluster trends over time. Figure 1. THREAT CLUSTER MAP A Threat Cluster map showing the relationships between different attacks and the actor behind them.

Threat Vectors After identifying the Threat Clusters, we further analyze each attack, and the entire cluster itself, to better understand the method(s) by which the threat actor will attempt to defraud your organization. By analyzing the data elements requested in phishing and malware attacks, and correlating them with our underground intelligence, we are able to indicate the probable vector (online banking, telephone/call center, ATM, etc.) the attacker will leverage to complete his attack. The ThreatTracker is a powerful tool that can allow your organization, at a glance, to better understand the threats they face, assess them, and plan mitigation steps accordingly. Furthermore, Threat Vectors will alert you to anomalous data elements requested in attacks, which can provide insight into new attack tactics being tested by fraudsters. Figure 2. THREAT VECTORS Analysis of Threat Vectors over time Threat Actors Through our detailed analysis of attacks, and by leveraging our human intelligence operations, we work to identify the actors behind the attacks targeting your organization. As we piece the evidence together, we create actor profiles and attribute attacks to specific attackers. Once identified, we continue to track and monitor the actor s activity, and report on any new findings we come across. The ThreatTracker is a powerful tool that can allow organizations, at a glance, to better understand the threats they face, assess them, and plan mitigation steps accordingly.

TARGETED INTELLIGENCE Beyond correlating data points collected from phishing and malware attacks targeting your organization, the RSA team continuously monitors cybercriminal communication chatter for specific mention of your organization and/or brands. Once such chatter is identified, we send out an alert, and depending on its severity and credibility, investigate further to provide you with as much information as possible on the threat. The alerts will provide classification information including severity and credibility as well as the targeted channel, geography, and indicators when they are available. Figure 3. CYBERCRIME FORUM POST A forum post discussing a compromised account within a specific financial institution TARGETED DATA FEEDS Targeted data feeds are structured intelligence feeds that your organization can leverage to prevent future fraud attempts as well as confirm past fraud incidents. The following feeds are offered: CC Feed: A daily report of compromised Credit/Debit card numbers traced in the underground CC Preview Feed: Contains previews of automated Credit Card stores Mule Feed: The Mule Feed is a list comprised of mule accounts recovered by the Intelligence team IP Feed: A daily report comprised of IP-addresses of interest, including IP addresses of proxies/socks, RDPs, open source proxies, bad IPs, and fraudster IPs - mostly found in cybercrime and fraudster-published lists Email Feed: Contains hacked email accounts, spam email lists, and proprietary corporate emails Item Drop Feed: Contains physical mailing addresses used for the receipt of fraudulently purchased merchandise

TARGETED RESEARCH Targeted Research provides you with the ability to request cybercrime research or investigations - on demand. Whether it is an IP address, an actor s handle, or a specific Anonymous op, our team of experienced researchers will leverage proprietary technology to search a variety of data sources for further intelligence. We can also maintain an active monitor that will send an alert whenever a finding is made. SUMMARY Today s landscape requires a much wider view of the threat facing your organization. Being able to collect and correlate data from different sources will be a key factor to successfully assessing risk and prioritizing response. Understanding the links between phishing and malware attacks and correlating that data with underground intelligence is exactly what RSA s Advanced Fraud Intelligence is designed to do. RSA Advanced Fraud Intelligence offers you a single external threat management service with proactive detection and mitigation of online threats such as phishing, Trojans and mobile rogue apps, and we continue to monitor and track threats and threat actors as long as it takes to make your business safe from intrusion. EMC 2, EMC, the EMC logo, RSA, the RSA logo, Advanced Fraud Intelligence, AFI, FraudAction, and ThreatTracker are registered trademarks or trademarks of EMC Corporation in the United States and other countries. VMware is a registered trademark or trademark of VMware, Inc., in the United States and other jurisdictions. Copyright 2015 EMC Corporation. All rights reserved. Published in the USA. 4/2015 AFI Service Description - H14126 RSA believes the information in this document is accurate as of its publication date. The information is subject to change without notice.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information