ONLINE AND MOBILE BANKING THREATS

2y ago
23 Views
2 Downloads
1.76 MB
23 Pages
Last View : 1m ago
Last Download : 2m ago
Upload by : Camille Dion
Transcription

ONLINE AND MOBILEBANKING THREATS

ONLINE PAYMENTS ARE VERY POPULAR BUT NOT SECURE98%of respondents regularly use onlinebanking , online shopping or epayment services59%of users have concerns aboutbanking fraud online69%of people fear for the safety of theirpersonal data (including bankingcredentials)Kaspersky Lab and B2B International Study - 8,605 respondents,19 countrieshttp://media.kaspersky.com/pdf/Kaspersky Lab B2C Summary 2013 final EN.pdf2

WHICH TYPE OF DATA LOSS IS MOST CRITICALTO INTERNET USERS?Personalemail messagesPasswords,account s Interactive Kaspersky Digital Consumers Internet Security Needs - Topline Report, 20123

ATTACKING THE BANK VS. ATTACKING THE USER Before criminals usedto crack the banks But it’s too expensive,complicated and risky Now they fraud usersto steal money from them And unfortunately they arevery successful in doing that4

TODAY CYBERCRIMINALS SELL USER CREDENTIALSIN AN EASY WAY- LIKE IN A SHOP5

PROBLEMS USERS ENCOUNTER WHILE ONLINEProblems usersencounter while online36% of malware incidentsresulted in financial lossDid you incur any financial costs as aresult of a virus / malware infection?Banking trojans worldwideZeusCarberp36%YES64%NOSource: Kaspersky Lab, September 201367,2%SpyEye4,4%Shiz4,2%SinowalMore than 25% of consumershave experienced a malwareincident during last 12 months72,1%Other2,0%10,1%

YOU THOUGHT YOU WERE PROTECTING YOUR USERS . .”AND YOU THOUGHT YOU WERE SAFE!”Online banking site:login, passwordCarberpAuthorization:CVV2ZeusOne time passwords:SMS, Token, printed receipts, TAN generatorsCarberp, SpyEye,Zeus for mobile, LurkTransaction approval:cell phoneSpyEyeRead more details in “Staying safe from virtual 4792304/Staying safe from virtual robbers7

HOW THE FRAUD WORKS8

MODERN PROTECTION MECHANISMS USED BY BANKSVS. BANKING TROJANSAuthentication:login/password, CVV2,SMS, printed receipts9ZEUS

ZEUS — MAIN FEATURESMost widespread online banking trojan out thereZeuS tracks which keys the user presses — virtual orphysical (keyloging, screenshooting)ZeuS uses web injections — Man in the Browser attacksZeuS is capable of bypassing the most advanced banksecurity system, bypassing 2-factor authentication systemsSpreads through social engineering and drive-bydownloads10

MODERN PROTECTION MECHANISMS USED BY BANKSVS. BANKING TROJANSAuthentication:login, password, SMS11Carberp

CARBERP: BANK CLIENT SOFTWARE KEYSData theft technologies:Injection in the web browserInterception of payment dataFake notice/ popups12

CARBERP: BANK CLIENT SOFTWARE INTERCEPTORIntercepted data(CVV/CVC, PIN etc.)13

MODERN PROTECTION MECHANISMS USED BY BANKSVS. BANKING TROJANSAuthentication:login/password, SMS, Token,TAN generators, Cam capture14SpyEye

SPYEYE: TAN GENERATORS BYPASSTAN benefits:The user must have theunique deviceThe user must know the PINUnique transaction code15

SPYEYE: CHIPTAN BYPASS BY MEANS OF SOCIAL ENGINEERINGUser sees fake Warningwindow on banking pageUser sees fakeinformation abouttransaction to his accountUser is requestedto refund moneyUser enters one timepasswords for makingtransaction and transfers hisown money to cybercriminals“One of your recent transactions was completed by mistake. You have received somefunds that were designated to another recipient. Please refund the money back assoon as possible. Thank you!”16

SPYEYE: SPYING VIA A WEBCAMEverything you say on the phone are recorded by cybercriminals17

MODERN PROTECTION MECHANISMS USED BY BANKSVS. BANKING TROJANSAuthentication:Token18Lurk

LURK: DISTRIBUTION AND PRINCIPLES OF WORKTOKEN Bypass:Blocks the workstation whenthe token insideRemote access to theworkstation for cybercriminalsLURK19

MOBILE THREATSZitMoZeus in the MobileOne time passwords:SMSSpitMoSpyEye in the MobileCitMoCarberp in the Mobile20

MOBILE THREATS: FEW EXAMPLESCyberSafe AppHow it worksBy means of social engineeringuser is advised to download theapp from an online storeThe app is malicious, once it’sinstalled it steals one time SMSauthentication passwordsSMS Authorization codes stealing21

CONCLUSIONSFinancial malware is getting more targetedNew protection measures introduced by banks arequickly cracked/bypassedTargeted attacks are getting widespread and almostbecoming a routineThere is a lot of space for vulnerability exploitation22EffectiveSECURITYSOFTWAREis a must

LET'S TALK?KFP HQ@kaspersky.comwww.kaspersky.com/fraudprevention

ZEUS — MAIN FEATURES 10 Most widespread online banking trojan out there ZeuS tracks which keys the user presses — virtual or physical (keyloging, screenshooting) ZeuS uses web injections — Man in the Browser attacks ZeuS is capable of bypassing the most advanced bank security system, bypassing 2-factor authentication systems

Related Documents:

the user identification that you select to access Online Banking and MidFirst Mobile. Your User ID should be kept confidential. ee. You, your, yours: the individual using Online Banking or MidFirst Mobile and accepting and/or agreeing to this Agreement by using Online Banking or MidFirst Mobile. 2. Online Banking Features and Services . a.

PERSONAL ONLINE, MOBILE AND TELEPHONE BANKING Online Banking As part of the conversion, your Farmers National Bank online banking will be converted to FirstBank online banking. Farmers National Bank online banking will be unavailable after May 15. You'll have FirstBank online banking access beginning Monday, May 18, at 8 a.m. CT. Unless you .

Not all services specified above are available through Mobile Banking Services. 5. Mobile Banking Services Washington Federal offers banking services on your Mobile Device through Mobiliti. Our Mobile Banking Service is an Internet-based platform you access via a URL from your Mobile Device's browser or by downloading an App from

mobile banking is to make inquiries about account balances (94% of mobile banking users); the second and third most used services are money transfers and receiving alerts (61% and 57% of mobile banking users, respectively). Also during 2014, 51% of mobile banking users performed at least one inquiry using this channel, up from 38% during 2013.

Mobile Banking Agility Generally, mobile banking is the act of making financial transactions on a mobile device that is cell phone, tablet, etc. [16]. Thus mobile banking agility in the banking sector refers to the extent to which commercial banks thrive in the competitive era by

banking can be defined as the way of carrying out a financial transaction with the help of mobile devices, anytime and anywhere (Regmi, 2015). Mobile banking can also be described as an electronic banking mechanism or electronic commerce that helps serve financial services through mobile phone technology. Mobile banking is done through a .

Mobile App Banking With Mobile Check Deposit/ Remote Deposit Capture (RDC) INTRODUCTION Using Mobile App members can use their It's Me 247 logon to gain access to mobile check deposit, mobile banking, transfer money, and much more. Interested in getting started with Mobile App and Mobile Check Deposit? Read this helpful booklet to learn more .

Key words: Internet Banking, Electronic Banking, Digital Banking. 1. Introduction: Digital banking means the digitalization of all traditional activities of bank through ATM machines, debit cards, credit cards, mobile banking, electronic banking, virtual cards and others. With the help this instruments the consumer doing bill payments, with