Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC

Size: px

Start display at page:

Download "Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC"

Maude Taylor
6 years ago
Views:

1 Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC 1

2 2013 2

3 3 in 4 3

4 $ 4

5 RSA s Top 10 List 5

8 Trend#1: Mobile Threats Become More Sophisticated and Pervasive TREND1 INTH3WILD 8

9 1,000,000,000 total number of smartphones sold in 2013 Source: IDC Worldwide Quarterly Mobile Phone Tracker, January

10 1 BILLION Android-based smart phones estimated to be shipped in 2017 Source: Canalys Smart Phone Report, June

11 1,000,000 number Apps in Google Play Source: Sundar Pichai, speaking at a Google breakfast briefing, July

12 malicious Android apps in 13 Jumped from in 2012 Source: TrendMicro TrendLabs 12

Personal Finances 530 +76% 300 Mobile bankers in

13 Personal Finances % 300 Mobile bankers in 2012 Mobile bankers in 2013 Source: Juniper Research 13

14 Mobile Threats 14

15 Malicious apps are posing as legitimate apps BANK For Malware Distribution For Phishing Scams 15

16 Games 16

17 Supply chain infection 17

18 SMS Sniffers $350 18

19 Perkele $5K and up 19

20 IBanking ibanking Mobile Bot 20

21 Mtoken mtoken 21

22 Trend#2: Malware Gets More Sophisticated TREND3 INTH3WILD 22

23 Stealthier, more durable botnets Botnets are being created that behave as similarly as possible to legitimate software Hosting a botnet s command-and-control center in a Tor-based network Cybercriminals are building more resilient peer-to-peer botnets, populated by bots that talk to each other, with no central control points An alternative business continuity led approach involves controlling a botnet from a mobile device using SMS messages. 23

24 Tutorials & Trainings 24

25 ChewBacca: POS Malware 25

26 Trade in vulnerabilities 26

27 Stegano-Zeus and more variants to come 27

28 Trend#3: Cybercriminals increase effectiveness and add more services TREND5 INTH3WILD 28

29 Facebook Accounts $1/acct 29

30 Facebook Ads 30

31 Bitcoin stealer 31

32 DDos Attacks for rent $8/hr 32

33 Wanna be liked? 33

34 Big Data Analytics 34

35 Criminals & Big Data 35

36 Criminals & Big Data 36

37 Market Disruptors Extended Customer Base And Workforce Mobile Cloud Big Data Networked Value Chains APTs Sophisticated Fraud Infrastructure Transformation Business Transformation Threat Landscape Transformation Less control over access device and back-end infrastructure More hyper-extended, more digital Fundamentally different tactics, more formidable than ever Copyright 2014 EMC Corporation. All rights reserved. 37

38 Existing Tools Lack Visibility into Criminal Behavior User 2 Factor Authentication Device ID Passwords Network Firewall IPS/IDS Application WAF Penetration Testing Dynamic Scanning Log Analysis/SIEM Source Code Analysis Copyright 2014 EMC Corporation. All rights reserved. 38

Evolving Fraud Threat Landscape In the Wild Begin Session Login Transaction Logout

Layer 7 DDoS Attacks Man in the Middle/Browser Password Cracking/Guessing

39 Evolving Fraud Threat Landscape In the Wild Begin Session Login Transaction Logout Web Threat Landscape Phishing Rogue Mobile App Site Scraping Vulnerability Probing Layer 7 DDoS Attacks Man in the Middle/Browser Password Cracking/Guessing Parameter Injection New Account Registration Fraud Advanced Malware (e.g. Trojans) Account Takeover New Account Registration Fraud Promotion Abuse Unauthorized Account Activity Fraudulent Money Movement Copyright 2014 EMC Corporation. All rights reserved. 39

40 A New Security World In a Constantly Evolving Environment Fraud Evolves so MUST the Response We must focus on people, the flow of data and on transactions Copyright 2014 EMC Corporation. All rights reserved. 40

41 Intelligence-Driven Security Risk-based, contextual, and agile Risk Intelligence thorough understanding of risk to prioritize activity Advanced Analytics provide context and visibility to detect threats Adaptive Controls adjusted dynamically based on risk and threat level Information Sharing actionable intelligence from trusted sources Copyright 2014 EMC Corporation. All rights reserved. 41

RSA Fraud & Risk Intelligence Distinguish

Gain Visibility and Context Balance Security

42 RSA Fraud & Risk Intelligence Distinguish Between a Customer or Criminal Trusted Identities, Actions and Transactions Reduce Fraud & Account Takeover Risk-Based Detection Gain Visibility and Context Balance Security and Convenience Copyright 2014 EMC Corporation. All rights reserved. 42

RSA Fraud & Risk Intelligence Solutions Securing Online User Life Cycle Web Threat Detection (Silver Tail) Adaptive Authentication Adaptive Authentication for

43 RSA Fraud & Risk Intelligence Solutions Securing Online User Life Cycle Web Threat Detection (Silver Tail) Adaptive Authentication Adaptive Authentication for ecommerce FraudAction In the Wild Transaction Monitoring Begin Session Login Transaction Logout Web Threat Landscape Copyright 2014 EMC Corporation. All rights reserved. 43

44 Securing Entire Online User Lifecycle FraudAction Gain Visibility into Cybercrime Underground Detect Phishing and Trojan Attacks Identify Fake Mobile Apps In the Wild Begin Session Login Transaction Logout Web Threat Landscape Copyright 2014 EMC Corporation. All rights reserved. 44

45 Securing Entire Online User Lifecycle Web Threat Detection Real Time Visibility into Pre and Post Login Activity Detect User and Group Anomalous Behavior Identify Precursors to Fraud In the Wild Begin Session Login Transaction Logout Web Threat Landscape Copyright 2014 EMC Corporation. All rights reserved. 45

46 Securing Entire Online User Lifecycle Adaptive Authentication Transparent Risk Based Authentication Challenge Only High Risk Logins Collective Fraud Intelligence Sharing Balance Cost, Risk and Convenience In the Wild Begin Session Login Transaction Logout Web Threat Landscape Copyright 2014 EMC Corporation. All rights reserved. 46

47 Securing Entire Online User Lifecycle Transaction Monitoring Transparently Monitor Transactions Identify High Risk or Anomalous Activities Mitigate Against Advanced Trojan Attacks Collective Fraud Intelligence Sharing In the Wild Begin Session Login Transaction Logout Web Threat Landscape Copyright 2014 EMC Corporation. All rights reserved. 47

48 Securing Entire Online User Lifecycle Adaptive Authentication for Ecommerce Transparently authenticates 3D Transactions Identify High Risk or Anomalous Activities Mitigate Against Advanced Trojan Attacks Collective Fraud Intelligence Sharing In the Wild Begin Session Login Transaction Logout Web Threat Landscape Copyright 2014 EMC Corporation. All rights reserved. 48

49 8000+ Banks, Card Issuers, ISPs, Feeding Partners The RSA Layered Approach Anti-Fraud Command Center Anti-Phishing Anti-Trojan Anti-Rogue App Threat Intel efraudnetwork Fraudulent IP addresses, Device Fingerprints, Mule Accounts AA / TM AAecom Web Threat Detection Copyright 2014 EMC Corporation. All rights reserved. 49

50 RSA Proven Fraud Prevention 8,000 + Global Customers protected by efraudnetwork 500 Million Devices & Credit Cards Secured $7.5 + Billion Fraud Losses Prevented Over 800,000 Cyber Attacks Shutdown Trust in the digital world 50+ Billion Transactions Protected Copyright 2014 EMC Corporation. All rights reserved. 50

RSA Fraud & Risk Intelligence Solutions

RSA Fraud & Risk Intelligence Solutions Separating Customers from Criminals May 2015 1 Mobile Social Identities IOT Alternative Authentication Market Disruptors Biometrics Cross Channel Intelligence Sharing