Steven D Alfonso Financial Crimes Intelligence Specialist IBM RedCell

Size: px

Start display at page:

Download "Steven D Alfonso Financial Crimes Intelligence Specialist IBM RedCell"

Rose Virginia Montgomery
6 years ago
Views:

2 Agenda Steven D Alfonso Financial Crimes Intelligence Specialist IBM RedCell Agenda: Current Financial Crime Environment Data Breaches Current Security Environment Dark Web ATM Attacks & Point of Sale Attacks Call Spoofing Social Engineering Attacks Trends from the West - Synthetic Identity Fraud & Car Shipping Schemes 2

3 Financial Crimes Environment Convergence Schemes and groups converging make it a potent environment for organizations and their customers 3

Data Breaches -2014 The Year of the Breach The World s Biggest Data Breaches since 2013 600+ breach events confirmed since January 2015 Financial institutions are blind to which of their customers

4 Data Breaches The Year of the Breach The World s Biggest Data Breaches since breach events confirmed since January 2015 Financial institutions are blind to which of their customers are being breached elsewhere address spoofing or account takeover to send wire transfer requests Source: 4

5 Cyber Attack Sophistication Attack Sophistication Current Security Environment Organizational Security Organizational Security 5

6 Current Security Environment - How do they get in? Tactics: Social engineering Phishing Spear phishing Smishing Vishing Targets: Employees Executives Vendors 6

7 Current Security Environment - Where to Focus Organizational Resources If Organizational Security Decreased Data Breaches Organizational Security Then: Focus resources on rapid detection 7

8 8

9 Dark Web What is it? TOR Developed for US Naval Intelligence Operations Open and free Provides anonymity while traversing the Internet Protects against traffic analysis Needed for access to sites selling illicit goods and services GRAMS Darknet search engine Darknet Google 9

10 Dark Web What is it? GRAMS search resultsprovide a mix of legitimate sites with those promoting illicit goods, services and how to guides 10

11 Dark Web What is it? Hundreds of illicit marketplaces Sell everything from counterfeit clothing to drugs Difficult for law enforcement to locate and shut down Most popular was Silk Road 11

12 Darknet Carding site example 12

13 Darknet Carding Site Example 13

14 Darknet Carding Site Example 14

15 Darknet Carding Site Example 15

16 Darknet Forums Example of a service offering from an underground forum Example from a forum advertising login IDs, credit cards, and FULLZ, likely from and adult pay site like Ashley Madison 16

17 Darknet Fullz for sale Complete name, address, phone numbers, date of birth Government issued ID numbers and driver s license Complete banking and credit card information Example of a data breach victim s information for sale Known as a FULLZ A Fullz is the complete or full information of a data breach victim More banking information including mother s maiden name 17

18 Darknet UK Fullz Complete name, address, phone numbers, date of birth Government issued ID numbers and driver s license Complete banking and credit card information More banking information including mother s maiden name 18

19 Darknet Specific Targets No one is Safe 19

20 Darknet Cyber Services 20

21 Financial Crime Tactics 21

22 Financial Crime Tactics Skimming 22

ATM Attacks New Malware Suceful ATM Malware Targets the consumer and multiple vendors, which is unlike past ATM malware Can capture: o Track 1 & 2 data from magstripe o Chip

23 ATM Attacks New Malware Suceful ATM Malware Targets the consumer and multiple vendors, which is unlike past ATM malware Can capture: o Track 1 & 2 data from magstripe o Chip data o Can force retention of cards (Trapping) o Malware control via ATM pin pad control Very new - implemented August 25, 2015 Detected and reported by FireEye September 11 23

24 Financial Crime Tactics 24

25 Financial Crime Tactics Skimming Major Data Breaches Q to Present Restaurants Taverns / Pubs / Bars Small Retail Stores Family Businesses Massive Data Breaches to Small Distributed Breaches 25

26 Financial Crime Tactics 26

Financial Crime Tactics Spoofing URL for website: https://www.spooftel.

Changing voice pitch could defeat voice biometric counter-measures The next step is to enter the number

27 Financial Crime Tactics Spoofing URL for website: This is the telephone number that will actually be placing the call. Changing voice pitch could defeat voice biometric counter-measures The next step is to enter the number that will be called. This will add background noise to the call or help disguise voice. This is the number that the caller wants to show up on the caller id display. 27

28 Financial Crime Tactics 28

29 Financial Crime Tactics Phishing and Vishing attacks Less technology (malware) involved Focus on deceiving unaware consumers o Phishing s may encourage victims to call a number purporting to be that of their bank o Victim s call and are to provide credit card number to activate or unblock the account o Up to 45% that call will give out their numbers Current Trends Spear-phishing targeting businesses and organizations Business compromise o Estimated $1 billion USD business in 2015 Wire transfer fraud 29

30 Financial Crime Tactics Phishing attacks 30

Financial Crime Tactics Phishing attacks that morph into Vishing attacks Dyre Wolf o Combines technology with social engineering tactics o Eastern European cyber gang o Advanced social engineering

31 Financial Crime Tactics Phishing attacks that morph into Vishing attacks Dyre Wolf o Combines technology with social engineering tactics o Eastern European cyber gang o Advanced social engineering scheme o Used the scheme to steal more than $1 billion so far Shifu o Newest identified banking malware o Similar characteristics to Dyre o Targeting banks in Japan and some Europe banking platforms 31

32 Financial Crime Tactics Trends from the West 32

Financial Crime Tactics Synthetic ID Fraud With whom are

Synthetic Identity fraud (SIF) is a fraud that involves the

New identities are manufactured with a combination of real

New Name Valid & Issued SSN Different Address Synthetic

33 Financial Crime Tactics Synthetic ID Fraud With whom are you or your customers doing business? Synthetic Identity fraud (SIF) is a fraud that involves the creation of a fictitious identity. New identities are manufactured with a combination of real and fabricated information. New Name Valid & Issued SSN Different Address Synthetic Identity Synthetic ID Fraud Implications Financial Losses Hiding in plain sight Money laundering facilitation National security Growing globally 33

34 Financial Crime Tactics Synthetic Identity Fraud Synthetic ID Ring stole over $200MM Scope 7,000 Synthetic Identities 25,000 Credit Cards 169 Bank Accounts* 1,800 Mailing Addresses 80 Fraudulent Merchants 28 States AL, AZ, CA, CT, FL, GA, ID, IL, IN, IA, KS, KY, ME, MD, MI, MS, MO, NJ, NY, NC, OH, PA, TX, UT, VT, VA, WA, and WI 8 Countries The United States, Canada, Romania, Pakistan, India, United Arab Emirates, China, and Japan Source: Turnkey Risk Solutions 34

Financial Crime Tactics Current Car Buying/Shipment Scheme Organized Crime Group Synthetic

Bad actors purchase and apply for financing via Internet and telephone using an established

customer instructions Vehicle is shipped overseas and paid for with a credit card under the

profits and virtually no risk Losers: o Auto finance companies o Credit card issuers

35 Financial Crime Tactics Current Car Buying/Shipment Scheme Organized Crime Group Synthetic Identities Automobile Dealerships Bank / Finance Co. Bad actors purchase and apply for financing via Internet and telephone using an established synthetic ID and call spoofing services Dealership delivers vehicle to a container port per customer instructions Vehicle is shipped overseas and paid for with a credit card under the synthetic identity Winners, Losers and Implications Winners: o Organized Crime o Massive profits and virtually no risk Losers: o Auto finance companies o Credit card issuers Implications: o Money laundering o Strategies shared in deep web chat forums will be duplicated o Leveraging customer convenience and current technologies 35

36 Financial Crime Solutions What can an organization do to proactively defend itself and its stakeholders? IBM i2 Enterprise Insight Analysis (EIA) and other IBM solutions Provides your organization advanced intelligence analysis capabilities Analyze diverse data sets in near real-time Multidimensional data analysis (e.g., social networks and geo-spatial) Unstructured data analysis Uncover hidden or unknown relationships and networks EIA is backed by 25 years of success in catching bad guys and collaborating with 4,000 organizations worldwide, including major law enforcement and defense agencies 36

37 37

A Layered Approach to Fraud Mitigation. Nick White Product Manager, FIS Payments Integrated Financial Services

A Layered Approach to Fraud Mitigation Nick White Product Manager, FIS Payments Integrated Financial Services Session Agenda Growing Fraud Concerns Old Habits Die Hard Maneuvering through the Barriers