Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC 1
2013 2
3 in 4 3
5.900.000.000 $ 4
RSA s Top 10 List 5
RSA s top 10 phishing list Copyright 2014 EMC Corporation. All rights reserved. 6
Netherlands compared overall Copyright 2014 EMC Corporation. All rights reserved. 7
Trend#1: Mobile Threats Become More Sophisticated and Pervasive TREND1 INTH3WILD 8
1,000,000,000 total number of smartphones sold in 2013 Source: IDC Worldwide Quarterly Mobile Phone Tracker, January 2014 9
1 BILLION Android-based smart phones estimated to be shipped in 2017 Source: Canalys Smart Phone Report, June 2013 10
1,000,000 number Apps in Google Play Source: Sundar Pichai, speaking at a Google breakfast briefing, July 2013 11
1.400.000 malicious Android apps in 13 Jumped from 350.000 in 2012 Source: TrendMicro TrendLabs 12
Personal Finances 530 +76% 300 Mobile bankers in 2012 Mobile bankers in 2013 Source: Juniper Research 13
Mobile Threats 14
Malicious apps are posing as legitimate apps BANK For Malware Distribution For Phishing Scams 15
Games 16
Supply chain infection 17
SMS Sniffers $350 18
Perkele $5K and up 19
IBanking ibanking Mobile Bot 20
Mtoken mtoken 21
Trend#2: Malware Gets More Sophisticated TREND3 INTH3WILD 22
Stealthier, more durable botnets Botnets are being created that behave as similarly as possible to legitimate software Hosting a botnet s command-and-control center in a Tor-based network Cybercriminals are building more resilient peer-to-peer botnets, populated by bots that talk to each other, with no central control points An alternative business continuity led approach involves controlling a botnet from a mobile device using SMS messages. 23
Tutorials & Trainings 24
ChewBacca: POS Malware 25
Trade in vulnerabilities 26
Stegano-Zeus and more variants to come 27
Trend#3: Cybercriminals increase effectiveness and add more services TREND5 INTH3WILD 28
Facebook Accounts $1/acct 29
Facebook Ads 30
Bitcoin stealer 31
DDos Attacks for rent $8/hr 32
Wanna be liked? 33
Big Data Analytics 34
Criminals & Big Data 35
Criminals & Big Data 36
Market Disruptors Extended Customer Base And Workforce Mobile Cloud Big Data Networked Value Chains APTs Sophisticated Fraud Infrastructure Transformation Business Transformation Threat Landscape Transformation Less control over access device and back-end infrastructure More hyper-extended, more digital Fundamentally different tactics, more formidable than ever Copyright 2014 EMC Corporation. All rights reserved. 37
Existing Tools Lack Visibility into Criminal Behavior User 2 Factor Authentication Device ID Passwords Network Firewall IPS/IDS Application WAF Penetration Testing Dynamic Scanning Log Analysis/SIEM Source Code Analysis Copyright 2014 EMC Corporation. All rights reserved. 38
Evolving Fraud Threat Landscape In the Wild Begin Session Login Transaction Logout Web Threat Landscape Phishing Rogue Mobile App Site Scraping Vulnerability Probing Layer 7 DDoS Attacks Man in the Middle/Browser Password Cracking/Guessing Parameter Injection New Account Registration Fraud Advanced Malware (e.g. Trojans) Account Takeover New Account Registration Fraud Promotion Abuse Unauthorized Account Activity Fraudulent Money Movement Copyright 2014 EMC Corporation. All rights reserved. 39
A New Security World In a Constantly Evolving Environment Fraud Evolves so MUST the Response We must focus on people, the flow of data and on transactions Copyright 2014 EMC Corporation. All rights reserved. 40
Intelligence-Driven Security Risk-based, contextual, and agile Risk Intelligence thorough understanding of risk to prioritize activity Advanced Analytics provide context and visibility to detect threats Adaptive Controls adjusted dynamically based on risk and threat level Information Sharing actionable intelligence from trusted sources Copyright 2014 EMC Corporation. All rights reserved. 41
RSA Fraud & Risk Intelligence Distinguish Between a Customer or Criminal Trusted Identities, Actions and Transactions Reduce Fraud & Account Takeover Risk-Based Detection Gain Visibility and Context Balance Security and Convenience Copyright 2014 EMC Corporation. All rights reserved. 42
RSA Fraud & Risk Intelligence Solutions Securing Online User Life Cycle Web Threat Detection (Silver Tail) Adaptive Authentication Adaptive Authentication for ecommerce FraudAction In the Wild Transaction Monitoring Begin Session Login Transaction Logout Web Threat Landscape Copyright 2014 EMC Corporation. All rights reserved. 43
Securing Entire Online User Lifecycle FraudAction Gain Visibility into Cybercrime Underground Detect Phishing and Trojan Attacks Identify Fake Mobile Apps In the Wild Begin Session Login Transaction Logout Web Threat Landscape Copyright 2014 EMC Corporation. All rights reserved. 44
Securing Entire Online User Lifecycle Web Threat Detection Real Time Visibility into Pre and Post Login Activity Detect User and Group Anomalous Behavior Identify Precursors to Fraud In the Wild Begin Session Login Transaction Logout Web Threat Landscape Copyright 2014 EMC Corporation. All rights reserved. 45
Securing Entire Online User Lifecycle Adaptive Authentication Transparent Risk Based Authentication Challenge Only High Risk Logins Collective Fraud Intelligence Sharing Balance Cost, Risk and Convenience In the Wild Begin Session Login Transaction Logout Web Threat Landscape Copyright 2014 EMC Corporation. All rights reserved. 46
Securing Entire Online User Lifecycle Transaction Monitoring Transparently Monitor Transactions Identify High Risk or Anomalous Activities Mitigate Against Advanced Trojan Attacks Collective Fraud Intelligence Sharing In the Wild Begin Session Login Transaction Logout Web Threat Landscape Copyright 2014 EMC Corporation. All rights reserved. 47
Securing Entire Online User Lifecycle Adaptive Authentication for Ecommerce Transparently authenticates 3D Transactions Identify High Risk or Anomalous Activities Mitigate Against Advanced Trojan Attacks Collective Fraud Intelligence Sharing In the Wild Begin Session Login Transaction Logout Web Threat Landscape Copyright 2014 EMC Corporation. All rights reserved. 48
8000+ Banks, Card Issuers, ISPs, Feeding Partners The RSA Layered Approach Anti-Fraud Command Center Anti-Phishing Anti-Trojan Anti-Rogue App Threat Intel efraudnetwork Fraudulent IP addresses, Device Fingerprints, Mule Accounts AA / TM AAecom Web Threat Detection Copyright 2014 EMC Corporation. All rights reserved. 49
RSA Proven Fraud Prevention 8,000 + Global Customers protected by efraudnetwork 500 Million Devices & Credit Cards Secured $7.5 + Billion Fraud Losses Prevented Over 800,000 Cyber Attacks Shutdown Trust in the digital world 50+ Billion Transactions Protected Copyright 2014 EMC Corporation. All rights reserved. 50
Thank You! Vincent van Kooten Vincent.vankooten@rsa.com Big Data Transforms Security Copyright 2014 EMC Corporation. All rights reserved. 51
STANDING TOGETHER Copyright 2012 EMC Corporation. All rights reserved. 52