Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Webinar series – August 29, 2016
How to Prevent SWIFT Network Attacks
A Webinar series Brought to you by Global RADAR’s
BSA News Now
Copyright © Global RADAR®
Presenter:
Paul Wilson Product Manager
Easy [email protected]
Product Manager DID and DTAMobile: +44 (0)7903 399 890
www.easysol.net
Copyright © Global RADAR®
How to Prevent SWIFT Network Attacks
Paul Wilson
Product Manager
AGENDA
• Recent attacks on the SWIFT network
• What are the SWIFT network’s vulnerabilities?
• Could the attacks on the SWIFT network have been prevented?
• How to quickly detect and stop fraudulent financial activity
3
Cybercriminals attempted to steal approx. $1 billion in an attack on a Bangladeshi bank
4
Highly Unusual Malware Used – mscoutc.exe
• Used a vulnerability in a common pdf reader as attack vector
• Deleted configuration and log files
• Uses wipe-out techniques to prevent files from being recovered forensically
• File-delete function
• Manipulated printers to prevent SWIFT network confirmation messages from being received
• Identical to Sony hack attack techniques
5
Hackers steal US$9 Million from Ecuadorean bank via SWIFT
6
These are just the attacks that have been made public through journalists and court records.
7
The SWIFT network is a messaging system at its core.
8
SWIFT recently launched a web access portal
• SWIFT has noted that the network itself wasn’t compromised
• ”…the attackers have exploited vulnerabilities in banks funds’ transfer initiation environments, prior to messages being sent over SWIFT.”
What SWIFT Says
9
“Please remember that as a SWIFT user you are responsible for the security of your own systems interfacing with the SWIFT network and your related environment – starting with basic password protection practices – in much the same way as you are responsible for your other security considerations.”
10
• SWIFT has noted that the network itself wasn’t compromised
• ”…the attackers have exploited vulnerabilities in banks funds’ transfer initiation environments, prior to messages being sent over SWIFT.”
Insiders are also a threat
• Malware was designed just for the bank attacked in Bangladesh, defeating systems and checks
• The SWIFT attacks have been so sophisticated and complex that it is surmised that an employee must have collaborated with the cybercriminals.
11
Could the SWIFT Attacks Have Been Prevented?
12
You may not know what future attacks will look like, but you can still make them harder for cybercriminals to launch.
13
Multi-Factor Authentication –The Bare Minimum
14
Malware Detection and Mitigation beyond Blacklists
• Threats are moving faster than legacy endpoint detection solutions can identify and stop them
• Having 100% of end users covered is crucial
• The goal is disabling malware, not removing it.
15
Fraud Intelligence – Do you know if there are…
Suspicious connections to your portals?
Similar domains to yours on the web?
Social media profiles using your brands, that you didn’t create?
Unauthorized applications with your brand imagery on app stores?
Spoofers of your domains sending fake messages?
16
16
• What if insiders disable all of your protection methods?
• What if social engineering tricks your employees into enabling an attack?
• What if the problem is at another less secure bank processing a transaction along with yours?
When Every Other Protection Layer Breaks Down
17
All wire transactions passing from one bank
account to another through SWIFT must be recorded, tracked and
contextualized.
18
A spelling mistake in a transaction order, noticed by a
bank employee, raised a red flag. It stopped millions of more dollars from being stolen.
Machine learning can automate the discovery and alerting of
such errors.
19
Manually updating lists of known or
suspected fraudulent destinations, and the bank accounts tied to
them, is no longer enough.
20
Rules for what you’ve seen before, machine learning and heuristic analysis to predict future fraud.
21
Compound Evaluations
Events that might not indicate fraud by themselves may indicate it when found together.
Filters and Rules
How to detect fraudulent transactions & activities
First Stage Second Stage Third Stage
Location Deviation
Time Deviation
Behavior Heuristic Engine Suspicious Activity Analyzers
Taking a complete approach
• Behavioral Learning to react faster to new fraud strategies
• Rules and Suspicious Activity Analyzers
• Keep your best performing rules while leveraging heuristics for everything else
• Complete Solution for Fraud Management
23
DetectTA Dashboard
In ReviewStopping SWIFT attacks in the future
• Anomaly detection
• Automated predictions through machine-based learning
• Automatic list updates of suspicious fraudulent accounts/destinations
• Compounded evaluations
• All a part of DetectTA from Easy Solutions
QuestionsFor more information, you may visit www.GlobalRADAR.com
Copyright © Global RADAR®
Additional questions – For personalized responses to any questions, send requests to:
Upcoming Webinars
De-Risking 101September 29, 2016 - 10:30 AM (EST)
Copyright © Global RADAR®
STANLEY I. FOODMAN, CEO
Thank you.
BSA News Now and Global RADAR wish to thank you
for your participation in today’s webinar.