Webinar series – August 29, 2016

How to Prevent SWIFT Network Attacks

A Webinar series Brought to you by Global RADAR’s

BSA News Now

Copyright © Global RADAR®

Presenter:

Paul Wilson Product Manager

Easy Solutionspwilson@easysol.net

Product Manager DID and DTAMobile: +44 (0)7903 399 890

www.easysol.net

Copyright © Global RADAR®

How to Prevent SWIFT Network Attacks

Paul Wilson

Product Manager

AGENDA

• Recent attacks on the SWIFT network

• What are the SWIFT network’s vulnerabilities?

• Could the attacks on the SWIFT network have been prevented?

• How to quickly detect and stop fraudulent financial activity

3

Cybercriminals attempted to steal approx. $1 billion in an attack on a Bangladeshi bank

4

Highly Unusual Malware Used – mscoutc.exe

• Used a vulnerability in a common pdf reader as attack vector

• Deleted configuration and log files

• Uses wipe-out techniques to prevent files from being recovered forensically

• File-delete function

• Manipulated printers to prevent SWIFT network confirmation messages from being received

• Identical to Sony hack attack techniques

5

Hackers steal US$9 Million from Ecuadorean bank via SWIFT

6

These are just the attacks that have been made public through journalists and court records.

7

The SWIFT network is a messaging system at its core.

8

SWIFT recently launched a web access portal

• SWIFT has noted that the network itself wasn’t compromised

• ”…the attackers have exploited vulnerabilities in banks funds’ transfer initiation environments, prior to messages being sent over SWIFT.”

What SWIFT Says

9

“Please remember that as a SWIFT user you are responsible for the security of your own systems interfacing with the SWIFT network and your related environment – starting with basic password protection practices – in much the same way as you are responsible for your other security considerations.”

10

• SWIFT has noted that the network itself wasn’t compromised

• ”…the attackers have exploited vulnerabilities in banks funds’ transfer initiation environments, prior to messages being sent over SWIFT.”

Insiders are also a threat

• Malware was designed just for the bank attacked in Bangladesh, defeating systems and checks

• The SWIFT attacks have been so sophisticated and complex that it is surmised that an employee must have collaborated with the cybercriminals.

11

Could the SWIFT Attacks Have Been Prevented?

12

You may not know what future attacks will look like, but you can still make them harder for cybercriminals to launch.

13

Multi-Factor Authentication –The Bare Minimum

14

Malware Detection and Mitigation beyond Blacklists

• Threats are moving faster than legacy endpoint detection solutions can identify and stop them

• Having 100% of end users covered is crucial

• The goal is disabling malware, not removing it.

15

Fraud Intelligence – Do you know if there are…

Suspicious connections to your portals?

Similar domains to yours on the web?

Social media profiles using your brands, that you didn’t create?

Unauthorized applications with your brand imagery on app stores?

Spoofers of your domains sending fake messages?

16

16

• What if insiders disable all of your protection methods?

• What if social engineering tricks your employees into enabling an attack?

• What if the problem is at another less secure bank processing a transaction along with yours?

When Every Other Protection Layer Breaks Down

17

All wire transactions passing from one bank

account to another through SWIFT must be recorded, tracked and

contextualized.

18

A spelling mistake in a transaction order, noticed by a

bank employee, raised a red flag. It stopped millions of more dollars from being stolen.

Machine learning can automate the discovery and alerting of

such errors.

19

Manually updating lists of known or

suspected fraudulent destinations, and the bank accounts tied to

them, is no longer enough.

20

Rules for what you’ve seen before, machine learning and heuristic analysis to predict future fraud.

21

Compound Evaluations

Events that might not indicate fraud by themselves may indicate it when found together.

Filters and Rules

How to detect fraudulent transactions & activities

First Stage Second Stage Third Stage

Location Deviation

Time Deviation

Behavior Heuristic Engine Suspicious Activity Analyzers

Taking a complete approach

• Behavioral Learning to react faster to new fraud strategies

• Rules and Suspicious Activity Analyzers

• Keep your best performing rules while leveraging heuristics for everything else

• Complete Solution for Fraud Management

23

DetectTA Dashboard

In ReviewStopping SWIFT attacks in the future

• Anomaly detection

• Automated predictions through machine-based learning

• Automatic list updates of suspicious fraudulent accounts/destinations

• Compounded evaluations

• All a part of DetectTA from Easy Solutions

QuestionsFor more information, you may visit www.GlobalRADAR.com

Copyright © Global RADAR®

Additional questions – For personalized responses to any questions, send requests to:

info@globalradar.com

Upcoming Webinars

De-Risking 101September 29, 2016 - 10:30 AM (EST)

Copyright © Global RADAR®

STANLEY I. FOODMAN, CEO

Thank you.

BSA News Now and Global RADAR wish to thank you

for your participation in today’s webinar.