Emerging Threats to Digital Payments - Is Your Business Ready
1. Emerging Threats to Digital
Payments: Is Your Business Ready?
Chukwunonso Okoro, CFE, CAMS, CRISC
Manager, Forensic Audit Services,
Mobile Telephone Networks (MTN) Cameroon.
A Paper Presented at the Payments Security & Authentication Global,
02 December 2015,
Istanbul, Turkey.
2. DISCLAIMER
The views expressed in this presentation belong
solely to the author and NOT to Mobile Telephone
Networks (MTN) or any of its subsidiaries.
The author accepts full responsibility for the views
expressed herein.
3. Speaker Overview
Manager, Forensic Audit Services at MTN Cameroon
Ten Years of Fraud Investigation Experience
Six Years of Federal Law Enforcement Experience
International Experience in Cyber Crimes
Masters Degree in International Law
Certified Fraud Examiner (CFE)
Certified Anti Money laundering Specialist (CAMS)
Certified in Risk & Information Systems Control (CRISC)
5. Introduction
The biggest current security threat to businesses
through digital payments is cyber-attacks.
New payment methods (NPMs) are fuelling a rush of
cyber-attacks across the world.
In the December 2013 breach of the retail giant
Target, about 40 million credit cards and 70 million
user accounts were hijacked.
Juniper Research projects mobile payments to reach
$1.3 trillion globally in five years.
With this projected growth in M-payments,
cybercrime, identity theft and intrusion detection are
the top three targets for fraud attacks.
6. Introduction (cont’d)
Kaspersky Lab states that it “discovered 2.2 billion
malicious attacks blocked on computers and mobile
devices during Q1 of 2015. That doubles the amount
detected in Q1 of 2014.”
In February 2015, Kaspersky Lab discovered a billion-
dollar bank cyber-heist affecting as many as 100
banks around the world.
The breaches infiltrated the banks' networks via
phishing and gaining access to employee account
credentials and privileges.
The cybercriminal ring, known as Carbanak, then used
those credentials to make fraudulent transfers of
more than $1 billion into their own pockets.
7. The Problems
Criminal activities in cyberspace are increasingly
facilitated by rapidly emerging and highly secretive
black markets for zero-day vulnerabilities and tools.
Financial institutions are incorporating mobile
technology into their systems without a
corresponding increase in security of their platforms.
Criminals will take advantage of the increasing
reliance on the smartphone as an authentication
measure via malicious codes.
Hyper-connectivity will create more points of
presence for attacks and exploitation so that crime
will increasingly have a cyber component, creating a
wider range of opportunities for black markets.
8. The Problems (cont’d)
Access points into an enterprise also have
dramatically expanded. Internet-facing servers no
longer sit in the demilitarized zone (DMZ) behind a
firewall.
As a result of the redefined perimeter, enterprises
could find that their most critical data have been
copied to personally owned tablets, uploaded to a file-
hosting service or emailed to personal email accounts.
Learning resources for would-be hackers have
increased and are available online.
According to Mandiant, organizations are less likely to
discover a breach on their own now compared to a
year ago.
9. The Problems (cont’d)
Attackers have monetized the capabilities of vast
botnets to harvest banking credentials.
There will be more hacking for hire, as-a-service
offerings, and brokers.
LEAs would find it more difficult to take down black
markets due to more vetting of participants, use of
crypto currencies, greater anonymity capabilities, etc.
The slow adaptation of the law to the demands of
cyberspace has engendered a difficult fight for law
enforcement.
How should security technologies and law
enforcement shift their approaches to thwart the rise
of black markets?
10. The Questions
Is your network already compromised?
Who attacked us? (The problem of Attribution)
How do we protect the most important data in a
compromised environment?
How do we make it difficult for attackers to be
successful?
How do we detect that an attack is underway?
How do we respond to today’s sophisticated attacks?
What will be the impact of disconnecting mission-
critical systems from the internet?
11. The Enabler
From the mid-2000s through today, botnets have been
one of the largest enablers of cybercrime.
According to Kaspersky Labs, 23,095 botnet-assisted
DDoS attacks were reported in Q1 2015 involving
12,281 unique victims.
DDoS attacks against cryptocurrencies (e.g., Bitcoin),
is already a reality. In February 2014, major bitcoin
exchanges experienced DDOS attacks leading to a 6%
drop in the value of bitcoin.
Expect more cryptocurrency targeting, DDoS services
against cryptocurrencies, and more malware with the
sole purpose of targeting wallets and bitcoins.
12. The Solutions
Enterprises need training on the fundamentals of
conducting investigations of advanced, targeted cyber
attacks.
The security team should conduct a complete
vulnerability scan of the enterprise regularly.
Implement strict network segmentation of the PCI
environment.
Manage privileged accounts.
Secure endpoints.
Consider a POS solution with end-to-end asymmetric
encryption, starting at the PIN pad reader.
13. The Solutions (cont’d)
Monitor the PCI environment regularly for abnormal
activity, such as suspicious logons, creation of
unexpected files, or unusual traffic flow.
Regular application of patches and updates on
systems from the Original Equipment Manufacturer.
Employee education on social engineering.
Restrict web sites visited by employees via the
corporate network.
Report suspicious activity on your network to your
country’s national CERT (for assistance with
investigation).
14. Conclusion
The list of potential targets has increased, and the
playing field has grown (organized crime groups and
State-sponsored actors).
To close the security gap, organizations need smart
people, visibility into their networks, endpoints, and
logs.
Organizations also need actionable threat intelligence
that identifies malicious activity faster.
Speed of response is critical.
There are no universal solutions to prevent a
sophisticated attacker from infiltrating any
environment.