SlideShare une entreprise Scribd logo

Emerging Threats to Digital Payments - Is Your Business Ready

Télécharger en tant que PPTX, PDF
Chukwunonso Okoro, CFE, CAMS, CRISC
Chukwunonso Okoro, CFE, CAMS, CRISC
1  sur  15
Emerging Threats to Digital Payments: Is Your Business Ready? Chukwunonso Okoro, CFE, CAMS, CRISC Manager, Forensic Audit Services, Mobile Telephone Networks (MTN) Cameroon. A Paper Presented at the Payments Security & Authentication Global, 02 December 2015, Istanbul, Turkey.
DISCLAIMER The views expressed in this presentation belong solely to the author and NOT to Mobile Telephone Networks (MTN) or any of its subsidiaries. The author accepts full responsibility for the views expressed herein.
Speaker Overview  Manager, Forensic Audit Services at MTN Cameroon  Ten Years of Fraud Investigation Experience  Six Years of Federal Law Enforcement Experience  International Experience in Cyber Crimes  Masters Degree in International Law  Certified Fraud Examiner (CFE)  Certified Anti Money laundering Specialist (CAMS)  Certified in Risk & Information Systems Control (CRISC)
Course Outline Introduction The Problems The Questions The Enabler The Solutions Conclusion
Introduction  The biggest current security threat to businesses through digital payments is cyber-attacks.  New payment methods (NPMs) are fuelling a rush of cyber-attacks across the world.  In the December 2013 breach of the retail giant Target, about 40 million credit cards and 70 million user accounts were hijacked.  Juniper Research projects mobile payments to reach $1.3 trillion globally in five years.  With this projected growth in M-payments, cybercrime, identity theft and intrusion detection are the top three targets for fraud attacks.
Introduction (cont’d)  Kaspersky Lab states that it “discovered 2.2 billion malicious attacks blocked on computers and mobile devices during Q1 of 2015. That doubles the amount detected in Q1 of 2014.”  In February 2015, Kaspersky Lab discovered a billion- dollar bank cyber-heist affecting as many as 100 banks around the world.  The breaches infiltrated the banks' networks via phishing and gaining access to employee account credentials and privileges.  The cybercriminal ring, known as Carbanak, then used those credentials to make fraudulent transfers of more than $1 billion into their own pockets.
The Problems  Criminal activities in cyberspace are increasingly facilitated by rapidly emerging and highly secretive black markets for zero-day vulnerabilities and tools.  Financial institutions are incorporating mobile technology into their systems without a corresponding increase in security of their platforms.  Criminals will take advantage of the increasing reliance on the smartphone as an authentication measure via malicious codes.  Hyper-connectivity will create more points of presence for attacks and exploitation so that crime will increasingly have a cyber component, creating a wider range of opportunities for black markets.
The Problems (cont’d)  Access points into an enterprise also have dramatically expanded. Internet-facing servers no longer sit in the demilitarized zone (DMZ) behind a firewall.  As a result of the redefined perimeter, enterprises could find that their most critical data have been copied to personally owned tablets, uploaded to a file- hosting service or emailed to personal email accounts.  Learning resources for would-be hackers have increased and are available online.  According to Mandiant, organizations are less likely to discover a breach on their own now compared to a year ago.
The Problems (cont’d)  Attackers have monetized the capabilities of vast botnets to harvest banking credentials.  There will be more hacking for hire, as-a-service offerings, and brokers.  LEAs would find it more difficult to take down black markets due to more vetting of participants, use of crypto currencies, greater anonymity capabilities, etc.  The slow adaptation of the law to the demands of cyberspace has engendered a difficult fight for law enforcement.  How should security technologies and law enforcement shift their approaches to thwart the rise of black markets?
The Questions  Is your network already compromised?  Who attacked us? (The problem of Attribution)  How do we protect the most important data in a compromised environment?  How do we make it difficult for attackers to be successful?  How do we detect that an attack is underway?  How do we respond to today’s sophisticated attacks?  What will be the impact of disconnecting mission- critical systems from the internet?
The Enabler  From the mid-2000s through today, botnets have been one of the largest enablers of cybercrime.  According to Kaspersky Labs, 23,095 botnet-assisted DDoS attacks were reported in Q1 2015 involving 12,281 unique victims.  DDoS attacks against cryptocurrencies (e.g., Bitcoin), is already a reality. In February 2014, major bitcoin exchanges experienced DDOS attacks leading to a 6% drop in the value of bitcoin.  Expect more cryptocurrency targeting, DDoS services against cryptocurrencies, and more malware with the sole purpose of targeting wallets and bitcoins.
The Solutions  Enterprises need training on the fundamentals of conducting investigations of advanced, targeted cyber attacks.  The security team should conduct a complete vulnerability scan of the enterprise regularly.  Implement strict network segmentation of the PCI environment.  Manage privileged accounts.  Secure endpoints.  Consider a POS solution with end-to-end asymmetric encryption, starting at the PIN pad reader.
The Solutions (cont’d)  Monitor the PCI environment regularly for abnormal activity, such as suspicious logons, creation of unexpected files, or unusual traffic flow.  Regular application of patches and updates on systems from the Original Equipment Manufacturer.  Employee education on social engineering.  Restrict web sites visited by employees via the corporate network.  Report suspicious activity on your network to your country’s national CERT (for assistance with investigation).
Conclusion  The list of potential targets has increased, and the playing field has grown (organized crime groups and State-sponsored actors).  To close the security gap, organizations need smart people, visibility into their networks, endpoints, and logs.  Organizations also need actionable threat intelligence that identifies malicious activity faster.  Speed of response is critical.  There are no universal solutions to prevent a sophisticated attacker from infiltrating any environment.
THANK YOU FOR LISTENING

Recommandé

Ransomware-as-a-Service: The business of distributing cyber attacks
Ransomware-as-a-Service: The business of distributing cyber attacksRansomware-as-a-Service: The business of distributing cyber attacks
Ransomware-as-a-Service: The business of distributing cyber attacksΔρ. Γιώργος K. Κασάπης
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
RSA Monthly Online Fraud Report -- February 2014
RSA Monthly Online Fraud Report -- February 2014RSA Monthly Online Fraud Report -- February 2014
RSA Monthly Online Fraud Report -- February 2014EMC
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention[Infographic] Data Loss Prevention
[Infographic] Data Loss PreventionSeqrite
 
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfDetecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfMoney 2Conf
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Roen Branham
 

Recommandé

Ransomware-as-a-Service: The business of distributing cyber attacks
Ransomware-as-a-Service: The business of distributing cyber attacksRansomware-as-a-Service: The business of distributing cyber attacks
Ransomware-as-a-Service: The business of distributing cyber attacksΔρ. Γιώργος K. Κασάπης
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
RSA Monthly Online Fraud Report -- February 2014
RSA Monthly Online Fraud Report -- February 2014RSA Monthly Online Fraud Report -- February 2014
RSA Monthly Online Fraud Report -- February 2014EMC
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention[Infographic] Data Loss Prevention
[Infographic] Data Loss PreventionSeqrite
 
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfDetecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfMoney 2Conf
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Roen Branham
 
Digital Threat Landscape
Digital Threat LandscapeDigital Threat Landscape
Digital Threat LandscapeQuick Heal Technologies Ltd.
 
Malta Economic Update 06 2008 - isec interview
Malta Economic Update 06 2008 - isec interviewMalta Economic Update 06 2008 - isec interview
Malta Economic Update 06 2008 - isec interviewFabian Borg
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?Spire Research and Consulting
 
BLURRING BOUNDARIES
BLURRING BOUNDARIESBLURRING BOUNDARIES
BLURRING BOUNDARIES- Mark - Fullbright
 
Cybersecurity in Banking Sector
Cybersecurity in Banking SectorCybersecurity in Banking Sector
Cybersecurity in Banking SectorQuick Heal Technologies Ltd.
 
Cataleya-Security-Feature_SAWC_April2016page-20-23
Cataleya-Security-Feature_SAWC_April2016page-20-23Cataleya-Security-Feature_SAWC_April2016page-20-23
Cataleya-Security-Feature_SAWC_April2016page-20-23Jacqueline Fick
 
Keep your office secure
Keep your office secureKeep your office secure
Keep your office secureKonica Minolta
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyMark Albala
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiKnowledge Group
 
Taking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeTaking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeEMC
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec
 
Sophos Security Threat Report 2014
Sophos Security Threat Report 2014Sophos Security Threat Report 2014
Sophos Security Threat Report 2014- Mark - Fullbright
 
The Current State of Cybercrime 2014
The Current State of Cybercrime 2014The Current State of Cybercrime 2014
The Current State of Cybercrime 2014EMC
 
Network Insights of Dyre and Dridex Trojan Bankers
Network Insights of Dyre and Dridex Trojan BankersNetwork Insights of Dyre and Dridex Trojan Bankers
Network Insights of Dyre and Dridex Trojan BankersBlueliv
 
Insecure mag-33
Insecure mag-33Insecure mag-33
Insecure mag-33cheinyeanlim
 
Symantec Security Refresh Webinar
Symantec Security Refresh WebinarSymantec Security Refresh Webinar
Symantec Security Refresh WebinarArrow ECS UK
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWultra
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
Cybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & ImportanceCybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & Importancemanoharparakh
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threatsReadWrite
 

Contenu connexe

Tendances

Malta Economic Update 06 2008 - isec interview
Malta Economic Update 06 2008 - isec interviewMalta Economic Update 06 2008 - isec interview
Malta Economic Update 06 2008 - isec interviewFabian Borg
 
Cataleya-Security-Feature_SAWC_April2016page-20-23
Cataleya-Security-Feature_SAWC_April2016page-20-23Cataleya-Security-Feature_SAWC_April2016page-20-23
Cataleya-Security-Feature_SAWC_April2016page-20-23Jacqueline Fick
 
Keep your office secure
Keep your office secureKeep your office secure
Keep your office secureKonica Minolta
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyMark Albala
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiKnowledge Group
 
Taking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeTaking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeEMC
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec
 
Sophos Security Threat Report 2014
Sophos Security Threat Report 2014Sophos Security Threat Report 2014
Sophos Security Threat Report 2014- Mark - Fullbright
 
The Current State of Cybercrime 2014
The Current State of Cybercrime 2014The Current State of Cybercrime 2014
The Current State of Cybercrime 2014EMC
 
Network Insights of Dyre and Dridex Trojan Bankers
Network Insights of Dyre and Dridex Trojan BankersNetwork Insights of Dyre and Dridex Trojan Bankers
Network Insights of Dyre and Dridex Trojan BankersBlueliv
 
Symantec Security Refresh Webinar
Symantec Security Refresh WebinarSymantec Security Refresh Webinar
Symantec Security Refresh WebinarArrow ECS UK
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWultra
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 

Tendances (20)

Digital Threat Landscape
Digital Threat LandscapeDigital Threat Landscape
Digital Threat Landscape
 
Malta Economic Update 06 2008 - isec interview
Malta Economic Update 06 2008 - isec interviewMalta Economic Update 06 2008 - isec interview
Malta Economic Update 06 2008 - isec interview
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?
 
BLURRING BOUNDARIES
BLURRING BOUNDARIESBLURRING BOUNDARIES
BLURRING BOUNDARIES
 
Cybersecurity in Banking Sector
Cybersecurity in Banking SectorCybersecurity in Banking Sector
Cybersecurity in Banking Sector
 
Cataleya-Security-Feature_SAWC_April2016page-20-23
Cataleya-Security-Feature_SAWC_April2016page-20-23Cataleya-Security-Feature_SAWC_April2016page-20-23
Cataleya-Security-Feature_SAWC_April2016page-20-23
 
Keep your office secure
Keep your office secureKeep your office secure
Keep your office secure
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
 
Taking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeTaking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication Challenge
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government Sector
 
Sophos Security Threat Report 2014
Sophos Security Threat Report 2014Sophos Security Threat Report 2014
Sophos Security Threat Report 2014
 
The Current State of Cybercrime 2014
The Current State of Cybercrime 2014The Current State of Cybercrime 2014
The Current State of Cybercrime 2014
 
Network Insights of Dyre and Dridex Trojan Bankers
Network Insights of Dyre and Dridex Trojan BankersNetwork Insights of Dyre and Dridex Trojan Bankers
Network Insights of Dyre and Dridex Trojan Bankers
 
Insecure mag-33
Insecure mag-33Insecure mag-33
Insecure mag-33
 
Symantec Security Refresh Webinar
Symantec Security Refresh WebinarSymantec Security Refresh Webinar
Symantec Security Refresh Webinar
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a ride
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking Apps
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
 

Similaire à Emerging Threats to Digital Payments - Is Your Business Ready

Cybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & ImportanceCybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & Importancemanoharparakh
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threatsReadWrite
 
Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrimethinkwithniche
 
The Unseen Threats_ Exploring the Darknet's Latest Cyber Crime Trends.pptx
The Unseen Threats_ Exploring the Darknet's Latest Cyber Crime Trends.pptxThe Unseen Threats_ Exploring the Darknet's Latest Cyber Crime Trends.pptx
The Unseen Threats_ Exploring the Darknet's Latest Cyber Crime Trends.pptxjiyalouis
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorismAccenture
 
cyber terrorism
cyber terrorism cyber terrorism
cyber terrorism Accenture
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Accenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsAccenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsLapman Lee ✔
 
CC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityCC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityAlistair Blake
 
Countering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorCountering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorEMC
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
Survival Guide for Million- Dollar Cyberattacks
Survival Guide for Million- Dollar Cyberattacks Survival Guide for Million- Dollar Cyberattacks
Survival Guide for Million- Dollar CyberattacksPanda Security
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Vertex Holdings
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceSymantec
 

Similaire à Emerging Threats to Digital Payments - Is Your Business Ready (20)

Cybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & ImportanceCybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & Importance
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threats
 
Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrime
 
The Unseen Threats_ Exploring the Darknet's Latest Cyber Crime Trends.pptx
The Unseen Threats_ Exploring the Darknet's Latest Cyber Crime Trends.pptxThe Unseen Threats_ Exploring the Darknet's Latest Cyber Crime Trends.pptx
The Unseen Threats_ Exploring the Darknet's Latest Cyber Crime Trends.pptx
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
 
cyber terrorism
cyber terrorism cyber terrorism
cyber terrorism
 
Cybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatCybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global Threat
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
Accenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threatsAccenture re-organizing-todays-cyber-threats
Accenture re-organizing-todays-cyber-threats
 
CC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityCC_Futureinc_Cyber Security
CC_Futureinc_Cyber Security
 
The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017
 
Retail
Retail Retail
Retail
 
Countering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorCountering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website Behavior
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
Survival Guide for Million- Dollar Cyberattacks
Survival Guide for Million- Dollar Cyberattacks Survival Guide for Million- Dollar Cyberattacks
Survival Guide for Million- Dollar Cyberattacks
 
Cyber Crime is Wreaking Havoc
Cyber Crime is Wreaking HavocCyber Crime is Wreaking Havoc
Cyber Crime is Wreaking Havoc
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
 
C018131821
C018131821C018131821
C018131821
 

Emerging Threats to Digital Payments - Is Your Business Ready

  • 1. Emerging Threats to Digital Payments: Is Your Business Ready? Chukwunonso Okoro, CFE, CAMS, CRISC Manager, Forensic Audit Services, Mobile Telephone Networks (MTN) Cameroon. A Paper Presented at the Payments Security & Authentication Global, 02 December 2015, Istanbul, Turkey.
  • 2. DISCLAIMER The views expressed in this presentation belong solely to the author and NOT to Mobile Telephone Networks (MTN) or any of its subsidiaries. The author accepts full responsibility for the views expressed herein.
  • 3. Speaker Overview  Manager, Forensic Audit Services at MTN Cameroon  Ten Years of Fraud Investigation Experience  Six Years of Federal Law Enforcement Experience  International Experience in Cyber Crimes  Masters Degree in International Law  Certified Fraud Examiner (CFE)  Certified Anti Money laundering Specialist (CAMS)  Certified in Risk & Information Systems Control (CRISC)
  • 4. Course Outline Introduction The Problems The Questions The Enabler The Solutions Conclusion
  • 5. Introduction  The biggest current security threat to businesses through digital payments is cyber-attacks.  New payment methods (NPMs) are fuelling a rush of cyber-attacks across the world.  In the December 2013 breach of the retail giant Target, about 40 million credit cards and 70 million user accounts were hijacked.  Juniper Research projects mobile payments to reach $1.3 trillion globally in five years.  With this projected growth in M-payments, cybercrime, identity theft and intrusion detection are the top three targets for fraud attacks.
  • 6. Introduction (cont’d)  Kaspersky Lab states that it “discovered 2.2 billion malicious attacks blocked on computers and mobile devices during Q1 of 2015. That doubles the amount detected in Q1 of 2014.”  In February 2015, Kaspersky Lab discovered a billion- dollar bank cyber-heist affecting as many as 100 banks around the world.  The breaches infiltrated the banks' networks via phishing and gaining access to employee account credentials and privileges.  The cybercriminal ring, known as Carbanak, then used those credentials to make fraudulent transfers of more than $1 billion into their own pockets.
  • 7. The Problems  Criminal activities in cyberspace are increasingly facilitated by rapidly emerging and highly secretive black markets for zero-day vulnerabilities and tools.  Financial institutions are incorporating mobile technology into their systems without a corresponding increase in security of their platforms.  Criminals will take advantage of the increasing reliance on the smartphone as an authentication measure via malicious codes.  Hyper-connectivity will create more points of presence for attacks and exploitation so that crime will increasingly have a cyber component, creating a wider range of opportunities for black markets.
  • 8. The Problems (cont’d)  Access points into an enterprise also have dramatically expanded. Internet-facing servers no longer sit in the demilitarized zone (DMZ) behind a firewall.  As a result of the redefined perimeter, enterprises could find that their most critical data have been copied to personally owned tablets, uploaded to a file- hosting service or emailed to personal email accounts.  Learning resources for would-be hackers have increased and are available online.  According to Mandiant, organizations are less likely to discover a breach on their own now compared to a year ago.
  • 9. The Problems (cont’d)  Attackers have monetized the capabilities of vast botnets to harvest banking credentials.  There will be more hacking for hire, as-a-service offerings, and brokers.  LEAs would find it more difficult to take down black markets due to more vetting of participants, use of crypto currencies, greater anonymity capabilities, etc.  The slow adaptation of the law to the demands of cyberspace has engendered a difficult fight for law enforcement.  How should security technologies and law enforcement shift their approaches to thwart the rise of black markets?
  • 10. The Questions  Is your network already compromised?  Who attacked us? (The problem of Attribution)  How do we protect the most important data in a compromised environment?  How do we make it difficult for attackers to be successful?  How do we detect that an attack is underway?  How do we respond to today’s sophisticated attacks?  What will be the impact of disconnecting mission- critical systems from the internet?
  • 11. The Enabler  From the mid-2000s through today, botnets have been one of the largest enablers of cybercrime.  According to Kaspersky Labs, 23,095 botnet-assisted DDoS attacks were reported in Q1 2015 involving 12,281 unique victims.  DDoS attacks against cryptocurrencies (e.g., Bitcoin), is already a reality. In February 2014, major bitcoin exchanges experienced DDOS attacks leading to a 6% drop in the value of bitcoin.  Expect more cryptocurrency targeting, DDoS services against cryptocurrencies, and more malware with the sole purpose of targeting wallets and bitcoins.
  • 12. The Solutions  Enterprises need training on the fundamentals of conducting investigations of advanced, targeted cyber attacks.  The security team should conduct a complete vulnerability scan of the enterprise regularly.  Implement strict network segmentation of the PCI environment.  Manage privileged accounts.  Secure endpoints.  Consider a POS solution with end-to-end asymmetric encryption, starting at the PIN pad reader.
  • 13. The Solutions (cont’d)  Monitor the PCI environment regularly for abnormal activity, such as suspicious logons, creation of unexpected files, or unusual traffic flow.  Regular application of patches and updates on systems from the Original Equipment Manufacturer.  Employee education on social engineering.  Restrict web sites visited by employees via the corporate network.  Report suspicious activity on your network to your country’s national CERT (for assistance with investigation).
  • 14. Conclusion  The list of potential targets has increased, and the playing field has grown (organized crime groups and State-sponsored actors).  To close the security gap, organizations need smart people, visibility into their networks, endpoints, and logs.  Organizations also need actionable threat intelligence that identifies malicious activity faster.  Speed of response is critical.  There are no universal solutions to prevent a sophisticated attacker from infiltrating any environment.
  • 15. THANK YOU FOR LISTENING

Notes de l'éditeur

  1. Tip: Add your own speaker notes here.
  2. Tip: Add your own speaker notes here.
  3. Tip: Add your own speaker notes here.
  4. Tip: Add your own speaker notes here.
  5. Tip: Add your own speaker notes here.
  6. Tip: Add your own speaker notes here.
  7. Tip: Add your own speaker notes here.
  8. Tip: Add your own speaker notes here.
  9. Tip: Add your own speaker notes here.
  10. Tip: Add your own speaker notes here.