SlideShare une entreprise Scribd logo

Cybercrime: A threat to Financial industry

Ammar WK
Ammar WK

Cybercrime to Financial Services, aimed at taking over customer transactions and online banking sessions, also attacks against the financial institutions themselves.

Internet
1  sur  81
Télécharger pour lire hors ligne
1 Ahmad Muammar WK, OSCE, OSCP, eMAPT Cybercrime: A threat to Financial industry
About Professional hacker/ Penetration tester Doing offensive security/ hacking since 2002 Founder of echo.or.id & idsecconf.org Web: http://me.ammar.web.id email: me@ammar.web.id twitter: @y3dips Ahmad Muammar WK, S.Kom, OSCE, OSCP, eMAPT. 2
Table of Contents 01 CyberCrime 02 The Cost of CyberCrime 03 Cybercime Threats to Financial Services 04 Controls and Mitigations 3
Cybercrime 4
5
A harmful activity, executed by onegroup (including both grassroots groups or nationally coordinated groups) through computers, IT systems and/or the internet and targeting the computers, IT infrastructure and internet presence of another entity.* 6 Cyber crime * www.iosco.org, international organization of securities
A.k.a computer oriented crime, is crime that involves a computer and a network.* 7 Cyber crime * Moore, R. (2005) "Cyber crime: Investigating High-Technology Computer Crime," Anderson Publishing.
• Crime Against Individual • Crime Against Property • Crime Against Organizations • Crime Against Society 8 Cyber crime Classification
• Cyber-Stalking • Pornography • Defamation • Cracking • Identity Theft • E-mail Spoofing • SMS Spoofing • Phishing • Credit Card Fraud (Carding) • Malicious Code (Virus, malware, ransomware) • Software Piracy 9 Cyber crime Against Individual Cybercrimes committed against individual/persons
10 UU ITE
• Cracking • Computer vandalism • Intellectual Property Crimes • Threatening • Cyber Squatting 11 Cyber crime Against Property Another classification of Cyber-crimes is that, Cybercrimes against all forms of property. This kind of crime is normally prevalent in the financial institutions or for the purpose of committing financial crimes.
12
• Is motivated by a political, religious or ideological cause • Is intended to intimidate a government or a section of the public to varying degrees • seriously interferes with infrastructure 13 Cyber crime Against Organizations Also known as CyberTerrorism, is the use of the Internet to conduct violent acts that result in, or threaten, loss of life or significant bodily harm, in order to achieve political gains through intimidation.* * wikipedia.org
14
• Cyber Trafficking • Online Gambling • Child Pornography • Bigger Financial Crimes • Salami Attack 15 Cyber crime Against Society An unlawful act done with the intention of causing harm to the cyberspace will affect large number of persons. These offences include.
16
The Cost of Cybercrime 17
18 2017 COST Of CYBER CRIME STUDY - Accenture - https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf
19 2017 COST Of CYBER CRIME STUDY - Accenture - https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf
20 2017 COST Of CYBER CRIME STUDY - Accenture - https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf
21 2017 COST Of CYBER CRIME STUDY - Accenture - https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf
Cybercrime threats to financial services 22
23 2017 COST Of CYBER CRIME STUDY - Accenture - https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf
“Financial Services has the highest cost of cyber crime” - Accenture on 2017 cost on cybercrime 24
Financial threats, aimed at taking over customer transactions and online banking sessions, also attacks against the financial institutions themselves. 25 Threats to financial services • Against Customers. • Against Financial Institutions.
• Credit card Fraud • Financial Trojan • Social engineering (Phishing) • Mobile Fraud 26 The Most Common Threats against Customers Side Threats to financial services
Credit card fraud is a wide-ranging term for theft and fraud committed using or involving a payment card, such as a credit card or debit card, as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. 27 Credit Card fraud • Hacked e-commerce • Fake websites/payment gateway • Phishing • Sold at Black Market
28
29
Malware, one of the major threats against cyber security today is malicious software, often referred to as malware. Malware exploits software vulnerabilities in browsers, third party software and operating systems to gain access to the device and its information and resources. To spread, malware uses also social engineering techniques to trick users into installing and running the malicious code. 30 Financial Trojan • Virus • worms • remote access tools • rootkits • Trojan Horse • spyware • adware • ransomware
A.k.a Banking Trojan, trojan horse that redirects traffic from banking and financial websites to another website, ostensibly a website that the attacker has access to. When the software is executed it copies itself onto the host computer, creating folders and setting Registry entries each time the system is started. 31 Financial Trojan • zeus • spyEye • shylock • dyre • carbanak • Odinaff
32 Internet Security Threat Report - Financial Threats Review 2017
33 [-_Demo_-Video_-]
34
35
Pelaku Melakukan transfer ke rekening pelaku dan diminta token 2 36 Nasabah Memasukkan Username & Password Pelaku login dengan Username & Password milik nasabah dan langsung menambahkan rekening milik pelaku pada daftar transfer diminta token 2 Nasabah diminta memasukkan hasil Apply Token 2 Nasabah diminta memasukkan hasil Apply Token 2 Trojan menampilkan kode angka untuk token 2& dan meminta hasil token 2 Trojan mengirimkan hasıl Apply token 2 ke Pelaku Trojan mengirimkan kode angka untuk token 2 dan meminta hasil token 2 Pelaku memasukkan kode token 2 dan diminta memasukkan kode token 1 untuk konfirmasi Nasabah diminta memasukkan hasil Apply Token 1 Trojan mengirimkan hasıl Apply token 2 ke Pelaku Trojan mengirimkan permintaan hasil token 1 Pelaku memasukkan kode token 1 dan transfer pun sukses di lakukan Trojan mengirimkan hasıl Apply token 1 ke Pelaku Saldo Nasabah berkurang. “Sinkronisasi Token” Attack untuk Transfer
Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information 37 Social Engineering • Spear-Phishing • Website attack vector • Infectious Media • SMS Spoofing
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. 38 Phishing • Link Manipulation • Filter Evasion • Website Forgery • Covert Redirect (using XSS Vulnerability) • Social Engineering
39 [_-DEMO_-]
40 http://imgs.xkcd.com/comics/security_question.png
Mobile banking continues to grow in popularity as customers drive the pace of change towards full service banking apps in favor of physical visits to the branch. Banking apps are also becoming more popular than desktop sessions for many users, because they can leverage built-in authentication features of devices, such as ngerprint biometrics, making the login process particularly seamless. 41 Mobile Fraud
42
43
44 Mobile Fraud • Fake Banking App (via Free Apps) • Mobile Malware • Spoofed SMS Messages • Phishing Attacks • Mobile Apps Vulnerability
The new version of BankBot has been hiding in apps that pose as supposedly trustworthy flashlight apps, tricking users into downloading them, in a first campaign. In a second campaign,  the solitaire games and a cleaner app have been dropping additional kinds of malware besides BankBot.The malicious activities include the installation of a fake user interface that’s laid over the clean banking app when it’s opened by the user. As soon as the user’s bank details are entered they are collected by the criminal. In some countries, banks use transaction authentication numbers (TANs), a form of two-factor authentication required to conduct online transfers often used by European banks. The authors of BankBot intercept their victims’ text message that includes the mobile TAN, allowing them to carry out bank transfers on the user's behalf. 45 Bankbot research by Avast “Mobile banking Trojan sneaks into Google Play targeting Wells Fargo, Chase and Citibank customers” - https://blog.avast.com/mobile- banking-trojan-sneaks-into-google-play-targeting-wells-fargo-chase- and-citibank-customers
46
47
48
49 [-_Demo_-Video_-]
• Distributed Denial of Service (DDOS) • BlackMailing • Bank2Bank Fraud • ATM/POS Attack • Salami Attacks • Multi Factor Attacks 50 The Most Common Threats against Financial Institutions Threats to financial services
Is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. 51 DDOS
52
53
One of the more common attacks against healthcare providers involves the use of ransomware, where patient records or hospital networks are hacked and subsequently locked down until a ransom is paid, typically in untraceable electronic currency, such as bitcoin. 54 Blackmailing
55
Jackpotting/cash out attack - Jackpotting is a term for attacks where malware takes control of the ATM PC and the cash dispenser function, thereby allowing the fraudster to directly cash out money. In most cases the malware is adapted to a specific environment, but the concepts can be easily migrated to different systems. 56 ATM Related Attack
57
58 [-_Demo_-Video_-]
Man-in-the-Middle Attack - MITM attacks focus on the communication between the ATM PC and the acquirers host system. The malware can, for example, fake host responses to withdraw money without debiting the fraudster’s account. Typically the malware is triggered during transactions with pre-configured card numbers. It can be implemented at a high software layer of the ATM PC or somewhere within the network. 59 ATM Related Attack
60
A salami attack is a series of minor attacks that together results in a larger attack. Computers are ideally suited to automating this type of attack. Also known as penny shaving, is the fraudulent practice of stealing money repeatedly in extremely small quantities, usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. 61 Salami Attack
62
SWIFT stands for the Society for Worldwide Interbank Financial Telecommunication and is a consortium that operates a trusted and closed computer network for communication between member banks around the world. 63 SWIFT hacking
64
65
Attacker able to obtained valid credentials the banks use to conduct money transfers over SWIFT and then used those credentials to initiate money transactions as if they were legitimate bank employees. They installed malware on the bank's network to prevent workers from discovering the fraudulent transactions quickly. In the case of Bangladesh Bank, the malware subverted the software used to automatically print SWIFT transactions. In the case of the bank in Vietnam, the custom malware targeted a PDF reader the bank used to record SWIFT money transfers. The malware apparently manipulated the PDF reports to remove any trace of the fraudulent transactions from them. 66 SWIFT hacking
Multi-vector attacks exploit common weaknesses in the security chain - such as poorly configured servers, gullible staff, vulnerable applications or lack of multiple levels of defence - by combining elements like social engineering, spear phishing, contaminated USB drives and voice phishing with malicious attachments carrying code that exploits known or unknown vulnerabilities on the target system. Oftentimes, multi-vector attacks are designed to avoid traditional defences like anti-virus software, intrusion detection systems and other endpoint protection programs, which makes them elusive, difficult to detect and hard to defeat. 67 Multi Factor Attack
68A security researcher examining Equifax's servers observed an online portal, apparently created for Equifax employees only, was accessible to the open Internet.
Controls and Mitigation 69
Since financial threats “mostly” targeted the customers and the financial institutions, so we will try to controls and suggest the mitigations. 70 Suggested Controls and Mitigation
A continuous exchange of intelligence information about attacks and countermeasures among the IT experts of Financial Institution is considered to be almost the only possible defence against these types of attacks. A very important aspect to counter the social engineering attacks is continued awareness raising campaigns. Financial Institutions need to have a proper customer education system in place, not only addressing individual clients but also including SMEs and large corporates, explaining the risks in layman words. 71 Social engineering (e.g: Phishing)
72
• Minimise the number of installed programs on the device (and from trusted resources only). • Regularly update the installed software and to remove software that does no longer have any use. • Activate automatic update for OS and apps installed. • Limit the use of Administrative rights. • Use and Update Anti-Virus. • Use and Configure Firewall. • Company; Use More sophisticated to protect the users, such as IDS/IPS and APT protections. • Use Script Blockers, e-mail filtering. 73 Malware
• Update the software running on your mobile device with the latest security patches and upgrades, these should be sent to you by your network / operating system provider • Use a secure lock screen, set a password, PIN or fingerprint to unlock your device • Add a PIN or Passcode to the voice-mail on your mobile device • install anti-virus software on your mobile device • Use two-factor authentication when the risk is high. 74 Mobile Related Attacks (Users)
• Do not allow applications to be installed from unknown / untrusted sources • Do not allow jailbroken or rooted devices • Monitor App stores and internet for fake applications • Implement anti tampering controls. • Protect app code with code signing and / or obfuscation. • Implement strong sensitive data encryption on device. • Do not consider frequently used third-party libraries as secure and validate them before using them. • Implement controls to protect communication channel. • Implement device owner/user verification. • Implement mobile device verification. • Implement two-factor authentication when the risk is high. • Perform Application Penetration testing. 75 Mobile Related Attacks (Bank/ Developers)
• 3D Secure: authentication protocol based on a three-domain model (Acquirer, Issuer & Interoperability domain) to ensure authenticity of both peers through internet transactions. • Tokenisation: process of substituting sensitive data with non-sensitive equivalent called token. • PAN truncation: replaces the card number printed in any system with a printout of only the last four digits, the remainder being replaced usually by asterisks. • Geolocation 76 Card Related Attacks (Merchants)
• Use of strong authentication with the rollout of chip (EMV) & PIN. • Geoblocking: To protect cards from being misused by skimming fraud, it is strongly recommended to protect cards with a geographical region of use. • Blocking:To limit the usage of cards to specific channels or specific contexts. • Fraud monitoring: Deploy a responsive, real- time fraud system with prevention capabilities. Ensure your fraud system identifies suspicious patterns of behavior to stop fraud based on tailor-made scenarios and rules. 77 Card Related Attacks (Issuers)
• Communication authentication and encryption protections should be apply to ATM Traffic, use TLS or VPN. • Firewall should established. • Operating System should be hardened support with policy and procedure to do it. • Deploy Anti-Malware and logical protection (using whitelisting). • Uknown USB devices should be blocked. 78 ATM Related Attacks
• Doing offensive Security Regularly (IT Security Penetration Testings) • Regularly doing Security Audit and vulnerability Assessments. • financial institutions must keep investing in new state of the art security technologies (Advanced Threat Protection), ensuring that their cyber defense frameworks provide adequate response and defense-in-depth for identifying, stopping and recovering from multi-vector attacks. 79 Multi factor Attacks
References: • “Cyber Crime – A Threat to Persons, Property,Government and Societies Er. Harpreet Singh Dalla, Ms. Geeta “ - http://ijarcsse.com/Before_August_2017/ docs/papers/Volume_3/5_May2013/V3I5-0374.pdf • “2016 PAYMENT THREATS TRENDS REPORT” - European Payment Council - https:// www.europeanpaymentscouncil.eu/sites/default/files/KB/files/ EPC293-16%20v1.0%20%202016%20Payment%20Threats%20Trends%20Report.pdf • “The cybercrimes on financial and banking services:The Challenges and Treatment.- MEZIOUD Brahim SMAI Ali, University of Medea” - https:// www.asjp.cerist.dz/en/downArticle/41/16/44/4701 • “2017 Cost of Cyber Crime Study - Accenture”- https://www.accenture.com/ t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017- CostCyberCrimeStudy.pdf • “2017 Q3 Cybercrime Report - Threat Matrix” - https://www.threatmetrix.com/ info/q3-2017-cybercrime-report/ • “ISTR Financial Threat Review 2017 - Symantec” - https://www.symantec.com/ content/dam/symantec/docs/security-center/white-papers/istr-financial-threats- review-2017-en.pdf • “2016 SEA Online Fraud Benchmark Report - CyberSource” - http:// www.cybersource.com/content/dam/cybersource/en-APAC/Documents/ SEA_Fraud_Benchmark_Report.PDF 80
81 Ahmad Muammar WK, OSCE, OSCP, eMAPT
 email: me@ammar.web.id Cybercrime: A threat to Financial industry

Recommandé

Ce hv8 module 13 hacking web applications
Ce hv8 module 13 hacking web applications Ce hv8 module 13 hacking web applications
Ce hv8 module 13 hacking web applications Mehrdad Jingoism
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec
 
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Symantec
 
Symantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineSymantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineRapidSSLOnline.com
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
 
ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019- Mark - Fullbright
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Roen Branham
 
BLURRING BOUNDARIES
BLURRING BOUNDARIESBLURRING BOUNDARIES
BLURRING BOUNDARIES- Mark - Fullbright
 

Recommandé

Ce hv8 module 13 hacking web applications
Ce hv8 module 13 hacking web applications Ce hv8 module 13 hacking web applications
Ce hv8 module 13 hacking web applications Mehrdad Jingoism
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec
 
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Symantec
 
Symantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineSymantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineRapidSSLOnline.com
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
 
ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019- Mark - Fullbright
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Roen Branham
 
BLURRING BOUNDARIES
BLURRING BOUNDARIESBLURRING BOUNDARIES
BLURRING BOUNDARIES- Mark - Fullbright
 
B istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-usB istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-usКомсс Файквэе
 
Cyber Security for Energy & Utilities Special Editorial Edition
Cyber Security for Energy & Utilities Special Editorial Edition Cyber Security for Energy & Utilities Special Editorial Edition
Cyber Security for Energy & Utilities Special Editorial Edition Mohamed N. El-Guindy
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWultra
 
Istr19 en
Istr19 enIstr19 en
Istr19 enAnjoum .
 
Insecure mag-33
Insecure mag-33Insecure mag-33
Insecure mag-33cheinyeanlim
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
Breach level index_report_2017_gemalto
Breach level index_report_2017_gemaltoBreach level index_report_2017_gemalto
Breach level index_report_2017_gemaltoJonas Mercier
 
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICESHOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICESAM Publications,India
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android applicationIAEME Publication
 
Countering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorCountering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorEMC
 
Rp quarterly-threat-q3-2013
Rp quarterly-threat-q3-2013Rp quarterly-threat-q3-2013
Rp quarterly-threat-q3-2013Комсс Файквэе
 
Istr 21-2016-en
Istr 21-2016-enIstr 21-2016-en
Istr 21-2016-enAndrey Apuhtin
 
2016 Symantec Internet Security Threat Report
2016 Symantec Internet Security Threat Report2016 Symantec Internet Security Threat Report
2016 Symantec Internet Security Threat ReportRapidSSLOnline.com
 
Mobile threat report_q3_2013
Mobile threat report_q3_2013Mobile threat report_q3_2013
Mobile threat report_q3_2013Комсс Файквэе
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsOilPriceInformationService
 
Enabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSEnabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSPaul Walsh
 
Digital Threat Landscape
Digital Threat LandscapeDigital Threat Landscape
Digital Threat LandscapeQuick Heal Technologies Ltd.
 
Ce hv8 module 19 cryptography
Ce hv8 module 19 cryptographyCe hv8 module 19 cryptography
Ce hv8 module 19 cryptographyMehrdad Jingoism
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityIRJET Journal
 
Current Trends in Cyber Crime 2015
Current Trends in Cyber Crime 2015Current Trends in Cyber Crime 2015
Current Trends in Cyber Crime 2015Cybernetic Global Intelligence
 

Contenu connexe

Tendances

Cyber Security for Energy & Utilities Special Editorial Edition
Cyber Security for Energy & Utilities Special Editorial Edition Cyber Security for Energy & Utilities Special Editorial Edition
Cyber Security for Energy & Utilities Special Editorial Edition Mohamed N. El-Guindy
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWultra
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
Breach level index_report_2017_gemalto
Breach level index_report_2017_gemaltoBreach level index_report_2017_gemalto
Breach level index_report_2017_gemaltoJonas Mercier
 
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICESHOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICESAM Publications,India
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android applicationIAEME Publication
 
Countering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorCountering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorEMC
 
2016 Symantec Internet Security Threat Report
2016 Symantec Internet Security Threat Report2016 Symantec Internet Security Threat Report
2016 Symantec Internet Security Threat ReportRapidSSLOnline.com
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsOilPriceInformationService
 
Enabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSEnabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSPaul Walsh
 
Ce hv8 module 19 cryptography
Ce hv8 module 19 cryptographyCe hv8 module 19 cryptography
Ce hv8 module 19 cryptographyMehrdad Jingoism
 

Tendances (20)

B istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-usB istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-us
 
Cyber Security for Energy & Utilities Special Editorial Edition
Cyber Security for Energy & Utilities Special Editorial Edition Cyber Security for Energy & Utilities Special Editorial Edition
Cyber Security for Energy & Utilities Special Editorial Edition
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking Apps
 
Istr19 en
Istr19 enIstr19 en
Istr19 en
 
Insecure mag-33
Insecure mag-33Insecure mag-33
Insecure mag-33
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
 
Breach level index_report_2017_gemalto
Breach level index_report_2017_gemaltoBreach level index_report_2017_gemalto
Breach level index_report_2017_gemalto
 
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICESHOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android application
 
Countering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorCountering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website Behavior
 
Rp quarterly-threat-q3-2013
Rp quarterly-threat-q3-2013Rp quarterly-threat-q3-2013
Rp quarterly-threat-q3-2013
 
Istr 21-2016-en
Istr 21-2016-enIstr 21-2016-en
Istr 21-2016-en
 
2016 Symantec Internet Security Threat Report
2016 Symantec Internet Security Threat Report2016 Symantec Internet Security Threat Report
2016 Symantec Internet Security Threat Report
 
Mobile threat report_q3_2013
Mobile threat report_q3_2013Mobile threat report_q3_2013
Mobile threat report_q3_2013
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
 
Enabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSEnabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMS
 
Digital Threat Landscape
Digital Threat LandscapeDigital Threat Landscape
Digital Threat Landscape
 
Ce hv8 module 19 cryptography
Ce hv8 module 19 cryptographyCe hv8 module 19 cryptography
Ce hv8 module 19 cryptography
 

Similaire à Cybercrime: A threat to Financial industry

A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityIRJET Journal
 
CSI2008 Gunter Ollmann Man-in-the-browser
CSI2008 Gunter Ollmann Man-in-the-browserCSI2008 Gunter Ollmann Man-in-the-browser
CSI2008 Gunter Ollmann Man-in-the-browserguestb1956e
 
ATM Security Services
ATM Security ServicesATM Security Services
ATM Security ServicesRami Muleys
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Vertex Holdings
 
Anatomy of an Enterprise Social Cyber Attack
Anatomy of an Enterprise Social Cyber Attack Anatomy of an Enterprise Social Cyber Attack
Anatomy of an Enterprise Social Cyber Attack ZeroFOX
 
IRJET- Browser Extension for Cryptojacking Malware Detection and Blocking
IRJET- Browser Extension for Cryptojacking Malware Detection and BlockingIRJET- Browser Extension for Cryptojacking Malware Detection and Blocking
IRJET- Browser Extension for Cryptojacking Malware Detection and BlockingIRJET Journal
 
2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling finalMARIUS EUGEN OPRAN
 
Man-In-The-Browser attacks
Man-In-The-Browser attacksMan-In-The-Browser attacks
Man-In-The-Browser attacksMário Almeida
 
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...MHM (Mayer Hoffman McCann P.C.)
 
White paper Real Time Transaction Analysis and fraudulent transaction detecti...
White paper Real Time Transaction Analysis and fraudulent transaction detecti...White paper Real Time Transaction Analysis and fraudulent transaction detecti...
White paper Real Time Transaction Analysis and fraudulent transaction detecti...Ajay Alex
 
Cybercriminals target online banking
Cybercriminals target online bankingCybercriminals target online banking
Cybercriminals target online bankingScientia Groups
 
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...Aditya K Sood
 
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive AnalysisEmerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive AnalysisIRJET Journal
 
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceColombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceDulanja Liyanage
 

Similaire à Cybercrime: A threat to Financial industry (20)

A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-Security
 
Current Trends in Cyber Crime 2015
Current Trends in Cyber Crime 2015Current Trends in Cyber Crime 2015
Current Trends in Cyber Crime 2015
 
CSI2008 Gunter Ollmann Man-in-the-browser
CSI2008 Gunter Ollmann Man-in-the-browserCSI2008 Gunter Ollmann Man-in-the-browser
CSI2008 Gunter Ollmann Man-in-the-browser
 
The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017
 
ATM Security Services
ATM Security ServicesATM Security Services
ATM Security Services
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
 
Anatomy of an Enterprise Social Cyber Attack
Anatomy of an Enterprise Social Cyber Attack Anatomy of an Enterprise Social Cyber Attack
Anatomy of an Enterprise Social Cyber Attack
 
The Dangers of Lapto
The Dangers of LaptoThe Dangers of Lapto
The Dangers of Lapto
 
IRJET- Browser Extension for Cryptojacking Malware Detection and Blocking
IRJET- Browser Extension for Cryptojacking Malware Detection and BlockingIRJET- Browser Extension for Cryptojacking Malware Detection and Blocking
IRJET- Browser Extension for Cryptojacking Malware Detection and Blocking
 
2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final
 
Vodqa why cybersecurity
Vodqa why cybersecurityVodqa why cybersecurity
Vodqa why cybersecurity
 
Man-In-The-Browser attacks
Man-In-The-Browser attacksMan-In-The-Browser attacks
Man-In-The-Browser attacks
 
Cyber security
Cyber securityCyber security
Cyber security
 
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
 
White paper Real Time Transaction Analysis and fraudulent transaction detecti...
White paper Real Time Transaction Analysis and fraudulent transaction detecti...White paper Real Time Transaction Analysis and fraudulent transaction detecti...
White paper Real Time Transaction Analysis and fraudulent transaction detecti...
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business Ready
 
Cybercriminals target online banking
Cybercriminals target online bankingCybercriminals target online banking
Cybercriminals target online banking
 
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
 
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive AnalysisEmerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
 
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceColombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
 

Plus de Ammar WK

Vvdp-fgd-bssn
Vvdp-fgd-bssnVvdp-fgd-bssn
Vvdp-fgd-bssnAmmar WK
 
Pen-testing is Dead?
Pen-testing is Dead?Pen-testing is Dead?
Pen-testing is Dead?Ammar WK
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsAmmar WK
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!Ammar WK
 
Bugbounty vs-0day
Bugbounty vs-0dayBugbounty vs-0day
Bugbounty vs-0dayAmmar WK
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent ThreatAmmar WK
 
Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareAmmar WK
 
Hacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteHacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteAmmar WK
 
Introduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingIntroduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingAmmar WK
 
Burp suite
Burp suiteBurp suite
Burp suiteAmmar WK
 
Web Hacking (basic)
Web Hacking (basic)Web Hacking (basic)
Web Hacking (basic)Ammar WK
 
Network Packet Analysis
Network Packet AnalysisNetwork Packet Analysis
Network Packet AnalysisAmmar WK
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)Ammar WK
 
Network security
Network securityNetwork security
Network securityAmmar WK
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Information Security Professional
Information Security ProfessionalInformation Security Professional
Information Security ProfessionalAmmar WK
 
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsHandout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsAmmar WK
 
Layer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationLayer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationAmmar WK
 
How To Become A Hacker
How To Become A HackerHow To Become A Hacker
How To Become A HackerAmmar WK
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?Ammar WK
 

Plus de Ammar WK (20)

Vvdp-fgd-bssn
Vvdp-fgd-bssnVvdp-fgd-bssn
Vvdp-fgd-bssn
 
Pen-testing is Dead?
Pen-testing is Dead?Pen-testing is Dead?
Pen-testing is Dead?
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web Applications
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!
 
Bugbounty vs-0day
Bugbounty vs-0dayBugbounty vs-0day
Bugbounty vs-0day
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent Threat
 
Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malware
 
Hacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteHacker? : it's not about Black or White
Hacker? : it's not about Black or White
 
Introduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingIntroduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration Testing
 
Burp suite
Burp suiteBurp suite
Burp suite
 
Web Hacking (basic)
Web Hacking (basic)Web Hacking (basic)
Web Hacking (basic)
 
Network Packet Analysis
Network Packet AnalysisNetwork Packet Analysis
Network Packet Analysis
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)
 
Network security
Network securityNetwork security
Network security
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Information Security Professional
Information Security ProfessionalInformation Security Professional
Information Security Professional
 
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsHandout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dips
 
Layer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationLayer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigation
 
How To Become A Hacker
How To Become A HackerHow To Become A Hacker
How To Become A Hacker
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?
 

Dernier

Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsPriya Reddy
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...gajnagarg
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理F
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查ydyuyu
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.krishnachandrapal52
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrHenryBriggs2
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsMonica Sydney
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制pxcywzqs
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiMonica Sydney
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Roommeghakumariji156
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfJOHNBEBONYAP1
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoilmeghakumariji156
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Balliameghakumariji156
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsMonica Sydney
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsMonica Sydney
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsMonica Sydney
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"growthgrids
 

Dernier (20)

Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 

Cybercrime: A threat to Financial industry

  • 1. 1 Ahmad Muammar WK, OSCE, OSCP, eMAPT Cybercrime: A threat to Financial industry
  • 2. About Professional hacker/ Penetration tester Doing offensive security/ hacking since 2002 Founder of echo.or.id & idsecconf.org Web: http://me.ammar.web.id email: me@ammar.web.id twitter: @y3dips Ahmad Muammar WK, S.Kom, OSCE, OSCP, eMAPT. 2
  • 3. Table of Contents 01 CyberCrime 02 The Cost of CyberCrime 03 Cybercime Threats to Financial Services 04 Controls and Mitigations 3
  • 5. 5
  • 6. A harmful activity, executed by onegroup (including both grassroots groups or nationally coordinated groups) through computers, IT systems and/or the internet and targeting the computers, IT infrastructure and internet presence of another entity.* 6 Cyber crime * www.iosco.org, international organization of securities
  • 7. A.k.a computer oriented crime, is crime that involves a computer and a network.* 7 Cyber crime * Moore, R. (2005) "Cyber crime: Investigating High-Technology Computer Crime," Anderson Publishing.
  • 8. • Crime Against Individual • Crime Against Property • Crime Against Organizations • Crime Against Society 8 Cyber crime Classification
  • 9. • Cyber-Stalking • Pornography • Defamation • Cracking • Identity Theft • E-mail Spoofing • SMS Spoofing • Phishing • Credit Card Fraud (Carding) • Malicious Code (Virus, malware, ransomware) • Software Piracy 9 Cyber crime Against Individual Cybercrimes committed against individual/persons
  • 11. • Cracking • Computer vandalism • Intellectual Property Crimes • Threatening • Cyber Squatting 11 Cyber crime Against Property Another classification of Cyber-crimes is that, Cybercrimes against all forms of property. This kind of crime is normally prevalent in the financial institutions or for the purpose of committing financial crimes.
  • 12. 12
  • 13. • Is motivated by a political, religious or ideological cause • Is intended to intimidate a government or a section of the public to varying degrees • seriously interferes with infrastructure 13 Cyber crime Against Organizations Also known as CyberTerrorism, is the use of the Internet to conduct violent acts that result in, or threaten, loss of life or significant bodily harm, in order to achieve political gains through intimidation.* * wikipedia.org
  • 14. 14
  • 15. • Cyber Trafficking • Online Gambling • Child Pornography • Bigger Financial Crimes • Salami Attack 15 Cyber crime Against Society An unlawful act done with the intention of causing harm to the cyberspace will affect large number of persons. These offences include.
  • 16. 16
  • 17. The Cost of Cybercrime 17
  • 18. 18 2017 COST Of CYBER CRIME STUDY - Accenture - https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf
  • 19. 19 2017 COST Of CYBER CRIME STUDY - Accenture - https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf
  • 20. 20 2017 COST Of CYBER CRIME STUDY - Accenture - https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf
  • 21. 21 2017 COST Of CYBER CRIME STUDY - Accenture - https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf
  • 23. 23 2017 COST Of CYBER CRIME STUDY - Accenture - https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf
  • 24. “Financial Services has the highest cost of cyber crime” - Accenture on 2017 cost on cybercrime 24
  • 25. Financial threats, aimed at taking over customer transactions and online banking sessions, also attacks against the financial institutions themselves. 25 Threats to financial services • Against Customers. • Against Financial Institutions.
  • 26. • Credit card Fraud • Financial Trojan • Social engineering (Phishing) • Mobile Fraud 26 The Most Common Threats against Customers Side Threats to financial services
  • 27. Credit card fraud is a wide-ranging term for theft and fraud committed using or involving a payment card, such as a credit card or debit card, as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. 27 Credit Card fraud • Hacked e-commerce • Fake websites/payment gateway • Phishing • Sold at Black Market
  • 28. 28
  • 29. 29
  • 30. Malware, one of the major threats against cyber security today is malicious software, often referred to as malware. Malware exploits software vulnerabilities in browsers, third party software and operating systems to gain access to the device and its information and resources. To spread, malware uses also social engineering techniques to trick users into installing and running the malicious code. 30 Financial Trojan • Virus • worms • remote access tools • rootkits • Trojan Horse • spyware • adware • ransomware
  • 31. A.k.a Banking Trojan, trojan horse that redirects traffic from banking and financial websites to another website, ostensibly a website that the attacker has access to. When the software is executed it copies itself onto the host computer, creating folders and setting Registry entries each time the system is started. 31 Financial Trojan • zeus • spyEye • shylock • dyre • carbanak • Odinaff
  • 32. 32 Internet Security Threat Report - Financial Threats Review 2017
  • 34. 34
  • 35. 35
  • 36. Pelaku Melakukan transfer ke rekening pelaku dan diminta token 2 36 Nasabah Memasukkan Username & Password Pelaku login dengan Username & Password milik nasabah dan langsung menambahkan rekening milik pelaku pada daftar transfer diminta token 2 Nasabah diminta memasukkan hasil Apply Token 2 Nasabah diminta memasukkan hasil Apply Token 2 Trojan menampilkan kode angka untuk token 2& dan meminta hasil token 2 Trojan mengirimkan hasıl Apply token 2 ke Pelaku Trojan mengirimkan kode angka untuk token 2 dan meminta hasil token 2 Pelaku memasukkan kode token 2 dan diminta memasukkan kode token 1 untuk konfirmasi Nasabah diminta memasukkan hasil Apply Token 1 Trojan mengirimkan hasıl Apply token 2 ke Pelaku Trojan mengirimkan permintaan hasil token 1 Pelaku memasukkan kode token 1 dan transfer pun sukses di lakukan Trojan mengirimkan hasıl Apply token 1 ke Pelaku Saldo Nasabah berkurang. “Sinkronisasi Token” Attack untuk Transfer
  • 37. Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information 37 Social Engineering • Spear-Phishing • Website attack vector • Infectious Media • SMS Spoofing
  • 38. Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. 38 Phishing • Link Manipulation • Filter Evasion • Website Forgery • Covert Redirect (using XSS Vulnerability) • Social Engineering
  • 41. Mobile banking continues to grow in popularity as customers drive the pace of change towards full service banking apps in favor of physical visits to the branch. Banking apps are also becoming more popular than desktop sessions for many users, because they can leverage built-in authentication features of devices, such as ngerprint biometrics, making the login process particularly seamless. 41 Mobile Fraud
  • 42. 42
  • 43. 43
  • 44. 44 Mobile Fraud • Fake Banking App (via Free Apps) • Mobile Malware • Spoofed SMS Messages • Phishing Attacks • Mobile Apps Vulnerability
  • 45. The new version of BankBot has been hiding in apps that pose as supposedly trustworthy flashlight apps, tricking users into downloading them, in a first campaign. In a second campaign,  the solitaire games and a cleaner app have been dropping additional kinds of malware besides BankBot.The malicious activities include the installation of a fake user interface that’s laid over the clean banking app when it’s opened by the user. As soon as the user’s bank details are entered they are collected by the criminal. In some countries, banks use transaction authentication numbers (TANs), a form of two-factor authentication required to conduct online transfers often used by European banks. The authors of BankBot intercept their victims’ text message that includes the mobile TAN, allowing them to carry out bank transfers on the user's behalf. 45 Bankbot research by Avast “Mobile banking Trojan sneaks into Google Play targeting Wells Fargo, Chase and Citibank customers” - https://blog.avast.com/mobile- banking-trojan-sneaks-into-google-play-targeting-wells-fargo-chase- and-citibank-customers
  • 46. 46
  • 47. 47
  • 48. 48
  • 50. • Distributed Denial of Service (DDOS) • BlackMailing • Bank2Bank Fraud • ATM/POS Attack • Salami Attacks • Multi Factor Attacks 50 The Most Common Threats against Financial Institutions Threats to financial services
  • 51. Is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. 51 DDOS
  • 52. 52
  • 53. 53
  • 54. One of the more common attacks against healthcare providers involves the use of ransomware, where patient records or hospital networks are hacked and subsequently locked down until a ransom is paid, typically in untraceable electronic currency, such as bitcoin. 54 Blackmailing
  • 55. 55
  • 56. Jackpotting/cash out attack - Jackpotting is a term for attacks where malware takes control of the ATM PC and the cash dispenser function, thereby allowing the fraudster to directly cash out money. In most cases the malware is adapted to a specific environment, but the concepts can be easily migrated to different systems. 56 ATM Related Attack
  • 57. 57
  • 59. Man-in-the-Middle Attack - MITM attacks focus on the communication between the ATM PC and the acquirers host system. The malware can, for example, fake host responses to withdraw money without debiting the fraudster’s account. Typically the malware is triggered during transactions with pre-configured card numbers. It can be implemented at a high software layer of the ATM PC or somewhere within the network. 59 ATM Related Attack
  • 60. 60
  • 61. A salami attack is a series of minor attacks that together results in a larger attack. Computers are ideally suited to automating this type of attack. Also known as penny shaving, is the fraudulent practice of stealing money repeatedly in extremely small quantities, usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. 61 Salami Attack
  • 62. 62
  • 63. SWIFT stands for the Society for Worldwide Interbank Financial Telecommunication and is a consortium that operates a trusted and closed computer network for communication between member banks around the world. 63 SWIFT hacking
  • 64. 64
  • 65. 65
  • 66. Attacker able to obtained valid credentials the banks use to conduct money transfers over SWIFT and then used those credentials to initiate money transactions as if they were legitimate bank employees. They installed malware on the bank's network to prevent workers from discovering the fraudulent transactions quickly. In the case of Bangladesh Bank, the malware subverted the software used to automatically print SWIFT transactions. In the case of the bank in Vietnam, the custom malware targeted a PDF reader the bank used to record SWIFT money transfers. The malware apparently manipulated the PDF reports to remove any trace of the fraudulent transactions from them. 66 SWIFT hacking
  • 67. Multi-vector attacks exploit common weaknesses in the security chain - such as poorly configured servers, gullible staff, vulnerable applications or lack of multiple levels of defence - by combining elements like social engineering, spear phishing, contaminated USB drives and voice phishing with malicious attachments carrying code that exploits known or unknown vulnerabilities on the target system. Oftentimes, multi-vector attacks are designed to avoid traditional defences like anti-virus software, intrusion detection systems and other endpoint protection programs, which makes them elusive, difficult to detect and hard to defeat. 67 Multi Factor Attack
  • 68. 68A security researcher examining Equifax's servers observed an online portal, apparently created for Equifax employees only, was accessible to the open Internet.
  • 70. Since financial threats “mostly” targeted the customers and the financial institutions, so we will try to controls and suggest the mitigations. 70 Suggested Controls and Mitigation
  • 71. A continuous exchange of intelligence information about attacks and countermeasures among the IT experts of Financial Institution is considered to be almost the only possible defence against these types of attacks. A very important aspect to counter the social engineering attacks is continued awareness raising campaigns. Financial Institutions need to have a proper customer education system in place, not only addressing individual clients but also including SMEs and large corporates, explaining the risks in layman words. 71 Social engineering (e.g: Phishing)
  • 72. 72
  • 73. • Minimise the number of installed programs on the device (and from trusted resources only). • Regularly update the installed software and to remove software that does no longer have any use. • Activate automatic update for OS and apps installed. • Limit the use of Administrative rights. • Use and Update Anti-Virus. • Use and Configure Firewall. • Company; Use More sophisticated to protect the users, such as IDS/IPS and APT protections. • Use Script Blockers, e-mail filtering. 73 Malware
  • 74. • Update the software running on your mobile device with the latest security patches and upgrades, these should be sent to you by your network / operating system provider • Use a secure lock screen, set a password, PIN or fingerprint to unlock your device • Add a PIN or Passcode to the voice-mail on your mobile device • install anti-virus software on your mobile device • Use two-factor authentication when the risk is high. 74 Mobile Related Attacks (Users)
  • 75. • Do not allow applications to be installed from unknown / untrusted sources • Do not allow jailbroken or rooted devices • Monitor App stores and internet for fake applications • Implement anti tampering controls. • Protect app code with code signing and / or obfuscation. • Implement strong sensitive data encryption on device. • Do not consider frequently used third-party libraries as secure and validate them before using them. • Implement controls to protect communication channel. • Implement device owner/user verification. • Implement mobile device verification. • Implement two-factor authentication when the risk is high. • Perform Application Penetration testing. 75 Mobile Related Attacks (Bank/ Developers)
  • 76. • 3D Secure: authentication protocol based on a three-domain model (Acquirer, Issuer & Interoperability domain) to ensure authenticity of both peers through internet transactions. • Tokenisation: process of substituting sensitive data with non-sensitive equivalent called token. • PAN truncation: replaces the card number printed in any system with a printout of only the last four digits, the remainder being replaced usually by asterisks. • Geolocation 76 Card Related Attacks (Merchants)
  • 77. • Use of strong authentication with the rollout of chip (EMV) & PIN. • Geoblocking: To protect cards from being misused by skimming fraud, it is strongly recommended to protect cards with a geographical region of use. • Blocking:To limit the usage of cards to specific channels or specific contexts. • Fraud monitoring: Deploy a responsive, real- time fraud system with prevention capabilities. Ensure your fraud system identifies suspicious patterns of behavior to stop fraud based on tailor-made scenarios and rules. 77 Card Related Attacks (Issuers)
  • 78. • Communication authentication and encryption protections should be apply to ATM Traffic, use TLS or VPN. • Firewall should established. • Operating System should be hardened support with policy and procedure to do it. • Deploy Anti-Malware and logical protection (using whitelisting). • Uknown USB devices should be blocked. 78 ATM Related Attacks
  • 79. • Doing offensive Security Regularly (IT Security Penetration Testings) • Regularly doing Security Audit and vulnerability Assessments. • financial institutions must keep investing in new state of the art security technologies (Advanced Threat Protection), ensuring that their cyber defense frameworks provide adequate response and defense-in-depth for identifying, stopping and recovering from multi-vector attacks. 79 Multi factor Attacks
  • 80. References: • “Cyber Crime – A Threat to Persons, Property,Government and Societies Er. Harpreet Singh Dalla, Ms. Geeta “ - http://ijarcsse.com/Before_August_2017/ docs/papers/Volume_3/5_May2013/V3I5-0374.pdf • “2016 PAYMENT THREATS TRENDS REPORT” - European Payment Council - https:// www.europeanpaymentscouncil.eu/sites/default/files/KB/files/ EPC293-16%20v1.0%20%202016%20Payment%20Threats%20Trends%20Report.pdf • “The cybercrimes on financial and banking services:The Challenges and Treatment.- MEZIOUD Brahim SMAI Ali, University of Medea” - https:// www.asjp.cerist.dz/en/downArticle/41/16/44/4701 • “2017 Cost of Cyber Crime Study - Accenture”- https://www.accenture.com/ t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017- CostCyberCrimeStudy.pdf • “2017 Q3 Cybercrime Report - Threat Matrix” - https://www.threatmetrix.com/ info/q3-2017-cybercrime-report/ • “ISTR Financial Threat Review 2017 - Symantec” - https://www.symantec.com/ content/dam/symantec/docs/security-center/white-papers/istr-financial-threats- review-2017-en.pdf • “2016 SEA Online Fraud Benchmark Report - CyberSource” - http:// www.cybersource.com/content/dam/cybersource/en-APAC/Documents/ SEA_Fraud_Benchmark_Report.PDF 80
  • 81. 81 Ahmad Muammar WK, OSCE, OSCP, eMAPT
 email: me@ammar.web.id Cybercrime: A threat to Financial industry