Protegiendo a las Instituciones Financieras y sus Usuarios del Fraude Informático

Alejandro Dutto

Sr. Mgr, Field Systems Engineering – Latin America & Caribbean

alejandro@f5.com

© F5 Networks, Inc 2

Fraud and malware remains a challenge

Malware/Fraud Statistics

Mobile Malware (MM)

Phishing attacks

15% increase in malware,

- MC Afee threat report 2014

196 Million Unique

malware samples in 2013,- MC Afee threat report 2014

70% of malware

targeting financial services companies

Data sources include Symantec , Microsoft, Kaspersky, MacAfee, DarkReading, Gartner and Cybersource

22,750 new modifications

of malicious programs target mobile devices throughout the year

99% of newly

discovered MM attacks target Android devices

37.3 million users around the

world were subjected to phishing attacks 2013-2014

72,758 unique phishing

attacks recorded in 1st half 2014 (WW)

© F5 Networks, Inc 3

Malware Threat Landscape – Growth and Targets

Existing malware strains are Trojans%79

Of malware code is logic to bypass defenses

%50

Of Institutions learned about fraud incidents from their customers

%82

Of real-world malware is caught by anti-virus

%25 Malware

Data sources: Dark Reading, PandaLabs, & ISMG

© F5 Networks, Inc 4

Changing threats

increasing in complexity requiring

full threat reconnaissance

Endless customer Devices desktop, laptop, tablet, phone,

internet café, game consoles,

smart TVs

Browser is the weakest link

Trojans, MITB attack the client

browser or device where the bank has

no security footprint

Ownership

Customers expect the banks to secure

against all forms of fraud regardless of

devices used or actions taken

Attack visibility

Is often lacking details to truly

track and identify attacks and

their source

Securing against banking fraud can be complex

Compliance

Ensuring compliance with

regulations and FFEIC

requirements

© F5 Networks, Inc 5

Browser is the weakest LinkEnd point risks to “Data In Use”

Customer browser

HTTP/HTTPS

Secured

Data center

Web Fraud Detection

WAF

HIPS

Traffic Management

NIPS

DLP

Network firewall

SIEM

Leveraging

Browser

application

behavior• Caching content, disk

cookies, history

• Add-ons, Plug-ins

Manipulating user

actions:• Social engineering

• Weak browser

settings

• Malicious data theft

• Inadvertent data loss

Embedding

malware:• Keyloggers

• Framegrabbers

• Data miners

• MITB / MITM

• Phishers / Pharmers

Protecting against online fraudwith F5

© F5 Networks, Inc 7

Anti-fraud, Anti phishing, Anti- malware services

Clientless solution, enabling 100% coverage

Protect Online User

Desktop, tablets & mobile devices

On All Devices

No software or user involvement required

Full Transparency

Targeted malware, MITB, zero-days, MITM,

phishing automated transactions…

Prevent Fraud

Alerts and customizable rules

In Real Time

© F5 Networks, Inc 8

Web Fraud Protection With F5

Strategic Point of Control

Web FraudProtection

Online CustomersA

B

C

Online Customers

Online Customers

SecurityOperations Center

Account

Amount

Transfer Funds

NetworkFirewall

Copied Pagesand Phishing

Man-in-the-Browser Attacks

Application

AutomatedTransactions

1. Malware Detection and

protection

2. Anti-phishing

3. Stopping Automated

transactions

KEY CUSTOMER SCENARIOS

© F5 Networks, Inc 9

Malware Detection and Protection

3

OnlineCustomers

Web Fraud Protection

+ Honeypots for Generic Malware+ App-Level Encryption

+ Advanced Phishing Detection+ Real-Time Transaction Monitoring

LTM WEBSAFE

BIG-IP Platform

BIG-IP Local Traffic Manager

BETTER BEST

Simplified Business Models

+ WebSafe

GOOD

2

1

SecurityOperations Center

NetworkFirewall

ApplicationMan-in-the-Browser Attacks

1. Malware detection component

assesses user device ID,

checks SSL

2. Validity, and ensures HTTPS

connection is secure

3. Any anomalies trigger an

alert. Encryption component

renders any stolen data

worthless to an attacker

HOW IT WORKS

© F5 Networks, Inc 10

• Alerts of extensive site copying or scanning

• Alerts on uploads to a hosting server or company

• Alerts upon login and testing of phishing site

• Shuts down identified phishing server sites during testing

Advanced phishing attack detection and preventionIdentifies phishing threats early-on and stops attacks before emails are sent

Internet

Web Application

2. Save copy to computer

3. Upload copy to spoofed site

4. Test spoofed site

1. Copy website

Alerts at each stage of

phishing site development

© F5 Networks, Inc 11

Protection from Spear Phishing

3

OnlineCustomers

Web Fraud Protection

+ Honeypots for Generic Malware+ App-Level Encryption

+ Advanced Phishing Detection+ Real-Time Transaction Monitoring

LTM WEBSAFE

BIG-IP Platform

BIG-IP Local Traffic Manager

BETTER BEST

Simplified Business Models

+ WebSafe

GOOD

2

1

SecurityOperations Center

NetworkFirewall

ApplicationCopied Pages

1. Phishing detection component

detects copying and uploading

of web pages

2. An alert is issued

3. Attacker’s IP address, drop

zones, and any compromised

credentials are identified

HOW IT WORKS

© F5 Networks, Inc 12

• Any sensitive information can be encrypted at the message level

• User credentials & information is encrypted then submitted

• Data is decrypted using WebSafe on BIG-IP hardware

• Intercepted information rendered useless to MiTM attacker

Advanced application-layer encryptionF5 secures credentials and other valuable data submitted on webforms.

Encryption as you type

© F5 Networks, Inc 13

Preventing Automated Fraudulent Transactions

Account

Amount

Transfer Funds

OnlineCustomers

2

Web Fraud Protection

+ Honeypots for Generic Malware+ App-Level Encryption

+ Advanced Phishing Detection+ Real-Time Transaction Monitoring

LTM WEBSAFE

BIG-IP Platform

BIG-IP Local Traffic Manager

BETTER BEST

Simplified Business Models

+ WebSafe

GOOD

2

1

SecurityOperations Center

NetworkFirewall

Application

1. F5 adds hidden JavaScript

code to web page served to

online customer

2. F5 actively monitors user

behavior interacting with the

web page

3. If anomalous behavior is

detected, an alert is triggered

HOW IT WORKS

© F5 Networks, Inc 14

Additional Methods for Implementing Websafe

Online CustomersA

B

C

Online Customers

Online Customers

SecurityOperations Center

A

B

C

Account

Amount

Transfer Funds

NetworkFirewall

Copied Pagesand Phishing

Man-in-the-Browser Attacks

Application

AutomatedTransactions

Traffic Management

LTM

BIG-IP Platform

Customer Scenarios

See scenario-specific diagrams for process details.

Malware Detection and Protection

Anti-Phishing

Transaction Analysis

BIG-IP Local Traffic Manager

BETTER BEST

Simplified Business Models

+ WebSafe

GOOD

Web Fraud Protection

WEBSAFE

+ Honeypots for Generic Malware+ App-Level Encryption

+ Advanced Phishing Detection+ Real-Time Transaction Monitoring

+ Intelligent Traffic management+ SSL Termination

© F5 Networks, Inc 15

• 24x7x365 fraud analysis team that extends your security team

• Researches and investigates new global fraud technology & schemes

• Detailed incident reports

• Continuous product component checks

• Real-time alerts activated by phone, smsand email

• Optional site take-down: Phishing sites

• Phishing or brand-abuse sites

F5 Security Operations Center (SOC)Always on the watch

© F5 Networks, Inc 16

Benefits

BACKED BY WORLD-CLASS SUPPORT AND PROFESSIONAL SERVICES

Simple product rollout

Combined fraud detection & protection

Only 100% transparent

anti-fraud solution

Protects users data

in use

Ensures compliancePrevents phishing

attack

protect all customers

on all devices

© F5 Networks, Inc 17

F5 fraud protection services

Healthcare

Retail Bank

“The knowledge that our online users are protected from fraudsters, wherever they are and at any time, enables our team to focus on developing new products and services.”

Executive Vice President, Leumi Bank

© F5 Networks, Inc 18

Our unique solution Offers protection to cover the gaps with most security solutions

Device Fingerprinting

•Geo-location

•Brute Force Detection

•Behavioral Analysis

Behavioral and Click Analysis

Abnormal Money Movement Analysis

Site Visit Site Log InUser

NavigationTransactions

Transaction Execution

Customer Fraud Alerts

Phishing

Threats

Credential

GrabbingMalware

Injections

Automatic

Transactions

PII and CC

Grabbing