Post on 20-Jun-2020
Turning on network protections for Web Fraud
Gad Elkin Alfredo VistolaRegional Sales Director, EMEA Security Solution Architect, EMEA
F5 Agility 2014 2
Fraud and malware remains a challenge
Malware/Fraud Statistics
Mobile Malware (MM)
Phishing attacks
15% increase in malware,- MC Afee threat report 2013
196 Million Unique malware samples in 2013,
- MC Afee threat report 2013
70% of malware targeting financial services companies
Data sources include Symantec , Microsoft, Kaspersky, MacAfee, DarkReading, Gartner and Cybersource
22,750 new modifications of malicious programs target mobile devices throughout the year
99% of newly discovered MM attacks target Android devices
37.3 million users around the world were subjected to phishing attacks 2012-2013
72,758 unique phishing attacks recorded in 1st half 2013 (WW)
F5 Agility 2014 3
Malware Threat Landscape – Growth and Targets
Malware
Existing malware strains are Trojans
%79Of Institutions learned about fraud incidents from their customers
%82
Of real-world malware is caught by anti-virus
%
25
Data sources: Dark Reading, PandaLabs, & ISMG
Of malware code is logic to bypass defenses50
%
F5 Agility 2014 4
Anti-fraud, Anti phishing, Anti- malware services
Clientless solution, enabling 100%
coverage
Protect Online UserDesktop, tablets &
mobile devices
On All DevicesNo software or user
involvement required
Full TransparencyTargeted malware, MITB, zero-days, MITM, phishing
automated transactions…
Prevent FraudAlerts and
customizable rules
In Real Time
F5 Agility 2014 5
Changing threatsincreasing in complexity
requiring full threat reconnaissance
Endless customer devices
desktop, laptop, tablet, phone, internet café, game
consoles, smart TVs
Browser is the weakest linkTrojans, MITB attack the client browser or
device where the bank has no security footprint
OwnershipCustomers expect the banks to secure against all forms of fraud regardless of devices
used or actions taken
Attack visibilityIs often lacking details
to truly track and identify attacks and
their source
Securing against banking fraud can be complex
ComplianceEnsuring compliance with regulations and FFEIC requirements
F5 Agility 2014 6
F5 fraud protection services
Retail Bank
“The knowledge that
our online users are
protected from
fraudsters, wherever
they are and at any
time, enables our
team to focus on
developing new
products and
services.”
Executive Vice President, Leumi Bank
© F5 Networks, Inc 7
Our unique solution Offers protection to cover the gaps with most security solutions
Device fingerprintingGeneric Malware Detection
Geo Location Brute force detectionCredential Protection OTP / SSO
Behavioral and Click Analysis
Abnormal money movementTransaction integrity checks
Site Visit Site Log In User Navigation Transactions Transaction
Execution
Customer Fraud Alerts
Phishing Threats
Credential Grabbing
MalwareInjections
AutomaticTransactions
Transactionmanipulation
1
Slide 7
1 Can we get the text animation on #11 consistent? some are up, others sideways, should be consistent. Scott Rossick; 05.06.2014
© F5 Networks, Inc 8
Advanced phishing attack detection and prevention
Alerts upon usage of copy site on local computer
Alerts upon login and testing of phishing site
Phishing user names sent to SOC
Shutdowns identified phishing server sites during testing
Identifies phishing threats early-on and stops attacks before emails are sent
Internet
Web Application
1. Copy website
2. Save copy to computer
3. Upload copy spoofed site
4. Test spoofed site
Alerts at each stage of phishing site development
© F5 Networks, Inc 9
Generic and targeted malware detection
• Analyzes browser for traces of common malware (i.e., Zeus, citadel, Carberp, etc)
• Detects browser redressing
• Performs checks on domain and other components
With real-time analysis and a variety of checks WebSafe identifies compromised sessions, malicious scripts, phishing attacks and malware including MITM/B, BOTs, fraudulent transactions
© F5 Networks, Inc 10
Advanced application-layer encryption
Any sensitive information can be encrypted at the message level
User credentials & information is encrypted then submitted
Data is decrypted using WebSafe on BIG-IP hardware
Intercepted information rendered useless to MiTM attacker
WebSafe secures credentials and other valuable data submitted on webforms.
Credential Encryption
F5 Agility 2014 11
WebSafe – 100% transparent anti-fraud solution
Transaction Protection Security Operations Research Center
Fraud Detection
• Real-time transaction analysis• Comprehensive request analysis• Clientless layer 7 encryption• Session initiated, one-time
encryption key
• 24X7 security reports and alerts• Identifies and investigates attacks
in real-time• Researches and investigates new
global fraud technology & schemes
• Provides detailed incident reports• Optional site take-down
• Detection of targeted malware, BOTs, MITM/B, Zero-day, credential grabbers, session hijacking and more
• Identifies extensive scans & searches
• Monitors/alerts when site copy is loaded to spoofed sites
Only fully transparent Anti-Fraud solution that reduces banking fraud loss
F5 Agility 2014 12
MobileSafe – fraud protection for mobile device users
In App Encryption Security Operations Research Center
Fraud Detection and Protections
• User sensitive data is encrypted in the app (e.g., user name, passwords, account numbers)
• Renders mobile device traffic sniffing malware ineffective
• Detection of targeted malwareBOTs, MITM/B, Zero-day, SMS grabbers, key loggers and more
• Jail broken device detection & risk score adjustment
Introduces 100% clientless protection for all mobile device users
• 24X7 security reports and alerts• Identifies and investigates attacks
in real-time• Researches and investigates new
global fraud technology & schemes
© F5 Networks, Inc 13
F5 Security Operations Center (SOC)
24x7x365 fraud analysis team that extends your security team
Researches and investigates new global fraud technology & schemes
Detailed incident reports
Continuous product component checks
Real-time alerts activated by phone, sms and email
Optional site take-down: Phishing or brand-abuse sites
Always on the watch
© F5 Networks, Inc 14
F5 SOC: Cyber intelligence
Sources information from a variety of resources
Analyzes malware files and researches drop zones
Provides quarterly dedicated reports
Delivers the right information: identify attacker’s, C&C, drop zones, mule accounts, compromised users, and more...
Identifies social network scheming, sophisticated online fraud and brand abuse
Always on cyber research and analysis
SOC incidents4 quarters
SOC incidents52 weeks
© F5 Networks, Inc 15
F5 SOC: Phishing site take-down service
Always available F5 monitoring and response team
Complete attack assessment & post-partum attack report
Leverage relationships with ISPs, anti-phishing groups and key international agencies
Malicious site take-down in minimal time
Recommendations for counter security measures
Quickly identify and shut down brand abuse websites
DEMO
F5 Agility 2014 17
BACKED BY WORLD-CLASS SUPPORT AND PROFESSIONAL SERVICES
Prevents phishing attack
Only 100% transparent
anti-fraud solution
Combined fraud detection & protection
Simple product rollout
Ensures compliance
WebSafe benefits and differentiatorsProtects users data
in use
protect all customers on all devices
F5 Agility 2014 18
• Offer the strongest protection for applications and data wherever they reside
• Provide the industry’s most scalable and flexible access control to applications and data from anywhere and any device
• Deliver the highest value and most differentiated security solutions with best of breed management
• Offer unique hybrid security services that meet the specific needs for multi-layered security
F5’s security vision
EAL2+EAL4+ (in process)
NetworkFirewall
One Platform
TrafficManagement
ApplicationSecurity
DNSSecurity
SSLAccessControl
DDoSProtection
Anti-Fraud, Anti-Malware,Anti-Phishing
Next Steps
Visit us on www.F5.com to more about Web Fraud Protection services
Take look at the following materialsData sheet: F5 WebSafeReference architecture: Web fraud protectionWhite paper: Protecting against online banking fraud
Meet with us for further details and to discuss POC
Contact your F5 rep to learn more.