CYBER INTELLIGENCE

PROACTIVE INTELLIGENCE AGAINST CYBER-FRAUD

Hackers don’t care who you are.

They just care how rich you can make them.

PROACTIVE VS REACTIVE SECURITY

4

Recon Footprinting Gaining Access MaintainingAccess

Erasal of Logs

REACTIVE APPROACH

Firewall /WAF/IDS/IPS

AntiVirus / DLP Tools Forensic ToolsCYBER INTELLIGENCE

PROACTIVE APPROACH

A successful cyber attack involves different steps including, reconnaissance, footprinting, gainingaccess, maintaining access and erasal of logs. Present conventional tools of the industry have areactive nature; being able to respond only when the attack has already been conducted.

On the other hand, the Cyber Intelligence approach aims to respond before the attack turnsinto a real threat.

RISK IN ON-LINE GAMBLING INDUSTRY

Risk = (Probabilityof the accidentoccurring) X(Expected loss incase of theaccident)

REACTIVE SECURITY APPROACH

Most of the conventionalmethods / tools / instrumentsthat are used to fightcybercrime are mainlyREACTIVE solutions.

When these reactivesolutions, despite being alsoimportant, are called forduty… it’s already too late.

WHY REACTIVE SECURITY METHODS FAIL?

Customers want to deposit and withdraw money easily ID Verification should not take too much time Customers don’t want to share personal information Device authentication mostly becomes ineffective since hackers use thecorresponding compromised devices to access stolen accounts. Second factor authentications are hard to manage Online gaming scripts are complex | Complexity is the enemy of security Call centers and support staff need to access information but no securitymetrics are defined in employment process The gambling services are a system involving the exchange of moneythat lends itself to money laundering.

BEING PROACTIVE

Merriam-Webster defines «proactive» as such:

«…preparing for possible future problems».

ON-LINE GAMBLING: THREATS

9

Most Important security problems ofOn-line Gambling can be summarizedas follows:Gaming Software Flaws and

AutomationStolen Credit CardsWeb-App VulnerabilitiesAccount HijackingInsider ThreatsSocial EngineeringService Interruption

ON-LINE GAMBLING THREATS: GAMING SOFTWARE FLAWS I

10

Due to the rapid expansion of online gaming market, onlinegaming has quickly created its own black market.Thanks to the huge amounts of stolen currencies that havebeen laundred by hackers successfully, more and more hackershave turned their heads towards online gambling.Due to the stolen money laundering capabilities of hackerswith the use of online gambling, thousands of hackers andcyber-fraudsters have targeted online gaming andautomation systems, for the purpose of finding a flaw thatmay be exploited as a vulnerability.

ON-LINE GAMBLING THREATS:

GAMING SOFTWARE FLAWS II

11

ON-LINE GAMBLING THREATS:

GAMING SOFTWARE FLAWS III

12

ON-LINE GAMBLING THREATS: GAMING SOFTWARE FLAWS IV

13

ONLINE GAMBLING THREATS: GAMING SOFTWARE FLAWS V

14

ON-LINE GAMBLING THREATS:GAMING SOFTWARE FLAWS VI

15

ON-LINE GAMBLING THREATS: STOLEN CREDIT CARDS I

16

Most practised form of cyber fraudfor the last 15 years: purchase, sale,usage and laundering of stolen creditcards.

Result: creation of a billion dollarblack market.

Mainly using credit cards as apayment instrument, online gamingand gambling sites have alwaysbeen, and will most assuredly betargeted in the future for thepurpose of stealing credit cards.

ON-LINE GAMBLING THREATS: STOLEN CREDIT CARDS II

17

ON-LINE GAMBLING THREATS: WEB-APP VULNERABILITIES I

18

Nearly each and every online gaming and gambling site in the world is subject to continuous vulnerability scans and exploit trials.

On the other hand, what is very little known is that these newly found vulnerabilities (even very simplistic ones) are continuously shared and sold in the underground.

ON-LINE GAMBLING THREATS:WEB-APP VULNERABILITIES II

19

ON-LINE GAMBLING THREATS:WEB-APP VULNERABILITIES III

20

ON-LINE GAMBLING THREATS: ACCOUNT HIJACKING I

21

Hackers steal accounts of onlinegambling users for the purpose of:

Laundering money, as theseaccounts have a higher trust rate inthe eyes of online anti-fraudmechanisms.

Stealing the credits that theseaccounts may have.

Distributing stolen online currenciesfor the purpose of annonymization.

ON-LINE GAMBLING THREATS: ACCOUNT HIJACKING II

22

ON-LINE GAMBLING THREATS: INSIDER THREATS

23

Apart from the externalthreats, online gamblingindustry shall also bedeemed vulnerable againstinsider threats.

Due to the availability ofannonymization as well asdigitalization of monetaryassets; the sector is trulyprone to insider threats.

ON-LINE GAMBLING THREATS: SOCIAL ENGINEERING I

24

Social engineering has proven itself to be the most simplistic, yet one of themost powerful hacking methods than can be performed.

Call centers and helpdesks at online gambling and gaming platforms areusually trained for helping and assisting the members.

Unfortunately, this makes these platforms the perfect environment forattackers to deceive the operator.

Especially, following social engineering methods are continuously targetedagainst online casino platforms:

Call center attacks Phishing attacks Document Forgery

ON-LINE GAMBLING THREATS:SOCIAL ENGINEERING II

25

SOLUTION?

26

Although problems seem to be complicated and varied: a proactive solution is possible.

And this is what we call: The Cyber Intelligence.

Cyber-Intelligence technology is based on acquiring actionableinformation from the other side of the fence.

CYBER INTELLIGENCE APPROACH

Thus, large scale cyber attack campaigns,worldwide organizations of hacktivist groupsand growing cyber war initiatives ofgovernments have changed the scope of cybersecurity arena.

These newly evolving types of threats havebrought the requirement for a completelydifferent approach towards security:

Cyber Intelligence.

BANKING SECURITY INNOVATION OF THE YEAR

CSD & G-PACT (“THE TEAM”): CYBER INTELLIGENCE - I

Being an award winning technology (Retail Banker International London 2015 – Banking SecurityInnovation of the Year), THE TEAM relies on a truly unique technology: deep web monitoring sensors.

Deployed in a custom manner according to credentials and specifications of each G-PACT member, thesesensors monitor the underground and notify each TEAM member about the following:

Risky data-leaks about the Client (corporate data, user data, customer data, etc.)

Upcoming Cyber-attack Campaigns; (latest attacking methods, current plans about latest attacks,newly evolving attack-trends);

Latest Malware Examples (Specific to the Client’s industry/sector and activities);

Stolen User Credentials Intelligence

Stolen ID and Passport Intelligence

Stolen Payment Accounts (Paypal, Moneygram etc.)

THE TEAM: CYBER INTELLIGENCE - II

Aside from being the most innovative Cyber-

Intelligence approach of this complex domain

arena, THE TEAM is also reinforced with:

Actionable Cyber Intelligence Notifications, Industrial Cyber Threat Sharing

Capabilities, High-end brand-protection detection/

termination/notification services.

THE TEAM: CYBER CRIME INTELLIGENCE - I

Most of the cyber crime activity is defined as a cyber crime operation when: The attack has been carried by a team or any other organized group

The attack has been designed to be sustainable and continuous.

THE TEAM cybercrime response (CR) team continously monitors these advanced large-scalethreats and analyzes each element of these fraudulent attempts.

Each cybercrime operation is meticulously analyzed in terms of its: Suspects

Tools

Methods

Motivation

These findings are reported to all relevant members of THE TEAM Platform in maximum 2hours period following detection of the operation.

30

THE TEAM: CYBER CRIME INTELLIGENCE - II

31

THE TEAM: CYBER CRIME INTELLIGENCE - III

32

THE TEAM: MALWARE INTELLIGENCE - I

Malware Intelligence is one of the most niché areas of Cyber Intelligence.Critical infrastructures are targeted by thousands of new malware examples every day. Yet,only a few of these attack tools can be identified beforehand.Unlike the common misconception; antivirus scanners have very little to do with actualprotection of your organizations. Especially when it comes to critical sectors, tools and techniquesof attackers can easily penetrate through most firewalls, antivirus software, and any othersecurity precaution which may or may not be implemented. THE TEAM provides its members with actual examples of latest malware development

affairs of attackers, directly from the underground. Deep Web Sensors® technology of PRODAFT-CSD, is more than able to acquire samples of

all newly-developed Botnet or similar malware. Before being shared with members of THE TEAM Platform, each of these malware samples

are analyzed in terms of their Capabilities and Affiliates (C2) Servers.

33

THE TEAM: MALWARE INTELLIGENCE - II

34

THE TEAM: DATA LEAKAGE INTELLIGENCE - I

35

Without your knowing, critical information about your organization, employee, clients oraffiliated partners can be leaked and spread throughout the cyber underground.Even though some of these information may seem unimportant; they can be usedefficiently by high-end attackers to carry out advanced and complex cyber attacks andother espionagé operations.THE TEAM uses PRODAFT-CSD’s Deep Web Sensors® technology to automaticallymonitor the underground for detecting any data leakage involving THE TEAM memberorganizations.Some of the most-commonly detected examples of data leakage are as follows: Stolen passport / identity scans; E-mail address / password pairs; Account credentials; Corporate accounts for intra-organizational online services. Confidential corporate documents.

THE TEAM: DATA LEAKAGE INTELLIGENCE - II

36

THE TEAM: ON-LINE CASINO CREDENTIALS INTELLIGENCE - I

37

Especially advanced attackers and cyberfraud groups target onlinegambling credentials of casino clients to steal the balance on thevictims’ account by means of underground money-laundering servicesand shell companies.These online banking credentials are stolen by attackers by means of Phishing Sites, Large-scale Botnets,Malicious Internet Banking applications on mobile stores and

markets.

THE TEAM: ON-LINE CASINO CREDENTIALS INTELLIGENCE - II

38

THE TEAM: PHISHING AND BRAND PROTECTION INTELLIGENCE - I

39

Despite seeming less-important and easily applicable by attackers, phishinghas become one of the most commonly used methods of cyber-fraud.

THE TEAM relies on its specifically crafted automatized phishing systems,which are able to detect and respond to phishing campaigns automatically.

In the previous year, THE TEAM has eliminated a total of 12.000 phishingsites / applications. This figure is higher than all other anti-phishing / brandmonitoring solutions in the industry, combined.

Apart from phishing sites and campaigns, THE TEAM monitoring sensorswander throughout the web, mobile application markets and social mediaplatforms for any malicious / fraudulent site/file/name/trace that maydamage the reputation of its members.

THE TEAM: PHISHING ANDBRAND PROTECTION INTELLIGENCE - II

40

THE TEAM: BOTNET INTELLIGENCE / BLACKLIST

41

PRODAFT-CSD’s botnet sinkhole systems;automatically penetrates into large-scaleBotNets of attackers to reveal infected IPaddresses that are under control of theattacker.These Infected IP addresses are shared with THE

TEAM members inside the scope of “Users underPotential Threat” blacklist.

Thanks to Botnet Blacklist Intelligence service;THE TEAM’s member organizations are able todetect, if any of their incoming visitors havebeen infected by a BotNet; and restrict / limittheir access or implement additional measuresto prevent further losses.

THE TEAM: FRAUD METHOD INTELLIGENCE

42

Each day, cyber attackers andfraudsters come up with news ways oflaundering / transferring money fromstolen credit cards, bank accounts andother online payment systems.THE TEAM Operators continuously scanthe underground, and look for newlyemerging methods of cyber-fraud andmoney laundering, in order to notifyTHE TEAM Members about lateststrends of cyber-fraud.

THE TEAM: STOLEN ID/PASSPORT INTELLIGENCE

43

Currently, THE TEAM has previously deployedworking sensors which acquire stolen ID /passport information from the undergroundand provide this intelligence to major bankingcompanies.

These IDs and Passports are also widely used forOnline Gambling fraud.THE TEAM can be configured to provide onlinegambling organizations with specific stolenpassport/ID information involving a specificcountry or on an international level.As of 2016, THE TEAM has detected more than2.100.000 stolen passport / ID.

THE TEAM: PENETRATION TESTING

44

Of course penetration testing is another, yet,very important form of proactive securitymeasures.

On the other hand most of the «penetrationtests» as we know it, are not more thancommercialized IT services that lack true hackerperspective.

Therefore, all penetration testing efforts shall beperformed by unorthodox crews consisting ofethical hackers that have true «outside the box»hacking knowledge…. rather than an IT guy atthe far-end of the world, that presses «Start»button of a vulnerability scanner.

THE TEAM: CONCLUSION I

45

Truly proactive solutions are required for an efficient fightagainst cyber-fraud, especially in online gambling.

When the attacker arrives at your door, its already too late.Only a very - very - minor percentage of losses are actually

realized.Cyber-underground is evolving and expanding more rapidly

than conventional security does.. Attackers already know, and laught at, most of the

automatized security / fraud prevention systems that wealready have in place.

THE TEAM: CONCLUSION - II

46

IF YOU WANT “TO BE SECURE” RATHER THAN “TO FEEL SECURE”,

BE PROACTIVE!

Thank You!