1 / 23

The Financial Industry vs. Advanced Persistent Threats

The Financial Industry vs. Advanced Persistent Threats. Tom Patterson CSO, MagTek Inc . Security.magtek.com Tom.Patterson@MagTek.com. A Discussion in Two Parts APTs Among Us What the Financial Sector is Doing About Them. SCREWED. “.

coral
Download Presentation

The Financial Industry vs. Advanced Persistent Threats

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Financial Industryvs.Advanced Persistent Threats • Tom Patterson • CSO, MagTek Inc. • Security.magtek.com • Tom.Patterson@MagTek.com

  2. A Discussion in Two Parts • APTs Among Us • What the Financial Sector is Doing About Them

  3. SCREWED

  4. “The United States is fighting a cyber-war today, and we are losing.”The United States is fighting a cyber-war today, and we are losing. ” - Mike McConnell

  5. “Malicious cyber activity is occurring on an unprecedented scale with extraordinary sophistication. While both the threats and technologies associated with cyberspace are dynamic, the existing balance in network technology favors malicious actors, and is likely to continue to do so for the foreseeable future.” -Dennis Blair

  6. In Olden Days…

  7. Today… • ID the “Mark” • Get Inside • Scope it out • Customize the Attack • Steal and Blast • Go underground and wait Robin Sage

  8. Defense in Depth? • Encryption • DLP • Authentication • Antivirus • Firewalls • Cracking tools • Encryption • Social Engineering • Polymorphic • Trusted users

  9. Because the techniques used to obtain unauthorized access, disable or degrade service, or sabotage systems change frequently and often are not recognized until launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures ” - Google SEC Filing

  10. Newish Attack Vectors • Clickjacking • Tapjacking • BlueJacking • Social Engineering • “Trusted” relationships

  11. $20 Bucks on eBay and NOT ILLEGAL! 6 small batteries connected to micro switches Magnetic Read Head Micro Switches More than just money! Transmitter Antenna

  12. Fight Back withInformation Sharing • FS/ISAC • FICO • FBI Domain • Infragard • USSS ECTF Take Down in London Financial Services Sector is the Most Advanced in terms of Information Sharing

  13. Fight Back withSCIENCE A scientific discovery by a University of Washington (Illinois) professor called a Magnetic Fingerprint

  14. AUTHENTICATE THE CARD, Not Just the data! • unchangeable & non-replicable

  15. …the card itself cannot be duplicated. but Card data can be duplicated…

  16. No Two Cards Are Alike!.. The random micro-particle structure of every magnetic stripe is unique This unique feature is a byproduct of the manufacturing process Every mag-stripe card has this feature

  17. Graphical Representation of an Original and Skimmed Card

  18. GHKG7890schzhc89^&^&TYz7Z&GZBlIUZY*&Z^GBILY(*&(*7yhy898HIUO8Y98SD7Y*y8769Y89yyuiy98789897df890s7fdds89f7hcusahca976789s76df89as7acha8sca89ysc8a9yccya89sdy8a9syda89dyh8&GHKG7890schzhc89^&^&TYz7Z&GZBlIUZY*&Z^GBILY(*&(*7yhy898HIUO8Y98SD7Y*y8769Y89yyuiy98789897df890s7fdds89f7hcusahca976789s76df89as7acha8sca89ysc8a9yccya89sdy8a9syda89dyh8& Each swipe – new password HKA*(CHJCHBHOC*(CHOIAHCOA*&(*AYHCYX*(YC(*C(*AYC()*&AYCIULACGI^&CRTI^AGCBO&*AYC*&(TCAO*&GC*&OAGC*O&GAC*O&A*G&A(CA(*PCH()*CY(HC*(Y09*)(*()*)(*)(*)UJ)*Y(*Y*&G*&GG& Gdhjagdhjkgcs8dict78igclho8 7r9w87vcpo98uy0960n pc98n opqwnp90nv9274pc8wyrnw89n6rcvlw83yv9s8v460b34tw93nv39w8ow38o984tyo9w386on9 w84t vo984tn ty8tmp84irt vbsdase3 !#&^%&^(*&(*^$%^&(*_)+_(*&&%%^$%$#$%#^%%&*^(*&)(*_)*)*^&%%^#$@@$$^*(&()*_*_)*)(&(^^*%&%$^#%^$#$(&^)(&_*_*_+*_*_(*(^^&%^#%#@#@$^^&*&(&*()(*_)*_)*(&&*^^&%%^$$%#$@#@$%%^& HGH&&A&A&&hs7sdyd8ddfjsdfgs0f98s0d9fsklfsjhf7sfaslkfjalkfhiuahfkajhfkjahfkjahfkjahfiuaysfiuahcauischiuaschiuwhiuhciuaschiuwcbiucbiubiuwbciuwfbiuwbfiuwehfiuwehfiuwehfieuhjkwhrjwhrjkwhrkjwhjkrhkj Cannot be repeated 010101011101010101010101010101011111011910101011901010101019101010101010101011091010101010101011010191910911919109101010101011010101101010110101010101010101010101010110 Cannot be duplicated Real-time forensics Device/Host Verification

  19. Strong Encryption Reduces card data loss from the system Dynamic Card Data Creates dynamic data with each swipe = Nothing to Steal Stops Counterfeit Cards from being approved = reduces Fraud Card Authentication

  20. We’ve got to out-innovatethe bad guyswith solutions that work, have staying power, are cheap to install, and simple to use.

  21. Read about the science and business aspects of the Magnetic Fingerprint (MagnePrint) at www.NoCardFraud.com If you like the elegance and security of this solution, please leave a public comment or blog about it to your constituents.

  22. Tom.Patterson@MagTek.comSecurity.Magtek.com 1.562.546.6315 For More Info…

More Related