slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Ataques Cibernéticos ao Setor Financeiro PowerPoint Presentation
Download Presentation
Ataques Cibernéticos ao Setor Financeiro

Loading in 2 Seconds...

play fullscreen
1 / 23

Ataques Cibernéticos ao Setor Financeiro - PowerPoint PPT Presentation

  • Uploaded on

Ataques Cibernéticos ao Setor Financeiro. 15 de Maio de 2013. Marco Souza. The Cyber Threat Landscape. Number of connected devices be more numerous than computers at least 5 to 1, growing geometrically. An Overview. The number of mobile subscriptions will

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

Ataques Cibernéticos ao Setor Financeiro

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Ataques Cibernéticos ao Setor Financeiro

15 de Maio de 2013

Marco Souza

the cyber threat landscape
The Cyber Threat Landscape

Number of connected devices be more numerous than computers at least 5 to 1, growing geometrically.

An Overview

The number of mobile subscriptions will

Soon overtake the world’s population


Cyber Threat Landscape


Organized Crime

  • Motivation: Make Money
  • Methods: Very mature underground economy supporting every facet of cyber criminal activity


  • Motivation: Seek Publicity to their Geopolitical agenda
  • Methods: Disruption and Defacement

Cyber Terrorism

  • Motivation: Instill fear to have targets comply with demands or ideology
  • Methods: Currently using Cyber to “Enable” their programs (Recruit, Incite, Train, Plan & Finance). But there is growing concern they can easily acquire “Disruptive” and possibly “Destructive” capabilities.


  • Motivation: Political and Technological advantage to improve self interests
  • Methods: Advanced operations to target specific individuals to gain a foothold into target’s infrastructure. Once a foothold is established, adversary is very patient to perform reconnaissance and methodically plan their attack. Often leaving back doors to re-establish access to the target in case their primary means is identified and mitigated.

Cyber Threat Landscape

Profiling threat actors


Source: Verizon The 2013 Data Breach Investigations Report -


Cyber Threat Landscape

Actor and Variety Categories

Threat actor categories

Variety of external actor

Source: Verizon The 2013 Data Breach Investigations Report -


Organized Crime

Sophisticated Attacks

  • Recent attacks show increased knowledge and understanding of the technology, infrastructure and systems of their victims
  • The amount of knowledge the attacker can obtain on their victim is increasing at lightning speed making these threats more severe each day
  • Bad Actors are going after customers, suppliers, and third parties in addition to direct attacks

Current Threat Levels

•FS-ISAC maintained its advisory level at HIGH

•Symantec maintained its threat level at ELEVATED

•iDefense maintained its threat meter at ELEVATED

state affiliated


Motivation: Intellectual Theft


Nortel Communications

New York Times, Washington Post







Saudi Aramco

United States









Growth of Offensive Cyber Program Trends

  • Newly created Cyber Command establishes 3 teams who could carry out offensive cyberattacks on foreign nations if the United States were hit with a major attack on its own networks given expressed terrorist interest in cyber
  • First time the Obama administration has publicly admitted to developing such weapons for use in wartime
  • James R. Clapper Jr warned Congress that a major cyberattack on the United States could cripple the country’s infrastructure and economy
  • Clapper suggested that such attacks now pose the most dangerous immediate threat to the United States, even more pressing than an attack by global terrorist networks.

Source: New York Times



Growth of Offensive Cyber Program Trends



cyber terrorism
Cyber Terrorism


  • Exhibiting ‘Enabling’ capabilities
  • In 2012, moving from ‘Disruptive’ to ‘Destructive’ capabilities

Global anonymous participants

Target: Government and Multinational corporations

Al Qassam Cyber Fighters


Target: US Banks


Several core members identified

Target: CIA, Sony, Nintendo


Cyber Terrorism



Operation Ababil Update

  • The Al-Qassam Cyber Fighters have sustained its attacks on financial institutions, including retail banks and credit card, investment, and insurance providers
    • Additional targeting of technology service providers associated with the financial industry
    • Attack code also focused on Verisign
  • Multiple previously unobserved scripts and targeting have occurred
    • Continuing observations of the botnet emphasized alternation and updating of DDoS tools
  • Postings continue related to the “Innocence of Muslims” trailer

Source: iSIGHTPartners 8



Operation Ababil Update

  • Since early September 2012, the Financial Service sector has been the target of an escalating series of DDoS Attacks.
    • Attacks “ended” on January 22, 2013, however after a brief hiatus, began again on March 5, 2013
  • From Dec 11, 2012 to Jan 10, 2013
    • 140 ‘distributed denial-of-service’ attacks against banks
    • 34 banks victimized – up to 23 in one day

Organized Crime - Hacktivists/Terrorism

DDoS Attack on Spamhaus with Broad – Financial Impact

  • •The latest DDOS attacks are much more powerful because the bots are data center servers which contain more processing power and have access to greater data center size bandwidth.
    • –Normal DDoS attacks observed in 2012 averaged around 10-50 Gbps and today‟s attacks are starting to average closer to the range of 300 Gbps.
  • •Ordinary internet users are starting to see more of an impact as they may go through the same data centers and infrastructure that are being attacked in more sophisticated campaigns, whom ultimately that have direct effects on ISP‟s and Internet Exchanges.
    • –The Spamhaus campaign caused direct congestion to the London, Amsterdam, Frankfurt, and Hong Kong Internet Exchanges.
data breach atm skimmers
Data Breach – ATM Skimmers

Organized Crime

  • Biggest payouts are Data Breaches
    • Heartland Payment Systems– Processes 100 millioncard transactions per month for 175,000 merchants

Cyber Threat

Data Breach Regulations

New Zealand

Office of the Privacy Commissioner’s Privacy Breach Guidance Material


Federal Law for Protection of Personal Data in Possession of Individuals and It's Implementing Regulations


The Data Protection Act 1988 (the “1988 Act”), as modified by the Data Protection (Amendment) Act 2003 (the “2003 Act”)

Personal Data Security Breach Code of Practice (Guidance)


"The Central Bank of The Bahamas NoticeRe: Reporting of Material Events and Incidents of Fraud"


"BANKING ACT 1959 - SECT 62A (1B)"


Law of Ukraine “On Personal Data Protection”


Decree No. 414/009


Federal Act concerning the Protection of Personal Data (DSG 2000)


Circular CBFA 2009 17_ April 7 2009


"Bank Indonesia Regulation Number : 9/15/PBI/2007 Regarding the Risk Management Implementation for the use of Information Technology by Commercial Banks"


Proper Conduct of Banking Business Information Technology Management


Regulation on the processing of personal data (Personal Data Regulations)


Personal Information Protection and Electronic Documents Act (PIPEDA); Alberta Personal Information Protection Act; British Columbia Personal Information Protection Act; Quebec- Act Respecting the Protection of Personal Information in the Private Sector

Citi Canada Policy - Breach Notification.pdf

United States

Gramm-Leach-Bliley Act (GLBA) - Section 501(b) and the Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice (12 CFR Parts 568 and 570)

United Kingdom

• Notification of Data Security Breaches to the Information Commissioner’s Office


No: 01/2011/TT-NHNN Regulation on the prudence and confidentially of the Informatics Technology System in Banking Activity

Hong Kong

Office of the Privacy Commissioner for Personal Data, Hong Kong ,Guidance on Data Breach Handling and the Giving of Breach Notifications (June 2010).


"Bank Negara Malaysia, Guidelines on Management of IT Environment (GPIS 1)"


"Guidelines for Personal Information Protection in the Financial Business (the “Financial Guidelines”) "


"Oficio No. 119-2008 OficioEnviado a Bancos, Sociedadesfinancieras, AlmacenerGenerales de Deposito, Entidades Off Shore, EmpresasEspecializadas en serviciosFinancieros Y casas de BolsaOffice Memorandum No. 119-2008 Submitted to Banks, Finance companies, General Almacener Storage, Offshore Entities, companies specializing in financial services and brokerage firms"


"Act No. 428/2002 Coll. On Protection of Personal Data, as amended by the Act No 602/2003 Coll., Act No 576/2004 Coll. And the Act No. 90/2005"


Personal Information Protection Act (the "Act"), amended May 10, 2010, Article 12**


"PBOC Notice on Further Strengthening the Reporting of Critical Event for Financial Institutions (Shanghaiyinfa(2011) No.40) Issued on Feb 23, 2011


Instructions of internal control systems no (35/2007) issued by the central bank of Jordan pursuant to the stipulations of article (45/a) of the central bank’s law and article (99/b) of the banking law


Circular CSSF 11/504


Finansinspektionen's (The Swedish Financial and Supervisory Authority) General Guidelines regarding Reporting of Events of Material Significance;




Federal Data Protection Act (BDSG)


Marco Civil

Direitos e Deveresna Internet

O Marco Civil da Internet é um projeto de Lei que visa estabelecer princípios, garantias, direitos e deveres para o uso da Internet no Brasil, , garantindo os direitos fundamentais previstos na Constituição com medidas para preservar a liberdade de expressão e a privacidade.

Atualmente, ele tramita na Câmara dos Deputados sob o número PL 5403/2001 (Era PL 2126/2011).

  • Polêmicas:
  • Tratamento dos pacotes e conteúdos na transmissão.
  • Guarda de logs facultativo
  • Responsabilidade dos provedores em relação ao conteúdo de terceiros.

Crimes Eletrônicos e a Nova Lei

InvasãoFísica e Eletrônica



Crimes Eletrônicos e a Nova Lei

Lei 12.737/12 – Lei Carolina Dieckmann

Art. 154-A. Invadir dispositivo informático alheio, conectado ou não à rede de computadores, mediante violação indevida de mecanismo de segurança e com o fim de obter, adulterar ou destruir dados ou informações sem autorização expressa ou tácita do titular do dispositivo ou instalar vulnerabilidades para obter vantagem ilícita:

Pena - detenção, de 3 (três) meses a 1 (um) ano, e multa.

  • Crime de Invasão
  • Criação e Disseminação de Código Malicioso
  • Invasão + Prejuízo (Aumenta a penaem 1/3)
  • Obtenção Indevida e Controle Remoto
  • Divulgação de Dados ou Informações
  • InterrupçãoouPerturbação
  • Falsificação de Cartão de Crédito ou Débito


Alguns Números

  • O Brasil perde quase R$ 16 bilhões por ano com ciberataques, média de prejuízo por usuário de R$ 562.
  • No mundo o prejuízo chega a US$ 110 bilhões por ano, com média de US$ 200 por usuário.
  • No Mundo 556 milhões de pessoas sofreram com algum tipo de crime cibernético. No Brasil, são 28,3 milhões as vítimas.
  • Os ataques são cada vez mais direcionados ao mundo móvel e às redes sociais
    • 32% dos brasileiros já foram vítimas de uma infecção móvel ou através de redes sociais.
    • 44% dos usuários brasileiros já receberam uma mensagem de texto em seu celular oriunda de desconhecidos e pedindo que clicassem num link ou discassem para um número
    • 23% dos usuários de redes sociais no país já tiveram seus perfis invadidos, e outros 12% já foram contaminados com malware via phishingenviados via redes sociais.
  • 42% dos usuários adultos on-line no país (40% no mundo) simplesmente não sabem que um vírus pode atuar de forma bem discreta no computador

Fonte: Norton/Symantec



Organização e colaboração

The mission of the FS-ISAC, in collaboration with the U.S. Department of Treasury and the Financial Services Sector Coordinating Council , is to enhance the ability of the financial services sector to prepare for and respond to cyber and physical threats, vulnerabilities and incidents, and to serve as the primary communications channel for the sector.

APWG is the global industry, law enforcement, and government coalition focused on unifying the global response to cyber crime through development of data resources, data standards and model response systems and protocols for private and public sectors.

The Anti-Phishing Working Group (APWG) and National Cyber Security Alliance (NCSA) led the development of the STOP. THINK. CONNECT. campaign. The U.S. Department of Homeland Security provides the Federal Government's leadership for the STOP. THINK. CONNECT. campaign.


Ataques Cibernéticos ao Setor Financeiro