Future Banking And Financial Attacks

Presented at DeepSec 2013 „Secrets, Failures, and Visions“, Unknown date/time (Unknown duration).

Dark days for infosec may be ahead. Cyber attackers have only gotten more daring this decade, encouraged by the headline-generating successes of hacktivists and APTs. Now security professionals are scrambling to stay ahead, with organizations of all types operating in an environment where breaches are the expectation. Financial organizations are particularly at risk, as "doing it for the lulz" takes a backseat to international cyber warfare and digital organized crime. Attackers are going where the money is. Konstantinos has specialized in hacking banking and financial applications for nearly a decade. Join him for a look at the most recent attacks that are surfacing, along with coming threats that financial organizations will likely have to contend with soon. Here are the four major areas covered, with some example attacks in each: Advanced User Enumeration and DDoS Surprisingly few organizations go out of their way to protect user IDs. Attackers will soon be using this easily obtained information to perform sophisticated brute force attacks, massive account lockouts (a new DDoS), and diversionary attacks hiding other exploits. Trading Turret and Timing Attacks The past few years have shown that attackers are often hired to disrupt competitors. A look at local and network-based attacks that could cost competitors millions of dollars in milliseconds. Internal User Attacks and APTs Attackers are only beginning to fully exploit what it means to have an internal foothold in an organization. Future APTs will enable massive, simultaneous attacks on end user accounts and funds. External User Attacks and MitE New breeds of malware will allow for complete fraudulent actions and theft to occur right on the victim's machine. Forget about sniffing passwords and traffic--attackers will increasingly focus on transfers occurring right from trusted sessions and IP addresses via Man in the Endpoint attacks.

Presenters:

  • Konstantinos Karagiannis - BT
    Konstantinos Karagiannis is the Practice Technical Lead for Ethical Hacking in BT Advise Assure. He has extensive experience performing application and network assessments and penetration tests, and specializes in financial applications. He has spoken at dozens of technical conferences around the world. Konstantinos began as a Physics major before finding his way into the world of hacking.He enjoys probing how everything works, from programs to particles.

Links:

Similar Presentations: