The art of the cashout: the evolution of attacks on payment systems

Presented at VB2019, Oct. 3, 2019, 2 p.m. (30 minutes).

The risk-reward calculation of an attack on an institution's payment system nets a huge payoff if successful. Over the last few years, these attacks have become more commonplace and seem to be constantly evolving. The intrusions demonstrate advanced technical skills and creative methods of cashing out. The attacks show again how attackers are investing in being able to manipulate parts of the banking system with the regular appearance of new malware, and increasingly seem to be co-ordinating with other criminals, particularly when it comes to the post-intrusion cashout. This presentation will cover heists seen in 2018 and 2019, details of the newest malware used by the attackers, trends in tooling and techniques, further evidence of the potential nature of their relationship with other criminal groups, and what might come under attack next.

(This is an invited talk)


Presenters:

  • Saher Naumaan - BAE Systems Applied Intelligence
    Saher Naumaan Saher Naumaan is a threat intelligence analyst at BAE Systems Applied Intelligence. She currently researches state-sponsored cyber espionage with a focus on threat groups and activity in the Middle East. Saher specialises in analysis covering the intersection of geopolitics and cyber operations, and regularly speaks at public and private conferences around the world, including SAS, Virus Bulletin and Bsides. Prior to working at Applied Intelligence, Saher graduated from King's College London with a Master's degree in intelligence and security, where she received the Barrie Paskins Award for Best M.A. dissertation in war studies. @saffronsec
  • Irving Méreau - SWIFT
    Irving Méreau Irving joined SWIFT in 2007 and has held various positions within IT. Irving has been Head of Customer Security Intelligence at SWIFT since January 2018. As Head of Customer Security Intelligence, Irving is responsible for the forensic investigation and analysis of malware identified on compromised customer systems. The result of these investigations, combined with the analysis of threat intelligence specifically related to SWIFT customers, is used to inform SWIFT's customers on how they can better protect their local SWIFT infrastructure against cyber-attacks.

Links:

Similar Presentations: