Download Business Process Compromise

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
Document related concepts

Anglo Irish Bank hidden loans controversy wikipedia , lookup

Fractional-reserve banking wikipedia , lookup

Transcript 
Business Process Compromise in Financial Institutes
Kavya Kushnoor
OBJECTIVES:
Business Process
Business Process Compromise
Features of BCP
Some detected malware names
Examples of Infamous Attacks
Precautionary Measures
WHAT IS A BUSINESS PROCESS?
It is a structural
representation of the flow of
activities in an organization
and consists of stages and
steps of a business process.
These are unique for each
industry and company.
Example: Loan eligibility
determination (in picture)
WHAT IS A BUSINESS PROCESS COMPROMISE?
It is a type of cyber attack where an attacker looks for loop-holes
in business processes, vulnerable systems and susceptible practices
which are handled by machines
FEATURES OF BCP
A susceptible business process which is completely automated and
machine run
Once a vulnerability is identified, the hacker manipulates the
machine without the employee’s knowledge
The employee trusts the policies to work as usual while the
attackers have access to funds and valuable data
The attacker is motivated by fraudulent financial gains
Time taken to identify it is generally 5 months on average
VARIANTS OF DETECTED MALWARE:
TROJ_RATANKBA.A.
BKDR_DESTOVER.ADU
BKDR_DESTOVER.A
TROJ_CVE20130074.B
SWF_EXPLOYT.YYRQ
TSPY64_BANKER.YWNQD
BKDR64_KLIPODENC.ZHEB-A
TROJ64_KLIPODLDR.ZHEB-A
SOME INFAMOUS ATTACKS:
2016 Bangladesh bank incident
Bank
Install malware to manipulate
communication
($81 million)
Tien Phong Bank (Vietnam)
($1.3 million)
Banco del Austro (Ecuador)
($12 million)
Link
SWIFT
Communicatio
n Lines
Fed
Reserve
Bank of
NY
Requests fraudulent
transfer of $$
Tamper with Printing system
to avoid discovery of fund
transfer
PRECAUTIONARY MEASURES
Secure network against malware using technologies like endpoint
protection and security solutions
System lockdown for critical applications
Regular audit and analysis of policies
Vendor evaluation and risk assessments
Educate and train employees to detect abnormal behavior and
social engineering attacks
Features Link
LINKS
https://www.trendmicro.com/vinfo/us/security/research-andanalysis/predictions/2017
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digitalthreats/security-101-business-process-compromise
https://www.trendmicro.com/en_us/business/products/userprotection/sps.html?cm_mmc=VURL:www.trendmicro.com-_-VURL-_/us/enterprise/network-security/interscan-web-security/index.html-_-1:1
https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/polish-banksand-other-financial-organizations-hit-by-new-malware-attacks
Related documents
TrendMicro Titanium - A New Concept in Security by Ira Wilsker
TrendMicro Titanium - A New Concept in Security by Ira Wilsker
Do you know someone may be watching you?
Do you know someone may be watching you?
the Presentation
the Presentation
slides - University of Cambridge Computer Laboratory
slides - University of Cambridge Computer Laboratory
Emsisoft Internet Security
Emsisoft Internet Security
Threats – dangers on the web - Youth of Europe connect to a "Right
Threats – dangers on the web - Youth of Europe connect to a "Right
Panoptes: Detecting Malware Activity in Home Networks Sarthak Grover, Nick Feamster Problem Panoptes
Panoptes: Detecting Malware Activity in Home Networks Sarthak Grover, Nick Feamster Problem Panoptes
TNS03%20Introduction%20to%20Network%20Security
TNS03%20Introduction%20to%20Network%20Security
U.S. History
U.S. History
Summary of Trustworthiness Research at IU
Summary of Trustworthiness Research at IU
instruction form – double growth bond 4
instruction form – double growth bond 4