Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Business Process Compromise in Financial Institutes Kavya Kushnoor OBJECTIVES: Business Process Business Process Compromise Features of BCP Some detected malware names Examples of Infamous Attacks Precautionary Measures WHAT IS A BUSINESS PROCESS? It is a structural representation of the flow of activities in an organization and consists of stages and steps of a business process. These are unique for each industry and company. Example: Loan eligibility determination (in picture) WHAT IS A BUSINESS PROCESS COMPROMISE? It is a type of cyber attack where an attacker looks for loop-holes in business processes, vulnerable systems and susceptible practices which are handled by machines FEATURES OF BCP A susceptible business process which is completely automated and machine run Once a vulnerability is identified, the hacker manipulates the machine without the employee’s knowledge The employee trusts the policies to work as usual while the attackers have access to funds and valuable data The attacker is motivated by fraudulent financial gains Time taken to identify it is generally 5 months on average VARIANTS OF DETECTED MALWARE: TROJ_RATANKBA.A. BKDR_DESTOVER.ADU BKDR_DESTOVER.A TROJ_CVE20130074.B SWF_EXPLOYT.YYRQ TSPY64_BANKER.YWNQD BKDR64_KLIPODENC.ZHEB-A TROJ64_KLIPODLDR.ZHEB-A SOME INFAMOUS ATTACKS: 2016 Bangladesh bank incident Bank Install malware to manipulate communication ($81 million) Tien Phong Bank (Vietnam) ($1.3 million) Banco del Austro (Ecuador) ($12 million) Link SWIFT Communicatio n Lines Fed Reserve Bank of NY Requests fraudulent transfer of $$ Tamper with Printing system to avoid discovery of fund transfer PRECAUTIONARY MEASURES Secure network against malware using technologies like endpoint protection and security solutions System lockdown for critical applications Regular audit and analysis of policies Vendor evaluation and risk assessments Educate and train employees to detect abnormal behavior and social engineering attacks Features Link LINKS https://www.trendmicro.com/vinfo/us/security/research-andanalysis/predictions/2017 https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digitalthreats/security-101-business-process-compromise https://www.trendmicro.com/en_us/business/products/userprotection/sps.html?cm_mmc=VURL:www.trendmicro.com-_-VURL-_/us/enterprise/network-security/interscan-web-security/index.html-_-1:1 https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/polish-banksand-other-financial-organizations-hit-by-new-malware-attacks