1 © Copyright 2013 EMC Corporation. All rights reserved.

Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist

RSA, The Security Division of EMC

2 © Copyright 2013 EMC Corporation. All rights reserved.

2013

3 © Copyright 2013 EMC Corporation. All rights reserved.

3 in 4

4 © Copyright 2013 EMC Corporation. All rights reserved.

5.900.000.000 $

5 © Copyright 2013 EMC Corporation. All rights reserved.

RSA’s Top 10 List…

6 © Copyright 2014 EMC Corporation. All rights reserved.

RSA’s top 10 phishing list…

7 © Copyright 2014 EMC Corporation. All rights reserved.

Netherlands compared overall

8 © Copyright 2013 EMC Corporation. All rights reserved.

Trend#1: Mobile Threats Become More Sophisticated and Pervasive

TREND1 INTH3WILD

9 © Copyright 2013 EMC Corporation. All rights reserved.

1,000,000,000 total number of smartphones sold in

2013

Source: IDC Worldwide Quarterly Mobile Phone Tracker, January 2014

10 © Copyright 2013 EMC Corporation. All rights reserved.

1 BILLION Android-based smart phones

estimated to be shipped in 2017

Source: Canalys Smart Phone Report, June 2013

11 © Copyright 2013 EMC Corporation. All rights reserved.

1,000,000 number Apps in Google Play

Source: Sundar Pichai, speaking at a Google breakfast briefing, July 2013

12 © Copyright 2013 EMC Corporation. All rights reserved.

1.400.000 malicious Android apps in ‘13 Jumped from 350.000 in 2012

Source: TrendMicro TrendLabs

13 © Copyright 2013 EMC Corporation. All rights reserved.

300

530

Mobile bankers in 2012 Mobile bankers in 2013

+76%

Personal Finances

Source: Juniper Research

14 © Copyright 2013 EMC Corporation. All rights reserved.

Mobile Threats

15 © Copyright 2013 EMC Corporation. All rights reserved.

For Malware Distribution

For Phishing Scams

Malicious apps

are posing as

legitimate apps BANK

16 © Copyright 2013 EMC Corporation. All rights reserved.

Games

17 © Copyright 2013 EMC Corporation. All rights reserved.

Supply chain infection

18 © Copyright 2013 EMC Corporation. All rights reserved.

$350

SMS Sniffers

19 © Copyright 2013 EMC Corporation. All rights reserved.

$5K and up

Perkele

20 © Copyright 2013 EMC Corporation. All rights reserved.

IBanking

iBanking Mobile Bot

21 © Copyright 2013 EMC Corporation. All rights reserved.

Mtoken

mToken

22 © Copyright 2013 EMC Corporation. All rights reserved.

Trend#2: Malware Gets More Sophisticated

TREND3 INTH3WILD

23 © Copyright 2013 EMC Corporation. All rights reserved.

Stealthier, more durable botnets Botnets are being created that behave as similarly as possible to legitimate software

Hosting a botnet’s command-and-control center in a Tor-based network

Cybercriminals are building more resilient peer-to-peer botnets, populated by bots that talk to each other, with no central control points

An alternative business continuity–led approach involves controlling a botnet from a mobile device using SMS messages.

24 © Copyright 2013 EMC Corporation. All rights reserved.

Tutorials & Trainings…

25 © Copyright 2013 EMC Corporation. All rights reserved.

ChewBacca: POS Malware

26 © Copyright 2013 EMC Corporation. All rights reserved.

Trade in vulnerabilities

27 © Copyright 2013 EMC Corporation. All rights reserved.

Stegano-Zeus and more variants to come

28 © Copyright 2013 EMC Corporation. All rights reserved.

Trend#3: Cybercriminals increase effectiveness and add

more services

TREND5 INTH3WILD

29 © Copyright 2013 EMC Corporation. All rights reserved.

$1/acct

Facebook Accounts

30 © Copyright 2013 EMC Corporation. All rights reserved.

Facebook Ads

31 © Copyright 2013 EMC Corporation. All rights reserved.

Bitcoin stealer

32 © Copyright 2013 EMC Corporation. All rights reserved.

$8/hr

DDos Attacks for rent

33 © Copyright 2013 EMC Corporation. All rights reserved.

Wanna be “liked”?

34 © Copyright 2013 EMC Corporation. All rights reserved.

Big Data Analytics

35 © Copyright 2013 EMC Corporation. All rights reserved.

Criminals & Big Data

36 © Copyright 2013 EMC Corporation. All rights reserved.

Criminals & Big Data

37 © Copyright 2014 EMC Corporation. All rights reserved.

Market Disruptors

Infrastructure Transformation

Mobile Cloud

Less control over access device and back-end

infrastructure

Threat Landscape Transformation

APTs

Sophisticated Fraud

Fundamentally different tactics, more formidable than ever

Business Transformation

More hyper-extended, more digital

Extended Customer Base And Workforce

Networked Value Chains

Big Data

38 © Copyright 2014 EMC Corporation. All rights reserved.

Existing Tools Lack Visibility into Criminal Behavior

User Application Network

• WAF • Penetration Testing • Dynamic Scanning • Log Analysis/SIEM • Source Code Analysis

• Firewall • IPS/IDS

• 2 Factor Authentication • Device ID • Passwords

39 © Copyright 2014 EMC Corporation. All rights reserved.

Evolving Fraud Threat Landscape

Web Threat Landscape

• Layer 7 DDoS Attacks • Man in the Middle/Browser • Password Cracking/Guessing • Parameter Injection • New Account Registration Fraud • Advanced Malware (e.g. Trojans)

• Account Takeover • New Account Registration Fraud • Promotion Abuse • Unauthorized Account Activity • Fraudulent Money Movement

Begin Session

Login

Transaction

Logout In the Wild

• Phishing • Rogue Mobile App • Site Scraping • Vulnerability Probing

40 © Copyright 2014 EMC Corporation. All rights reserved.

In a Constantly Evolving Environment Fraud Evolves so MUST the Response

We must focus on people, the flow of data and on transactions

A New Security World

41 © Copyright 2014 EMC Corporation. All rights reserved.

Adaptive Controls adjusted dynamically based

on risk and threat level

Advanced Analytics provide context and

visibility to detect threats

Information Sharing actionable intelligence from trusted sources

Risk Intelligence thorough understanding

of risk to prioritize activity

Intelligence-Driven Security Risk-based, contextual, and agile

42 © Copyright 2014 EMC Corporation. All rights reserved.

Balance Security and Convenience

Reduce Fraud & Account Takeover

Gain Visibility and Context

Risk-Based Detection

Distinguish Between a Customer or Criminal

Trusted Identities, Actions and Transactions

RSA Fraud & Risk Intelligence

43 © Copyright 2014 EMC Corporation. All rights reserved.

RSA Fraud & Risk Intelligence Solutions Securing Online User Life Cycle

Begin Session

Login

Transaction

Logout In the Wild

FraudAction

Web Threat Detection (Silver Tail)

Transaction

Monitoring

Adaptive

Authentication

Web Threat Landscape

Adaptive

Authentication

for eCommerce

44 © Copyright 2014 EMC Corporation. All rights reserved.

Begin Session

Login

Transaction

Logout In the Wild

FraudAction

Web Threat Landscape

Securing Entire Online User Lifecycle

• Gain Visibility into Cybercrime Underground • Detect Phishing and Trojan Attacks • Identify Fake Mobile Apps

45 © Copyright 2014 EMC Corporation. All rights reserved.

Begin Session

Login

Transaction

Logout In the Wild

Web Threat Detection

Web Threat Landscape

Securing Entire Online User Lifecycle

• Real Time Visibility into Pre and Post Login Activity • Detect User and Group Anomalous Behavior • Identify Precursors to Fraud

46 © Copyright 2014 EMC Corporation. All rights reserved.

Begin Session

Login

Transaction

Logout In the Wild

Adaptive Authentication

Web Threat Landscape

Securing Entire Online User Lifecycle

• Transparent Risk Based Authentication • Challenge Only High Risk Logins • Collective Fraud Intelligence Sharing • Balance Cost, Risk and Convenience

47 © Copyright 2014 EMC Corporation. All rights reserved.

Begin Session

Login

Transaction

Logout In the Wild

Transaction Monitoring

Web Threat Landscape

Securing Entire Online User Lifecycle

• Transparently Monitor Transactions • Identify High Risk or Anomalous Activities • Mitigate Against Advanced Trojan Attacks • Collective Fraud Intelligence Sharing

48 © Copyright 2014 EMC Corporation. All rights reserved.

Begin Session

Login

Transaction

Logout In the Wild

Adaptive Authentication for Ecommerce

Web Threat Landscape

Securing Entire Online User Lifecycle

• Transparently authenticates 3D Transactions • Identify High Risk or Anomalous Activities • Mitigate Against Advanced Trojan Attacks • Collective Fraud Intelligence Sharing

49 © Copyright 2014 EMC Corporation. All rights reserved.

80

00

+ B

an

ks

, C

ard

Is

su

ers

,

ISP

s, F

ee

din

g P

art

ne

rs

The RSA Layered Approach

Anti-Phishing Anti-Trojan Anti-Rogue App

eFraudNetwork

AA / TM AAecom Web Threat Detection

Threat Intel Anti-Fraud Command Center

Fraudulent IP addresses, Device Fingerprints, Mule Accounts

50 © Copyright 2014 EMC Corporation. All rights reserved.

RSA Proven Fraud Prevention • 8,000 + Global Customers protected by eFraudNetwork

• 500 Million Devices & Credit Cards Secured

• $7.5 + Billion Fraud Losses Prevented

• Over 800,000 Cyber Attacks Shutdown

• 50+ Billion Transactions Protected

Trust in the digital world

51 © Copyright 2014 EMC Corporation. All rights reserved.

Big Data Transforms Security

Vincent van Kooten Vincent.vankooten@rsa.com

Thank You!

52 © Copyright 2012 EMC Corporation. All rights reserved.

STANDING TOGETHER