3. Hackers don’t care who you are.
They just care how rich you can make them.
4. PROACTIVE VS REACTIVE SECURITY
4
Recon Footprinting Gaining Access Maintaining
Access
Erasal of Logs
REACTIVE APPROACH
Firewall
/WAF/IDS/IPS
AntiVirus / DLP
Tools Forensic ToolsCYBER INTELLIGENCE
PROACTIVE APPROACH
A successful cyber attack involves different steps including, reconnaissance, footprinting, gaining
access, maintaining access and erasal of logs. Present conventional tools of the industry have a
reactive nature; being able to respond only when the attack has already been conducted.
On the other hand, the Cyber Intelligence approach aims to respond before the attack turns
into a real threat.
5. RISK IN ON-LINE GAMBLING INDUSTRY
Risk = (Probability
of the accident
occurring) X
(Expected loss in
case of the
accident)
6. REACTIVE SECURITY APPROACH
Most of the conventional
methods / tools / instruments
that are used to fight
cybercrime are mainly
REACTIVE solutions.
When these reactive
solutions, despite being also
important, are called for
duty… it’s already too late.
7. WHY REACTIVE SECURITY METHODS FAIL?
Customers want to deposit and withdraw money easily
ID Verification should not take too much time
Customers don’t want to share personal information
Device authentication mostly becomes ineffective since hackers use the
corresponding compromised devices to access stolen accounts.
Second factor authentications are hard to manage
Online gaming scripts are complex | Complexity is the enemy of security
Call centers and support staff need to access information but no security
metrics are defined in employment process
The gambling services are a system involving the exchange of money
that lends itself to money laundering.
9. ON-LINE GAMBLING:
THREATS
9
Most Important security problems of
On-line Gambling can be summarized
as follows:
Gaming Software Flaws and
Automation
Stolen Credit Cards
Web-App Vulnerabilities
Account Hijacking
Insider Threats
Social Engineering
Service Interruption
10. ON-LINE GAMBLING THREATS:
GAMING SOFTWARE FLAWS I
10
Due to the rapid expansion of online gaming market, online
gaming has quickly created its own black market.
Thanks to the huge amounts of stolen currencies that have
been laundred by hackers successfully, more and more hackers
have turned their heads towards online gambling.
Due to the stolen money laundering capabilities of hackers
with the use of online gambling, thousands of hackers and
cyber-fraudsters have targeted online gaming and
automation systems, for the purpose of finding a flaw that
may be exploited as a vulnerability.
16. ON-LINE GAMBLING THREATS:
STOLEN CREDIT CARDS I
16
Most practised form of cyber fraud
for the last 15 years: purchase, sale,
usage and laundering of stolen credit
cards.
Result: creation of a billion dollar
black market.
Mainly using credit cards as a
payment instrument, online gaming
and gambling sites have always
been, and will most assuredly be
targeted in the future for the
purpose of stealing credit cards.
18. ON-LINE GAMBLING THREATS:
WEB-APP VULNERABILITIES I
18
Nearly each and every
online gaming and gambling
site in the world is subject to
continuous vulnerability scans
and exploit trials.
On the other hand, what is
very little known is that these
newly found vulnerabilities
(even very simplistic ones) are
continuously shared and sold in
the underground.
21. ON-LINE GAMBLING THREATS:
ACCOUNT HIJACKING I
21
Hackers steal accounts of online
gambling users for the purpose of:
Laundering money, as these
accounts have a higher trust rate in
the eyes of online anti-fraud
mechanisms.
Stealing the credits that these
accounts may have.
Distributing stolen online currencies
for the purpose of annonymization.
23. ON-LINE GAMBLING THREATS:
INSIDER THREATS
23
Apart from the external
threats, online gambling
industry shall also be
deemed vulnerable against
insider threats.
Due to the availability of
annonymization as well as
digitalization of monetary
assets; the sector is truly
prone to insider threats.
24. ON-LINE GAMBLING THREATS:
SOCIAL ENGINEERING I
24
Social engineering has proven itself to be the most simplistic, yet one of the
most powerful hacking methods than can be performed.
Call centers and helpdesks at online gambling and gaming platforms are
usually trained for helping and assisting the members.
Unfortunately, this makes these platforms the perfect environment for
attackers to deceive the operator.
Especially, following social engineering methods are continuously targeted
against online casino platforms:
Call center attacks
Phishing attacks
Document Forgery
26. SOLUTION?
26
Although problems seem to be complicated and varied: a proactive solution is possible.
And this is what we call: The Cyber Intelligence.
Cyber-Intelligence technology is based on acquiring actionable
information from the other side of the fence.
27. CYBER INTELLIGENCE APPROACH
Thus, large scale cyber attack campaigns,
worldwide organizations of hacktivist groups
and growing cyber war initiatives of
governments have changed the scope of cyber
security arena.
These newly evolving types of threats have
brought the requirement for a completely
different approach towards security:
Cyber Intelligence.
BANKING SECURITY INNOVATION OF THE YEAR
28. CSD & G-PACT (“THE TEAM”): CYBER INTELLIGENCE - I
Being an award winning technology (Retail Banker International London 2015 – Banking Security
Innovation of the Year), THE TEAM relies on a truly unique technology: deep web monitoring sensors.
Deployed in a custom manner according to credentials and specifications of each G-PACT member, these
sensors monitor the underground and notify each TEAM member about the following:
Risky data-leaks about the Client (corporate data, user data, customer data, etc.)
Upcoming Cyber-attack Campaigns; (latest attacking methods, current plans about latest attacks,
newly evolving attack-trends);
Latest Malware Examples (Specific to the Client’s industry/sector and activities);
Stolen User Credentials Intelligence
Stolen ID and Passport Intelligence
Stolen Payment Accounts (Paypal, Moneygram etc.)
29. THE TEAM: CYBER INTELLIGENCE - II
Aside from being the most innovative Cyber-
Intelligence approach of this complex domain
arena, THE TEAM is also reinforced with:
Actionable Cyber Intelligence Notifications,
Industrial Cyber Threat Sharing
Capabilities,
High-end brand-protection detection/
termination/notification services.
30. THE TEAM: CYBER CRIME INTELLIGENCE - I
Most of the cyber crime activity is defined as a cyber crime operation when:
The attack has been carried by a team or any other organized group
The attack has been designed to be sustainable and continuous.
THE TEAM cybercrime response (CR) team continously monitors these advanced large-scale
threats and analyzes each element of these fraudulent attempts.
Each cybercrime operation is meticulously analyzed in terms of its:
Suspects
Tools
Methods
Motivation
These findings are reported to all relevant members of THE TEAM Platform in maximum 2
hours period following detection of the operation.
30
33. THE TEAM: MALWARE INTELLIGENCE - I
Malware Intelligence is one of the most niché areas of Cyber Intelligence.
Critical infrastructures are targeted by thousands of new malware examples every day. Yet,
only a few of these attack tools can be identified beforehand.
Unlike the common misconception; antivirus scanners have very little to do with actual
protection of your organizations. Especially when it comes to critical sectors, tools and techniques
of attackers can easily penetrate through most firewalls, antivirus software, and any other
security precaution which may or may not be implemented.
THE TEAM provides its members with actual examples of latest malware development
affairs of attackers, directly from the underground.
Deep Web Sensors® technology of PRODAFT-CSD, is more than able to acquire samples of
all newly-developed Botnet or similar malware.
Before being shared with members of THE TEAM Platform, each of these malware samples
are analyzed in terms of their Capabilities and Affiliates (C2) Servers.
33
35. THE TEAM: DATA LEAKAGE INTELLIGENCE - I
35
Without your knowing, critical information about your organization, employee, clients or
affiliated partners can be leaked and spread throughout the cyber underground.
Even though some of these information may seem unimportant; they can be used
efficiently by high-end attackers to carry out advanced and complex cyber attacks and
other espionagé operations.
THE TEAM uses PRODAFT-CSD’s Deep Web Sensors® technology to automatically
monitor the underground for detecting any data leakage involving THE TEAM member
organizations.
Some of the most-commonly detected examples of data leakage are as follows:
Stolen passport / identity scans;
E-mail address / password pairs;
Account credentials;
Corporate accounts for intra-organizational online services.
Confidential corporate documents.
37. THE TEAM: ON-LINE CASINO CREDENTIALS INTELLIGENCE - I
37
Especially advanced attackers and cyberfraud groups target online
gambling credentials of casino clients to steal the balance on the
victims’ account by means of underground money-laundering services
and shell companies.
These online banking credentials are stolen by attackers by means of
Phishing Sites,
Large-scale Botnets,
Malicious Internet Banking applications on mobile stores and
markets.
39. THE TEAM: PHISHING AND
BRAND PROTECTION INTELLIGENCE - I
39
Despite seeming less-important and easily applicable by attackers, phishing
has become one of the most commonly used methods of cyber-fraud.
THE TEAM relies on its specifically crafted automatized phishing systems,
which are able to detect and respond to phishing campaigns automatically.
In the previous year, THE TEAM has eliminated a total of 12.000 phishing
sites / applications. This figure is higher than all other anti-phishing / brand
monitoring solutions in the industry, combined.
Apart from phishing sites and campaigns, THE TEAM monitoring sensors
wander throughout the web, mobile application markets and social media
platforms for any malicious / fraudulent site/file/name/trace that may
damage the reputation of its members.
41. THE TEAM: BOTNET INTELLIGENCE / BLACKLIST
41
PRODAFT-CSD’s botnet sinkhole systems;
automatically penetrates into large-scale
BotNets of attackers to reveal infected IP
addresses that are under control of the
attacker.
These Infected IP addresses are shared with THE
TEAM members inside the scope of “Users under
Potential Threat” blacklist.
Thanks to Botnet Blacklist Intelligence service;
THE TEAM’s member organizations are able to
detect, if any of their incoming visitors have
been infected by a BotNet; and restrict / limit
their access or implement additional measures
to prevent further losses.
42. THE TEAM: FRAUD METHOD INTELLIGENCE
42
Each day, cyber attackers and
fraudsters come up with news ways of
laundering / transferring money from
stolen credit cards, bank accounts and
other online payment systems.
THE TEAM Operators continuously scan
the underground, and look for newly
emerging methods of cyber-fraud and
money laundering, in order to notify
THE TEAM Members about latests
trends of cyber-fraud.
43. THE TEAM: STOLEN
ID/PASSPORT INTELLIGENCE
43
Currently, THE TEAM has previously deployed
working sensors which acquire stolen ID /
passport information from the underground
and provide this intelligence to major banking
companies.
These IDs and Passports are also widely used for
Online Gambling fraud.
THE TEAM can be configured to provide online
gambling organizations with specific stolen
passport/ID information involving a specific
country or on an international level.
As of 2016, THE TEAM has detected more than
2.100.000 stolen passport / ID.
44. THE TEAM: PENETRATION TESTING
44
Of course penetration testing is another, yet,
very important form of proactive security
measures.
On the other hand most of the «penetration
tests» as we know it, are not more than
commercialized IT services that lack true hacker
perspective.
Therefore, all penetration testing efforts shall be
performed by unorthodox crews consisting of
ethical hackers that have true «outside the box»
hacking knowledge…. rather than an IT guy at
the far-end of the world, that presses «Start»
button of a vulnerability scanner.
45. THE TEAM: CONCLUSION I
45
Truly proactive solutions are required for an efficient fight
against cyber-fraud, especially in online gambling.
When the attacker arrives at your door, its already too late.
Only a very - very - minor percentage of losses are actually
realized.
Cyber-underground is evolving and expanding more rapidly
than conventional security does..
Attackers already know, and laught at, most of the
automatized security / fraud prevention systems that we
already have in place.
46. THE TEAM: CONCLUSION - II
46
IF YOU WANT “TO BE SECURE” RATHER THAN “TO FEEL SECURE”,
BE PROACTIVE!
Thank You!