This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Anti-Malware Project - Awareness Program"
(→What is Banking Malware) |
(→Actions to take for mitigating the Malware Attack Process) |
||
Line 51: | Line 51: | ||
=== Actions to take for mitigating the Malware Attack Process === | === Actions to take for mitigating the Malware Attack Process === | ||
− | Containing the number of infected customers | + | ==== Containing the number of infected customers ==== |
− | Awareness (e.g. Remember to the users about Antivirus programs) | + | * Awareness (e.g. Remember to the users about Antivirus programs) |
− | Check for software updates and potentially exposed customers | + | * Check for software updates and potentially exposed customers |
− | Monitoring for Anomalies | + | * Monitoring for Anomalies |
− | Unhide the Infection | + | ==== Unhide the Infection ==== |
− | Tell to your customers about the infections | + | * Tell to your customers about the infections |
− | Use systems for detecting compromised clients | + | * Use systems for detecting compromised clients |
− | Have in place a security response process to assist customers | + | * Have in place a security response process to assist customers |
− | Counterfeat the Stealing of Auth credentials | + | ==== Counterfeat the Stealing of Auth credentials ==== |
− | Resilient Authentication | + | * Resilient Authentication |
− | Inform the user about their own operations | + | * Inform the user about their own operations |
− | Multi factor and Multi channel | + | * Multi factor and Multi channel |
− | Against the Remote Storaging of Auth Credentials | + | ==== Against the Remote Storaging of Auth Credentials ==== |
− | Identification and Alerting about Dropzones | + | * Identification and Alerting about Dropzones |
− | Dropzone security response | + | * Browser Sand boxing |
− | + | * Dropzone security response | |
− | Against Cashing Out | + | ==== Against Cashing Out ==== |
− | Mule accounts monitoring | + | * Mule accounts monitoring |
− | Monitor money transfer sources | + | * Monitor money transfer sources |
− | Monitor and correlate sources for any disposal operation | + | * Monitor and correlate sources for any disposal operation |
== Evaluate your organization == | == Evaluate your organization == |
Revision as of 16:47, 3 January 2012
Introduction
What is Banking Malware
What is Banking Malware Awarness Program
How Banking malware deals with Web Application Security
Banking Malware Attack Process
The process involving Malware attack require the subsequent verification of each of the following steps to be successful. We consider an attack to be successful if the attacker obtain a financial gain from the initial client attack. The very steps (e.g. Infection of clients) usually do not involve the Banking infrastrucure, while others are tightly connected to it. Attackers absolutely need the functionalities offered by the hacked online bank accounts to do cash outs.
From user infection to cash out
(Image is missing)
This is a chain of required steps. Attackers need to perform successfully each of these for turning the attack into a monetary gain. For this reason the process can be reasonably stopped at any level. As in other cases a defense in depth approach is suggested to be effective against the weakest link of each part of the attack.
Infection of clients and pcs
- Exploitation of client side vulnerabilities (during internet browsing)
- Spam (Infection delivered via Email)
Hiding The Infection and creating the Permanent threat
- Packers
- Modded Builds
- Rootkit (and Bootkit)
Stealing of Auth credentials
- KeyLogging and Form Grabbing
- Video Grabbing
- WebInjects
Storing of Auth credentials
- Standard Dropzone
- Fast Flux Based
- Instant Messaging and P2P network
Hiding The Operations
- Data Tunnelling
- Modification of Contact Details
- User Interface Restoring
Cashing Out
- Money Transfer
- Mobile Phone Charge
- Pump and Dump
Countermeasures
General strategy
- Narrowing the attack surface
- Identification
- Blocking
- Recovering
Actions to take for mitigating the Malware Attack Process
Containing the number of infected customers
- Awareness (e.g. Remember to the users about Antivirus programs)
- Check for software updates and potentially exposed customers
- Monitoring for Anomalies
Unhide the Infection
- Tell to your customers about the infections
- Use systems for detecting compromised clients
- Have in place a security response process to assist customers
Counterfeat the Stealing of Auth credentials
- Resilient Authentication
- Inform the user about their own operations
- Multi factor and Multi channel
Against the Remote Storaging of Auth Credentials
- Identification and Alerting about Dropzones
- Browser Sand boxing
- Dropzone security response
Against Cashing Out
- Mule accounts monitoring
- Monitor money transfer sources
- Monitor and correlate sources for any disposal operation