SlideShare uma empresa Scribd logo

Social Engineering in Banking Trojans: attacking the weakest link

J
Jose Miguel Esparza

Social Engineering is the art of obtaining confidential information through the manipulation of the people with this knowledge. This technique is based on the fact that human beings represent the weakest link in a secure system, as somebody usually knows how to access it. The idea being that it is easier to manipulate a person than the system itself. Online banking is no exception. In this case, the most vulnerable people are the users themselves, the end clients of the banks, and the objective is to access their accounts. Cybercriminals use Social Engineering through HTML Injections to cheat on users and obtain their credentials. In this presentation a demo was performed to detect HTML Injections in web browsers.

Tecnologia
1 de 72
Social Engineering in Banking Trojans Attacking the weakest link Jose Miguel Esparza Mikel Gastesi
Agenda • Social Engineering?? • Social Engineering + Malware • HTML Injections • Underground Market • Solutions??
Social Engineering?? • The art of… – … knowing how to handle people
Social Engineering?? • …or how to manipulate them
Social Engineering?? • …to Achieve an Objective – Information gathering – Buildings / Rooms access – Power – Material possessions – Others: flirting, favors…
Social Engineering?? • …to Achieve an Objective – Information gathering – Buildings / Rooms access – Power – Material possessions – Others: flirting, favors (sexual or not)…
• How? – Face to face – Phone / SMS – Mail – … • Used by – Politicians – Salesmen – Delinquents / Fraudsters – You and me Social Engineering??
Social Engineering??
Social Engineering?? • Take advantage of human nature – Feelings / emotions / state of mind – Behavior / personality
Social Engineering?? • Take advantage of human nature – Feelings / emotions / state of mind • Sadness • Fear • Rancor • Embarrassment • Happiness • Love • Hope – Behavior / personality
Social Engineering?? • Take advantage of human nature – Feelings / emotions / state of mind – Behavior / personality • Curiosity • Inocence • Honesty • Generosity • Gratitude • Avarice
Social Engineering?? • Take advantage of human nature – Feelings / emotions / state of mind – Behavior / personality • Tendency to trust
Social Engineering + Malware
Ransomware
Ransomware
Ransomware
Ransomware
Fake Antivirus
Banking Trojans • Images Overlapping • GUI Applications • Pharming • WebFakes • HTML Injections
Banking Trojans • Images Overlapping • GUI Applications • Pharming • WebFakes • HTML Injections
Banking Trojans • Images Overlapping • GUI Applications • Pharming • WebFakes • HTML Injections
GUI Applications
GUI Applications
Banking Trojans • Images Overlapping • GUI Applications • Pharming • WebFakes • HTML Injections
Banking Trojans • Images Overlapping • GUI Applications • Pharming • WebFakes  Phishings • HTML Injections
Banking Trojans • Images Overlapping • GUI Applications • Pharming • WebFakes • HTML Injections
HTML Injections
HTML Injections
HTML Injections VS WebFakes
Injections – How they work (I) • Trojan – Binary • Generic – Keylogging, form-grabbing, etc. – Stealing data silently – Configuration file • Specific affectation – Custom attack to entities – User interaction
Injections - How they work (II) • Configuration – Injecting where? – Injecting what? – Injecting when? • Flags: G,P,L
Injections - How they work (III) 1. URI found? 2. Obtain webpage 3. Find starting mark 4. Injection 5. Copy from the ending mark 6. Obtain data thanks to formgrabbing
Injections – How they work (IV)
Authentication Virtual Keyboard Code Card OTP Token SMS : mTAN PasswordID + 2FA
Bypassing Authentication • ID + Password + Operations Password
Bypassing Authentication • Virtual Keyboard – Injection is not necessary here
Bypassing Authentication • 2FA: Code Card
Bypassing Authentication • 2FA: SMS – Cheat on the user to infect his mobile phone • Always after login • Security Software simulation • Activation simulation • Profit from the ignorance of the threat
Bypassing Authentication • ZeuS + Mobile Component (I)
Bypassing Authentication • ZeuS + Mobile Component (and II)
Bypassing Authentication • SpyEye + Mobile Component (I)
Bypassing Authentication • SpyEye + Mobile Component (and II)
Bypassing Authentication • 2FA: Token – MitB Attack  It is NOT Social Engineering • Mobile Transfer warnings? – Let’s play “Simon says…” Demo
Affected countries
Affected Sectors
Underground Market • Binaries Market • Injections Market – Standardized – Single Injections – Full-package
Underground Market • Binaries Market • Injections Market – Standardized  ZeuS & co. / SpyEye – Single Injections – Full-package
Underground Market • Binaries Market • Injections Market – Standardized – Single Injections • Per countries and entities • 60 WMZ/LR (WebMoney / Liberty Reserve) • Package: 700-800 WMZ/LR • Update / Modification: 20 WMZ/LR – Full-package
Underground Market
Underground Market • Binaries Market • Injections Market – Standardized – Sólo inyecciones – Full-package • Botnet Renting + Injections • $400??
Underground Market
Underground Market • How do they create them? – Obtaining legit code from the banking pages – Injection creation – Testing
Underground Market • How do they create them? – Obtaining legit code from the banking pages – Injection creation – Testing
Underground Market • Obtaining legit code from the banking pages – Manual • Login + Dumping pages
Underground Market • Obtaining legit code from the banking pages – Automatic • Specific modules • Configuration file
Underground Market • Obtaining legit code from the banking pages – Automatic • Specific modules – Tatanga • Configuration file
Underground Market
Underground Market
Underground Market • Obtaining legit code from the banking pages – Automatic • Specific modules • Configuration files – ZeuS – SpyEye
Underground Market
Underground Market • How do they create them? – Obtaining legit code from the banking pages – Injection creation – Testing
Underground Market • How do they create them? – Obtaining legit code from the banking pages – Injection creation  SOCIAL ENGINEERING!! – Testing
Underground Market • How do they create them? – Obtaining legit code from the banking pages – Injection creation – Testing • Login • Screenshots • Video  Tatanga, Citadel
• Detection / Prevention • Information / Trainings • Common sense Solutions??
• Detection / Prevention – Client • Check HTML structure (DOM) – Server • Additional parameters • Dynamique pages  Avoid locating injection point Solutions??
• Detection / Prevention Solutions??
• Detection / Prevention • Information / Trainings • Common sense Solutions??
• Detection / Prevention • Information / Trainings • Common sense Solutions??
• Detection / Prevention • Information / Trainings • Common sense…is not so common Solutions??
Conclusions • If the user can make a transfer you will always be able to cheat on him and change the destination of the money • How would you cheat on the user by phone? Do it after the login, use a fake webpage, or even call him!
Questions??
¡¡Thanks!! Mikel Gastesi @mgastesi Jose Miguel Esparza @EternalTodo

Recomendados

Hacking-Basics
Hacking-BasicsHacking-Basics
Hacking-Basics
Gaurav Singh
 
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Techsylvania
 
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
Aditya K Sood
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its types
Sai Sakoji
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
Jayaseelan Vejayon
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)
Marta Barrio Marcos
 
hacking presentation
hacking presentationhacking presentation
hacking presentation
ravisarode2
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
Mehedi Hasan
 

Recomendados

Hacking-Basics
Hacking-BasicsHacking-Basics
Hacking-Basics
Gaurav Singh
 
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Techsylvania
 
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
Aditya K Sood
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its types
Sai Sakoji
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
Jayaseelan Vejayon
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)
Marta Barrio Marcos
 
hacking presentation
hacking presentationhacking presentation
hacking presentation
ravisarode2
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
Mehedi Hasan
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Muhanned Alaqili
 
Leone ct#1 presentation 1
Leone ct#1 presentation 1Leone ct#1 presentation 1
Leone ct#1 presentation 1
vincentleone
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security
Lokender Yadav
 
Computer Security
Computer SecurityComputer Security
Computer Security
Greater Noida Institute Of Technology
 
Crontab Cyber Security session 4
Crontab Cyber Security session 4Crontab Cyber Security session 4
Crontab Cyber Security session 4
gpioa
 
Information security Presentation
Information security Presentation Information security Presentation
Information security Presentation
dhirujapla
 
Red team Engagement
Red team EngagementRed team Engagement
Red team Engagement
Indranil Banerjee
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales
Ahmed Musaad
 
Cyber security
Cyber securityCyber security
Cyber security
PawanKalyanAmbati
 
Two-Steps to Owning MFA
Two-Steps to Owning MFATwo-Steps to Owning MFA
Two-Steps to Owning MFA
Sherrie Cowley & Dennis Taggart
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1
Abdelfatah hegazy
 
Introduction to hackers
Introduction to hackersIntroduction to hackers
Introduction to hackers
Harsh Sharma
 
Hacking
HackingHacking
Hacking
Jay Janodia
 
Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365
AntonioMaio2
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Goutham Shetty
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)
AT-NET Services, Inc. - Charleston Division
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
Jose L. Quiñones-Borrero
 
Refugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityRefugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on Security
Gianluca Varisco
 
Social engineering
Social engineeringSocial engineering
Social engineering
Robert Hood
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
MansoorAhmed57263
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
 

Mais conteúdo relacionado

Semelhante a Social Engineering in Banking Trojans: attacking the weakest link

E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1
Abdelfatah hegazy
 
Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365
AntonioMaio2
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
MansoorAhmed57263
 

Semelhante a Social Engineering in Banking Trojans: attacking the weakest link (20)

Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Leone ct#1 presentation 1
Leone ct#1 presentation 1Leone ct#1 presentation 1
Leone ct#1 presentation 1
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Crontab Cyber Security session 4
Crontab Cyber Security session 4Crontab Cyber Security session 4
Crontab Cyber Security session 4
 
Information security Presentation
Information security Presentation Information security Presentation
Information security Presentation
 
Red team Engagement
Red team EngagementRed team Engagement
Red team Engagement
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales
 
Cyber security
Cyber securityCyber security
Cyber security
 
Two-Steps to Owning MFA
Two-Steps to Owning MFATwo-Steps to Owning MFA
Two-Steps to Owning MFA
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1
 
Introduction to hackers
Introduction to hackersIntroduction to hackers
Introduction to hackers
 
Hacking
HackingHacking
Hacking
 
Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 
Refugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityRefugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on Security
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
 

Último

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Último (20)

WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Social Engineering in Banking Trojans: attacking the weakest link