Financial Cyber-Threat Briefing will present:
- an overview of the most common and latest attack vectors affecting online banking and other financial online services;
- strategies and methodologies for addressing growing risks in this domain;
- and demonstrate some of latest untraceable exploits as well as solutions to stop them.
According to Verizon 2014 Data Breach Investigation Report Zeus continues to be a favourite way to make a buck with crime-ware in 2013. Zeus and its offspring, Citadel, primarily focus on stealing money via bank account takeovers, though they can also be used for other functions.
According to ENISA Threat Landscape 2013 report web based attacks are predominant with respect to other cyber threats, cybercriminals use malicious URLs as the primary vector to serve malware meanwhile Java is the most exploited application.
EY’s 13th Global Fraud Survey of over 2,700 executives across 59 countries highlights that while respondents believe emerging risks are not being taken seriously enough, nearly half of them consider cybercrime a low risk.
PWC’s latest CyberSecurity technical report (link) highlights the average cost of the worst breach of the year appears to have significantly increased, to £35,000 - £65,000 for small businesses and £450,000-£750,000 for large organisations
In not-so-shocking news, Zeus continues to be a favourite way to make a buck with crimeware in 2013. Zeus and its offspring, Citadel, primarily focus on stealing money via bank account takeovers, though they can also be used for other functions.
14.30 to 15:00 Registration and welcome
15.00 to 16:15 Keynote Presentations
16:15 to 16:30 Networking Break
16:30 to 17:15 Live Demos
17:15 to 18.00 Networking Drinks Reception
Emerging Cyber-Threats Targeting Financial Institutions
This presentation will share research carried out on the root causes of security incidents caused by attacks from emerging threats such as malware banking. The session will provide practical examples of instances of compromises causes by various threat agents and provide an in depth analysis of methods and attacks vectors employed against online banking applications. The scope of this analysis will be to analyse the threats, simulate attacks and identify flaws in application architecture that can be prioritised for remediation. To simulate the attack, modelling techniques such as the attack kill chain and attack trees will be shown. The goal of this session is to provide information security officer’s examples of processes, methodologies and risk frameworks that can be used to identify countermeasures to mitigate emerging threats.
Speaker: Marco Morana, SVP Technology Risks & Controls, Citi
Cyber Crime: extending an already loose perimeter
"EY’s 13th Global Fraud Survey (http://www.ey.com/GL/en/Newsroom/News-releases/news-pervasive-global-corruption-leaves-boards-struggling-to-cope) of over 2,700 executives across 59 countries highlights that while respondents believe emerging risks are not being taken seriously enough, nearly half of them consider cybercrime a low risk."With cybercrime expanding its reach and reaching new hights, companies struggle with the basics, from supporting cybercrime initiatives to failing to understand what to protect from whom. We'll go through a brief panorama of the issues and point some useful directions to follow.
Speaker: Massimo Cotrozzi, Assistant Director - Fraud Investigation & Dispute Services Practice, Ernst & Young.
Overview of Online Banking Malware & Countermeasures
This session will present how attackers currently identify and exploit web vulnerabilities on financial institution websites to stealing credentials. Giorgio will also demonstrate how compromised customer PC’s can compromise online transaction platforms an overview of the technology being used for prevention. Finally Giorgio will present a new technology “AMT Banking Malware Detector” that allows banks to identify users infected with malware before they become victims of fraud.
Speaker: Giorgio Fedon, COO, Minded Security & OWASP Lead.
Preventing In-Browser Malicious Code Execution
Speaker: Stefano Di Paola. CTO, Minded Security & OWASP Project Lead
Marco Morana, SVP Technology Risks & Controls, Citi
Marco Morana serves the OWASP organization as project lead and member OWASP London chapter. In his current professional role, Marco is SVP at Citigroup in London, U.K. where he is responsible of managing information security governance, risk and compliance of architectural significant programs globally. Marco contributions to OWASP include the application threat modelling methodology of the OWASP secure coding guide the introduction to the security testing methodology and the OWASP security testing guide. As project leader, Marco is the primary author of the OWASP Application Security Guide for CISOs. As project reviewer, Marco contributed to review the OWASP Source Code Review Project and OWASP Security Analysis of Core J2EE Design Patterns Project. Marco has presented on the topic of software and application security at several local chapter meetings and OWASP organized conferences in USA and Italy as well as at CSI and Blackhat security conferences. Marco's work on application and software security has been published on In-secure magazine, Secure Enterprise, ISSA Journal and the C/C++ Users journals well as DHS Software Security Assurance and is currently co-authoring a book on Application Threat Modelling. Marco is also mentor for security start ups hosted at the level 39 incubator in London and is member of the technical board of advisers of the security start up company Nok Nok Labs Inc.
Massimo Cotrozzi, Assistant Director - Fraud Investigation & Dispute Services Practice, Ernst & Young
Massimo is an Assistant Director in the Fraud Investigation & Dispute Services practice, focusing on cybercrime, data breach investigations, network Intrusion, incident response and computer and network forensics.
Massimo has extensive experience in supporting Corporations as well as Law Enforcement, Military Intelligence and Defence. He has been active in protecting from Cyber attacks and Digital Frauds and has performed a number of forensics activities and expert witness testimonies for entities in all sectors, including many FTSE 100 businesses and governmental organisations and agencies.
Giorgio Fedon, COO & Co-Founder, Minded Security
Giorgio Fedon is the COO and a co-founder of Minded Security, where he is responsible for running daily operations of the company and managing Professional Services. Prior to founding Minded Security, Giorgio was a senior penetration tester and code auditor. As a long-time experienced penetration tester he has solid system and application security knowledge. He is also specialized in finding and exploiting new vulnerabilities in prominent software and this is both for passion and to stay ahead of the new threats and exploitation techniques before are found and disclosed publicly. He participated as speaker in many international events talking mainly about web security and malware obfuscation techniques.
Stefano Di Paola, CTO & Co-Founder, Minded Security
Stefano Di Paola is the CTO and co-founder of Minded Security, where he is Head of Research and Development Lab. In the last 7 years Stefano presented several cutting edge research topics, such as DOM based XSS runtime taint analysis, Expression Language Injection, Http Parameter Pollution, ActionScript Security that lead him to be in the Top Ten Web Hacking Techniques initiative for 5 consecutive years (2007-2011). He also published several security advisories and open source security tools such as SWFIntruder, DOMinator and contributed to the OWASP testing guide. Stefano is Research & Development Director of OWASP Italian Chapter.
LEVEL 39. One Canada Square
Canary Wharf, London E14 5AB
SANDBOX 2 & 3, “SPACE 39”
Level 39 is Europe’s largest technology accelerator space for finance, retail and future cities technology companies. Occupying the entire 39th floor of the iconic One Canada Square building, and established by Canary Wharf Group plc, Level39 was opened on 18th March 2013 by Boris Johnson, Mayor of London, and has quickly become an important part of Tech City- having hosted over 100 events, including hackathons, skunkworks and demo-days. Members at the Canary Wharf incubator network with experienced entrepreneurs, technology investors, and industry experts in order to accelerate their traction and access to markets.
Level39 is a space for early-stage businesses that have potential for high-growth. Members are looking to create, test, market and deliver scalable world-class financial, retail and future cities technology products and services.
Registrations are CLOSED.
For further enquiries please contact us.
London: +44 20 3322 9095
Paris: +33 9 707 30003
Johannesburg: +27 8 7550 4648
Sao Paulo: +55 313 95 60606
Mexico City: +52 8141 707 161