Threat Modeling of Banking Malware-Based Attacks
[Pages:54]Threat Modeling of Banking Malware-Based Attacks
OWASP
AppSec EU, June 10th 2011 Trinity College
Dublin Ireland
Marco Morana (OWASP Cincinnati) & Tony Ucedavelez (OWASP Atlanta/Versprite Inc)
Copyright 2011? The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.
The OWASP Foundation
Agenda For Today's Presentation
PART I: Threat Scenario of Hacking and Malware
PART II: Presenting The PASTATM Risk Based Threat Modeling Methodology
PART III: Use of PASTATM for the analysis of threats, attacks and the managing of risks posed by banking-malware
OWASP
2
PART I ? Malware and Hacking: The Threat Scenario
OWASP
3
The Threat Landscape
The threat landscape of cyber attacks has changed dramatically in the last ten years:
Attackers are now financially motivated examples include theft of credit card data for sale, fraud of bank accounts
Attackers are part of organized crime that includes gangs of fraudsters, corporate spies, cyber-terrorist groups
Attackers are targeting financial businesses because is where the money is
SOURCE: Cisco: Threat Control and Containment: New Strategies For A Changed Threat Landscape
OWASP
4
Hacking and Malware Threats Stats
Are the most common threat actions for 2010 data breaches
Include the top three attack vectors
Source: Verizon Data Breach investigation Report:
OWASP
5
Hacking and Malware Attack Paths & Targets
Web applications are the attack path sought for the highest percentage of data records breached
The top 5 types of data sought by attackers are credit card and authentication data
Source: Verizon Data Breach investigation Report:
OWASP
6
The Threat Actors Behind Hacking & Malware
Source: Verizon Data Breach investigation Report:
CyberCrime & Doing Time A Blog about Cyber Crime and related Justice issues:
OWASP
7
The New vs. the Old or Dr Jerkill/Mr Hyde vs. Sherlock Holmes
OWASP
8
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- how to make a minecraft hacked client 1 12
- basic suicide prevention safety planning
- hack different pwning ios 14 with generation z bugz
- minecraft hack client download bedrock
- 90 days a ciso s journey to impact
- breakout 4 stir of echoes law firm lessons from the
- cybercrime interpol
- ethical hacking of a robot vacuum cleaner
- threat modeling of banking malware based attacks
- bgp vulnerability testing separating fact from fud v1
Related searches
- colorado division of banking regulations
- colorado division of banking website
- colorado division of banking pdpa
- new york department of banking and insurance
- department of banking and insurance nj
- texas department of banking regulations
- division of banking florida
- list of banking institutions
- list of banking transactions
- virginia department of banking and finance
- journal of banking and finance
- department of banking texas