Professional Documents
Culture Documents
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
1
Attacks and CyberSecurity
CyberSecurity are things that are done to protect a person, organization,
or country and their computer information against crime or attacks carried
out using the internet:
https://dictionary.cambridge.org/dictionary/english/cybersecurit
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
2
Cybersecurity risk for banks
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
3
The Security Problem…
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
4
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
5
IT- Attacks, Cybersecurity
Host Backend
Connection
WAN
Frontend
W/LAN
Frontend Device
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
6
Layers of Attacks
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
7
Stakeholder risks
All stakeholder of payment processes are in principle potential victims for hacks. Weekest
point is the frontend meaning the customer of a bank. Clients are mostly not trained and
the security of front end devices is much less than for example of the equipment of a bank.
Reasons for attacks on client side are:
Through a broad spread of eCommerce solutions users users can`t be trained professional.
High level on security leads to additional costs and reduces somethimes the „easy to use“
process flow.
Since the client holds access codes to transfer value this creates risks:
During Authentication
During transfer of value to banks or other clients
During storage
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
8
Social Engineering
We define it as, “Any act that influences a person to take an action that
may or may not be in their best interest.” We have defined it in very broad
and general terms because we feel that social engineering is not always
negative, but encompasses how we communicate with our parents,
therapists, children, spouses and others.
https://www.social-engineer.org
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
9
Password-Based Attacks
Source: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/february/downgrade-attack-on-tls-1.3-and-
vulnerabilities-in-major-tls-libraries/
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
11
Sniffer Attack
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
12
Man in the middle attacks
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
13
Phishing
Phishing is typically carried out by email spoofing[4] or instant messaging,[5] and it often directs users to enter
personal information at a fake website, the look and feel of which are almost identical to the legitimate one.
Communications reporting to be from social web sites, auction sites, banks, online payment processors are often
used to pure victims. Phishing emails may contain links to websites that are infected with malware.]
The United States Computer Emergency Readiness Team (US-CERT) defines phishing as a form of social
engineering that uses email or malicious websites (among other channels) to solicit personal information from an
individual or company by posing as a trustworthy organization or entity. Phishing attacks often use email as a
vehicle, sending email messages to users that appear to be from an institution such as a banking or financial
institution through which the individual has an account.
The goal of a phishing attempt is to trick the recipient into taking the attacker’s desired action, such as providing
login credentials or other sensitive information. For instance, a phishing email appearing to come from a bank may
warn the recipient that their account information has been compromised, directing the individual to a website
where their username and/or password can be reset. This website is also fraudulent, designed to look legitimate,
but exists solely to collect login information from phishing victims.
These fraudulent websites may also contain malicious code which executes on the user’s local machine when a
link is clicked from a phishing email to open the website.
So phishing types are: Link manipilation, clone phishing, spear phishing etc.
Therefore a 2-Factor Authentication is mandatory for some processes as well as transaction verification and
signing
https://digitalguardian.com; https://en.wikipedia.org/wiki/Phishing#Techniques
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
14
Compromised-Key Attack
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
15
Reengineering of chip cards
Already simple chip cards can be used as storage media for public keys.
Source: https://www.youtube.com/watch?v=N6ZgYO-pbtg
http://gauss.ececs.uc.edu/Courses/c653/lectures/SideC/intro.pdf (whitepaper discretics)
Lepschies S 182 ff
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
16
Application-Layer Attack
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
17
Viruses 1/2
A virus is a fragment of code embedded in an otherwise legitimate program, designed to replicate itself ( by infecting
other programs ), and ( eventually ) wreaking havoc.
Viruses are more likely to infect PCs than UNIX or other multi-user systems, because programs in the latter systems
have limited authority to modify other programs or to access critical system structures ( such as the boot block. )
Viruses are delivered to systems in a virus dropper, usually some form of a Trojan Horse, and usually via e-mail or
unsafe downloads.
Viruses take many forms ( see below. ) Figure 15.5 shows typical operation of a boot sector virus:
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
18
Viruses 2/2
Some of the forms of viruses include:
File - A file virus attaches itself to an executable file, causing it to run the virus code first and then jump to the start of the
original program. These viruses are termed parasitic, because they do not leave any new files on the system, and the
original program is still fully functional.
Boot - A boot virus occupies the boot sector, and runs before the OS is loaded. These are also known as memory viruses,
because in operation they reside in memory, and do not appear in the file system.
Macro - These viruses exist as a macro ( script ) that are run automatically by certain macro-capable programs such as MS
Word or Excel. These viruses can exist in word processing documents or spreadsheet files.
Source code viruses look for source code and infect it in order to spread.
Polymorphic viruses change every time they spread - Not their underlying functionality, but just their signature, by which
virus checkers recognize them.
Encrypted viruses travel in encrypted form to escape detection. In practice they are self-decrypting, which then allows
them to infect other files.
Stealth viruses try to avoid detection by modifying parts of the system that could be used to detect it. For example the
read( ) system call could be modified so that if an infected file is read the infected part gets skipped and the reader would
see the original unadulterated file.
Tunneling viruses attempt to avoid detection by inserting themselves into the interrupt handler chain, or into device
drivers.
Multipartite viruses attack multiple parts of the system, such as files, boot sector, and memory.
Armored viruses are coded to make them hard for anti-virus researchers to decode and understand. In addition many files
associated with viruses are hidden, protected, or given innocuous looking names such as "...".
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
19
Denial-of-Service Attack
• Flood a computer or the entire network with traffic until a shutdown occurs
because of the overload.
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
20
…more about Secure Communication
Have a look on that:
https://www.cs.uic.edu/~jbell/CourseNotes/OperatingSystems/15_Security.html
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
21
Implementation of Cryptography
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
22
VPN
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
23
Protection Example: RCoBrSystem
(Remote controlled browser System)
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
24
Hardware Security Module
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
25
Backup
6/7/2020/Dr. Hermann
Sterzinger
Netzwerke für den Zahlungsverkehr
26