Detecting External Imposters
on an e-Banking Application

Detected malicious activities

A group of attackers succeeded via social engineering to target several customers and obtain individual credentials (including OTPs), bypassing the MFA process. The attackers then logged into the application as legitimate customers and succeeded to perform (several) money transfer transactions (even receiving the OTP required to approve money transfer transactions from targeted victims).

Rule-based systems employed by the bank were not able to detect many of these attacks, and in fact generated several false positives.

User journey analyzed

The sequence of activities performed by a customer in an application session (a journey was created per application session).

Process and assumptions

TrackerIQ learned typical journeys in the e-banking application for each customer, and each customer journey was compared to typical journeys learned for this customer. The underlying assumption is that the attacker’s journey in the e-banking application is different from a customer’s typical journeys.

TrackerIQ Analysis Results (over 12 months monitoring of log data)

~750 journeys were flagged as suspicious
98% of malicious money transfers were detected by TrackerIQ, many of which had not been detected by the bank’s rule-based system

TrackerIQ Benefits

Quick initial tuning of the detection model using historical data, including detection of past suspicious activities
Continuous monitoring of customer activities as a compensation control to attackers succeeding to bypass MFA mechanisms and other authentication mechanisms controls, such as OTP
Few alerts (averaging around 2 alerts per day) allow analysts to focus on true suspicious activities
An easy-to-use investigation tool for the business analyst

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others

Detecting External Imposters
on an e-Banking Application

Detected malicious activities

User journey analyzed

Process and assumptions

TrackerIQ Analysis Results (over 12 months monitoring of log data)

TrackerIQ Benefits

Industry

Application type

Application usage

Data analyzed

Your tech stack’s detection is incomplete without TrackerIQ

SIEM and rules aren’t enough

Detecting External Imposters on an e-Banking Application

Detected malicious activities

User journey analyzed

Process and assumptions

TrackerIQ Analysis Results (over 12 months monitoring of log data)

TrackerIQ Benefits

Industry

Application type

Application usage

Data analyzed

Your tech stack’s detection is incomplete without TrackerIQ

SIEM and rules aren’t enough

Detecting External Imposters
on an e-Banking Application