Threat Intelligence Fraud Prevention in Digital Channels
Season 5 Episode 09
Transcript
Juan José Ríos (Host): We live in an increasingly connected world, where cybercriminals have refined their methods for attacking digital platforms. Fraud in digital channels has become one of the biggest challenges for organizations, especially in the financial sector.
This is where threat intelligence plays a key role: it helps us identify attack patterns, anticipate risks, and proactively protect both institutions and customers.
My name is Juan José Ríos. Welcome to Mundo Financiero Seguro, the podcast from Plus Technologies & Innovations.
Today we will explore a crucial topic for companies operating in digital environments: threat intelligence focused on fraud in digital channels.
Joining us are:
- Deepak Daswani, hacker, security expert, trainer, and speaker, from Tenerife, Spain.
- Álvaro Arzayus, Digital Fraud Prevention Product Manager at Plus TI, from Colombia.
Thank you both for joining us.
Juan José Ríos: Deepak, to begin with and to provide context for our audience: what is threat intelligence?
Deepak Daswani: Threatintelligence is a concept that has become increasingly important in recent years due to the evolution and sophistication of cyberattacks, especially those known as APTs (advanced persistent threats).
Essentially, it involves collecting, analyzing, and processing information about the techniques, tactics, and procedures used by cybercriminals. The goal is to provide security teams with a comprehensive overview of:
- Types of existing threats
- The vulnerabilities that are exploited
- The attack chain used to execute incidents
With this information, organizations can make better decisions to prevent and respond to attacks.
Juan José Ríos: What are the main types of threat intelligence?
Deepak Daswani: We generally talk about three levels:
- Strategic intelligence
It is high-level and aimed at executive management (CISO, CTO, COO, and steering committees). It presents threats in language that is understandable for strategic decision-making.
- Tactical intelligence
Describes the tactics, techniques, and procedures (TTPs) used by attackers. The MITRE Corporation framework and its ATT&CK matrix are key here.
This information is used by SOC analysts and operators of tools such as SIEM, firewalls, and endpoints.
- Operational intelligence
Delve into specific campaigns, attack vectors, and exploit chains. It is used by threat hunters, analysts, and incident response teams to contain ongoing attacks.
Juan José Ríos: Álvaro, why is threat intelligence so important in digital fraud?
Álvaro Arzayus: It is essential because it allows us to anticipate and identify threats before they cause significant damage.
In an environment where attacks are becoming increasingly sophisticated and constantly evolving, having up-to-date information on emerging threats is key to mitigating risks.
For example:
- Proactive anticipation and prevention: continuous analysis of the dark web, criminal forums, and botnets.
- Real-time detection: identification of anomalies using advanced algorithms and machine learning.
- Quick response: immediate activation of mitigation plans.
- Data correlation: integration of multiple sources to detect complex fraud.
A typical case is credential stuffing, where attackers use lists of stolen credentials to attempt to gain access to accounts on a massive scale.
Juan José Ríos: Deepak, what are the main threats of fraud in digital channels?
Deepak Daswani: Among the most relevant are:
- Targeted phishing, focused on stealing credentials and accessing online banking.
- Identity theft and social engineering scams.
- Ransomware, which has evolved into double extortion models: first they exfiltrate data and then encrypt the information.
- BEC (Business Email Compromise): fraud in which suppliers or executives are impersonated to divert financial transfers.
BEC is particularly dangerous because it can involve legitimate communications compromised following a prior intrusion.
Álvaro Arzayus:
Threat intelligence enables:
- Detect fraudulent activities at an early stage.
- Correlate seemingly isolated events.
- Prioritize vulnerabilities according to risk level.
- Monitor indicators of compromise (IoC) such as malicious IP addresses or anomalous behavior patterns.
This strengthens prevention before fraud impacts users.
Deepak Daswani:
- Integrate multiple sources: OSINT, criminal forums, fraud markets, ransomware sites, and internal data.
- Select relevant sources according to the organizational context.
- Clearly define the recipient of the intelligence (strategic, tactical, or operational).
- Normalize and structure data to facilitate analysis.
- Use appropriate tools to process large volumes of information.
Álvaro Arzayus:
- Take a proactive approach to data collection.
- Integrate intelligence with transactional monitoring solutions.
- Prioritize threats based on impact and risk.
- Automate incident responses.
- Continuously train security teams.
- Promote collaboration with third parties, government agencies, and industry groups.
Juan José Ríos: I would like to thank Deepak Daswani, from Spain, and Álvaro Arzayus, from Colombia, for this very enriching conversation.
Today we have explored how fraud-oriented threat intelligence in digital channels can become a powerful tool to protect both institutions and users.
The combination of proactive detection, advanced analysis, and rapid response is key to dealing with increasingly sophisticated attacks.
Thank you for joining us on this episode of Mundo Financiero Seguro, the podcast from Plus Technologies & Innovations.
I'm Juan José Ríos.
We will hear from you in the next episode.
