ENISA Warns Banks: Assume All PCs Are Infected

After analyzing the “Operation High Roller” report recently published by McAfee and Guardian Analytics, the European Network and Information Security Agency (ENISA) has determined that such attacks reveal the existence of major security gaps.

ENISA representatives highlight the fact that cybercriminal campaigns that target online banking sites are not really a novelty.

However, Operation High Roller stands out of the crowd because the attacks are targeted, sophisticated and highly automated.

The cyberattacks described by McAfee start with the identification of victims with high balance accounts. Then, banking malware such as ZeuS, Ice IX or SpyEye is pushed on to the targeted computers.

These malicious elements help the crooks make fraudulent transactions from the victims’ accounts to their own, and then to mules from abroad.

ENISA believes that such schemes could be prevented if financial institutions would simply assume that all the PCs that belonged to their customers were infected with a malicious element. By doing so, they could implement protection mechanisms that blocked such attacks.

According to the agency, banks should rely on trusted channels, or trusted devices, to “cross check with the user the value and destination of certain transactions.” It’s well known that two-factor authentication can be easily bypassed by launching a man-in-the-middle or man-in-the-browser attack on transactions.

Another recommendation made by ENISA refers to global collaboration in terms or prevention and response. If Computer Emergency Response Teams (CERTs), EU member countries and law enforcement organizations would work together better, the command and control centers used by the cybercriminals in their operations could be taken out easier.

Banks have already started implementing more sophisticated security mechanisms, but the fact that Operation High Roller was so successful in so many parts of the world shows that there’s still a lot of work to be done.