14 DAY TRIAL // In the past months we’ve seen that financial malware evolved greatly, being permanently improved to ensure that its masters end up with tons of banking information swiped from unsuspecting Internet users.
Most of the financial malware that lately dominated the threat landscape was covered in detail by Trusteer researchers, who not only explained how some of these Trojans operate, but also offered some great advice.
Oren Kedem, Director of Product Marketing for Trusteer was kind enough to offer us an interview in which we discussed, among other things, the role of banks in the mitigation of such threats and the differences between profit-driven hackers and hacktivists.
Softpedia: A lot of hacktivists have been arrested in 2012, but many experts say that they are not by far as dangerous as the profit-driven hackers that launch campaigns using malware such as Carberp, Ice IX and Shylock. What’s your opinion on this?
Oren Kedem: We agree, unlike hacktivists "profit-driven hackers" are well-funded organized crime groups that are very successful at perpetrating financial fraud (online banking, credit card).
They have advanced technical skills, tools and funding. We see them expanding into other forms of cyber fraud such as targeting corporate intellectual property for example.
Softpedia: Some pieces of financial malware place themselves between the man and the browser, some simply infect a machine waiting for the user to “hand them over” sensitive information. Another category relies on fake Facebook webpages to dupe users into handing over money. Have you noticed any other technique that’s used lately?
Oren Kedem: Yes, we are seeing more and more post transaction attacks. These are performed after a fraudulent transaction has been submitted. They hide the evidence of the fraud from the victim to circumvent banking validation processes.
For example, a recent attack we discovered changed the balance in the victim's online account statement page to hide the theft.
Another used malware to "update" the victim's phone number of record with the bank to redirect phone calls to the attacker in order to steal SMS messages that contain One-Time-Passwords (OTP) used to validate transactions.
Softpedia: In January you detailed the way the Carberp Trojan tries to fool users into handing over Ukash. Why do crooks prefer digital currency?
Oren Kedem: We suspect they don't prefer it, but rather they are "diversifying their business". Also online banking fraud requires money mules to access stolen cash and forward it to attackers. This is a costly setup. Digital currency eliminates this set, since it is similar to credit card fraud!
Softpedia: We know that Synovus Bank is working with Trusteer on preventing cybercrime. What mechanisms can be implemented by financial institutions to secure online transactions?
Oren Kedem: The first layer of defense is end point protection against financial malware and fraud, such as Trusteer Rapport product.
A second layer is a clientless solution (running on the online banking side) that detects malware and phishing events BEFORE they are submitted, we have a product called Trusteer Pinpoint that does this. It allows financial institutions to mitigate attacks in real time.
Softpedia: How important is the customers’ contribution to the safety of online transactions? Would you say that the bank has a 50% responsibility and the other 50% depends on the customer?
Oren Kedem: Without considering the legal or contractual aspects, financial services providers should educate their customers about online banking threats and recommend best practices to fight them.
They should also provide the customers with security that allows them to safely access the online banking web site. Of course, customers need to do their part by installing and using security tools, and following a few simple rules to avoid falling victim to online banking fraud.
Softpedia: Financial malware is becoming more sophisticated by the minute. Can security solutions providers keep up with the constant improvements?
Oren Kedem: To achieve sustainable cybercrime prevention vendors must keep up with the ever changing threat landscape.
Vendors need to be proficient in two related disciplines: First, intelligence on emerging threats must be gathered in real time and analyzed to identify the underlining Crime Logic (criminal tactics).
Second, countermeasures that detect, remove and block these threats must be immediately developed and deployed in the endpoint and clientless protection layers.
Softpedia: Any advice for our readers on how to avoid falling victims to pieces of malware that target their bank accounts?
Oren Kedem: 1. Make sure to install the bank provided security solutions on every desktop.
2. Any new requests for personal information (phone number, live chat, etc.) that occur during online banking sessions should be validated with the bank. Customers should pick up the phone and call the bank to ensure that the bank is actually requesting the information.
3. Any unsolicited requests for this type of information should be viewed with suspicion. Customers should always validate these requests by calling the back directly.
Softpedia: How can Trusteer solutions protect users against financial malware? What is their strong point compared to other commercial products?
Oren Kedem: Trusteer delivers Adaptive Protection to provide a sustainable approach to protect against online banking fraud. We combine real-time endpoint and clientless protection with expert analysis of global real-time intelligence to quickly detect and stop emerging attack tactics (“Crime Logic”).
By focusing on a finite number of Crime Logic footprints (criminal tactics) irrespective of a specific signatures and files, Trusteer can stop threats that are undetectable by legacy security systems like antivirus applications.
Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile.