BLOG

Web Fraud Solutions for Ever-Growing Malware Threats

Shahnawaz Backer 缩略图
Shahnawaz Backer
Published May 10, 2016

Introduction

Internet is revolutionizing the whole world. The Internet penetration at APAC is at average of 36% with countries like New Zealand at 91%, Singapore at 81 % and so on. Banking sector is not immune to the trend and is going digital. As per McKinsey Survey Digital Banking Consumers represent more than 700 million customers across Asia.

The chart below shows the penetration of Digital Banking in Asia as registered by McKinseys&Company.

Chart: Digital banking penetration (2014)

With the wide adoption of Digital Banking, the crooks have followed the money and financial institutions are top targets for cyber attacks. As per a report from Websense Security Lab, the average number of attack against financial services institution is four times higher than companies in other industries. Also the attacks are not limited to any specific region and are spread across the globe. The chart below list the top 10 countries by percentage of attacked users as per Kaspersky 2015 report, it clearly display Asia Pacific being a hot zone of activity.

https://securelist.com/analysis/kaspersky-security-bulletin/73038/kaspersky-security-bulletin-2015-overall-statistics-for-2015/

Despite the security threats the Digital Banking era is here to stay. In this article we discuss about mitigation strategy and option available to disrupt the attack targeted towards banking channels.

 

Deep Dive into Threat  

All financial institution takes due diligence in protecting their digital assets, with significant investments in technology to guard its datacenters be it on premise or on the cloud. With defense in depth, the crowned jewels are protected under layers on security, making it difficult to breach. Crackers have to discover Zero-days and advanced sophisticated techniques to break through the defense. On the other hand the endpoint used to access these digital services have little to no protection.  Security on user devices can be flawed by outdated operating systems, lack of antivirus, infected by drive-by-downloads etc. This provides the crackers a wide range on options to infect the machine and dilute the security in the App centric world of the Digital Era.   Cybercriminals do not need to be computer experts to cause this damage, the solution to infect and steal are available as software’s in the underground market. 

Chart displays why user and browser has become the sweet spot of attacks.

Toolset the Modern Malware Leverages on

Vector

Description

Form Grabbing & Key Loggers

Form Grabbers Captures sensitive data from the HTML form element before a user submits the request.

 

Key loggers listens to key strokes and record data for theft

 

RAT & Back Connect

These are remote administration tools, which provide the remote operator controls to system. A malicious RAT enters a users device as Trojan and will hide itself from security software on the device

Man In the Middle

In MITM, attacker dispatches the message between the browser and server, altering them in between to steal confidential information or hijack session

Man In the Browser

MITB attack stealthily modifies the webpage and transaction content invisible to both user and the host server

Mobile Malware

Trojans deployed with intention to steal SMS (defeating One Time Passwords), compromise the device DNS leading to leak of confidential information theft.

Understanding the malware

Modern malwares are written with on objective of stealing. Lets take a look the method of operation for one of the sophisticated malware Dyre.

  • The victim’s machine is infected by virtue of a spam campaign.
  • Once activated the malware hooks on to browser looking for users access to financial sites, and capturing login credentials. To deter second factor and additional risk based authentications, the malware displays html content with additional information required.
  • All captured content is sent to a drop zone, where the attacker can use the credentials

Staying Ahead of the Threat

To mitigate and control the threat of modern day malwares, organization needs to put in place technology to detect and deter. Following table display some of the common principles.

Principle

Definition

Malware Fraud Detection

 

Detecting the malwares running on the machine

Phishing Protection

 

Protect copying and taking down of fraudulent websites copied from the original one

Application-Level Encryption

 

Prevent interception of sensitive information transferred by users to organizations while it’s still in the browser

 

Transaction Protection

 

Protect against fraudulent dealings and suspicious activity with multi-layered transaction checks and risk scoring

 

Device and Behavioral Analysis

 

Distinguish between actual users and automated transactions initiated by scripts and bots to prevent fraudulent payments and transfers

 

Securing the Mobile App

 

Detects malware and jailbroken devices, protects against MiTM, keyloggers and fraudulent applications, and ensures information is rendered useless to attackers

 

A constant chase is on between good and bad. Technology is place (constantly changing) to defeat the modern day malwares. This technology can be broadly categorized as agent based vs. agent less solution.

 

Agent Based

Agent less solution

Hybrid Solution

Definition

The solution is delivered with an agent running on the desktop looking for attack signatures

Solution is delivered using web technology where JavaScript is used to detect the attack signature

A combination of a agent running on desktop and JavaScript is delivered along with the application

Strength

The agent runs on privilege on the desktop and has the capability to detect and mitigate attacks

Client less deployment provides greater coverage.

Protection cover is provided the moment it is turned on and doesn’t need any activation/installation by user

 A combination that provides the strength of both agent and agentless solution

Deployment

Mass rollout is required

No deployment needed on client side

Rollout needed for the agent solution

Coverage

Coverage is only to the user who are accessing the desktop where the agent is installed

Covers user coming from any machine

Covers user coming from all machine

Challenges

Deployment and mass rollout has problems with adoption.

 

A wide range of myriad operating system support also adds to the problem

 

Problem mitigation/ removal of malware is not available

Costlier, as usually protection provided by agentless deployment covers most scenarios with respect to detection and alerts

 

 

Conclusion

In the era where the gains from attacking the financial sector is high, organizations needs to be aware of the threat and be at the top of the game to deter malwares from causing financial and brand harm.

Resources