Protect Your Clients From Man-in-the-browser and Zeus Malware Attacks

Evolving forms of computer malware are successfully attacking the systems of large multinational organisations, as well as targetting online banking channels. A discussion about secure online identities is therefore a matter of priority for all those who are responsible for treasury management, e-crime, fraud monitoring, information security, information assurance and compliance. Indeed, it’s an urgent issue for all executives who have a duty to raise awareness of these operational risk management challenges within their boardrooms.

A recent paper from the FBI states that profits from online criminal activities in the US alone now surpass the profits from drug trafficking. Meanwhile, a report from the Internet Crime Complaint Center (IC3) gives losses from reported Internet crime in 2009 as US$559m, while the Federal Trade Commission puts the total figure for Internet and other fraud at US$1.7bn.

It’s clear that the scale and sophistication of cybercrime is now an extremely serious threat: the development of new malware is far outpacing the firewalls and anti-virus software designed to combat it. And with online thefts hitting individual corporate bank accounts for hundreds of thousands of dollars or euros at a time, it’s not hard to see why trying to protect your browser and, in particular, securing online bank account log-in data has become a fight against the clock.

Does This Mean You?

It can take less than a second for a hacker to authorize fraudulent transactions from your company accounts – and you wouldn’t notice anything until the money is safely on the other side of the world. This is precisely what happened to the town of Poughkeepsie in New York state on 12 January this year. The theft of US$378,000, which was transferred from the town’s online TD Bank account to an account in Ukraine, wasn’t noticed until the next day.

In another similar theft, US$560,000 was taken from Experi-Metal Inc. (EMI) when an employee fell victim to a phishing email. Its bank’s website was mimicked and more than 50 wires were rapidly initiated.

These cases are just two that made the news but, just like an iceberg, there are far more cases that go unreported. They raise the question of whether banks are doing enough to protect their customers’ online accounts.

So who needs to be aware of Zeus malware and ‘man-in-the-browser’ (MitB) attacks? Everyone; no organisation is now exempt. Companies need to ensure that their IT systems and the interface into their bank accounts all have the highest levels of protection. They are also advised to talk to their banks and ask what they are doing to protect their secure online identities.

Defeating the Man-in-the-Browser

It’s a further cause for alarm that, according to research conducted by Trusteer, Zeus malware goes undetected by up-to-date anti-virus software more than 75% of the time. Preventing malware that is so difficult to detect sounds like a tall order – but there is hope.

Options for those determined to mitigate this scourge include a solution in the form of a USB device that, when connected to your PC, automatically opens up its own secure browser that doesn’t exchange any data with your computer and the only purpose of which is to allow you to access your online bank account.

The key benefits of such a device are that they use zero-footprint technology, with no trace of data on the computer used and without the need to install admin rights or any type of software on your system. This zero-footprint technology is developing quickly and future versions will offer secure zero-footprint operating systems as well as browsers.

Webinar invitation

Join gtnews and IdenTrust for a webinar to learn how to Protect your Clients from ‘Man-in-the-browser’ and Zeus Attacks. This one hour webinar takes place on Wednesday 21 April 2010, 3pm BST, 4pm CET, 7am PST, 10am EST.

Karen Wendel, CEO of IdenTrust, will detail the recent exponential rise of cybercriminals’ relentless targeting of banks’ online customers. Learn the details of recent thefts exceeding US$100m. The webinar will provide an overview of the JabberZeus malware that exploits valid online banking credentials, and recently forced several government agencies, including the FBI, to issue fraud warnings. The webinar will include: recent market developments including the arrests in Spain, a detailed view of the inner ‘Zeus’ working and how Zeus exploits one time passwords (OTPs).

To register for this complimentary webinar – please click here.


Related reading