The Zeus trojan did its damage to banks and financial institutions and it looks like more threats are on the way. A new trojan construction kit called CarBerp for hackers is laying the groundwork for a more advanced round of general and targeted attacks.
Zeus is a very advanced trojan and gave banks and their customers a tough time. It was particularly effective because it is a Man In the Browser Attack (MitB). Since these trojans work locally on the client side it is difficult for the bank to help prevent the attack as the credentials get stolen and sent off to another site. Unfortunately, CarBerp will allow even more advanced attacks then Zeus.
Those banks that implement out of band authentication have the best chance of protecting their clients. Out of band authentication uses another channel outside the browser such as the telephone or SMS to verify a clients identity before allowing the login. It helps stolen credentials from being used to steal money or data. I would strongly encourage all bank clients to find another bank if their bank does not use out of band authentication to protect their customers.
Out of band authentication protection is only as good as the banks ability to detect and monitor each login from the customer to determine if the login should be "challenged" based on a risk model. The challenge is where the extra automated phone call or SMS message helps protect the customer to make sure it is them logging in. For more information on out of band authentication check out the PhoneFactor link below.
Does your bank care enough about you to help protect your money? If not, drop em.
For more information about out of band and multi-factor authentication check out PhoneFactor.
For more information about Zeus and CarBerp check out TechRepublic article.
No comments:
Post a Comment