Bank robbery 2.0: online banking in the sights
By Eddy Willems - G Data Security Evangelist
There are very few technologies that have affected our everyday lives as much as the Internet. It has changed the way we communicate in many ways and has revolutionized business processes. And the digital evolution has affected our accounts just as much. Online banking has been growing in popularity for years, and more and more people appreciate the benefits it offers. Bank customers can access their accounts, execute financial transactions or trade shares at any time of day or night. According to Eurostat, 36 percent of people in Europe used online banking for transactions last year. In Norway the figure was a staggering 83 percent. But, just as with any other service that involves large sums of money, criminals attempt to make off with as much of the loot as possible. In the Internet age, bank robbers no longer need cutting torches to get to customers' money.
Bank robbery 2.0: Attacks in the browser
Banks have invested heavily in the security of their systems and effectively encrypted the communication channels from the customer to the bank. They have also continued to improve the TAN procedure, having recently done away with printed TAN lists and introduced new procedures such as mobile TAN and flicker TAN. But, in reality, cyber criminals can circumvent all these protection mechanisms by attacking the customer's PC.
In the world of bank robbery 2.0, perpetrators do not attack the banks. They infect online banking customers' computers with intelligent computer malware called banking Trojans. Visiting an infected website is all it takes to infect the computer with this specialized malware. Once it has stolen the access data, this malware can actively intervene in the payment process and divert legitimate transactions to other accounts without being detected.
How does the fraud work?
If the browser has been manipulated by a banking Trojan, data is still transferred from the computer to the bank in an encrypted form, but it is not the data that the user actually entered in the browser. If the bank customer tries to pay his rent from his infected PC, for example, the data he enters is visible in the Internet browser, but once the TAN is entered the money is unnoticeably directed to the criminal's account.
Diagram: The terminal browser is the weak link in the online banking chain. The data is manipulated before being encrypted and the money ends up in the perpetrator's account.
Most antivirus solutions do not detect new banking Trojans until it is too late, since they require a corresponding signature for protection. In one test, conventional protection programs only detected 12 percent of the malware strains immediately and 27 percent after 24 hours. This means that traditional security technologies found it almost impossible to protect computers fully against current banking Trojans.
The biggest issue with this, is that the consumer is unaware of this fact. Nobody likes to talk about the threats of banking Trojans, because they are unable to offer a solution to the problem. Being aware, alert and working from an AV-protected pc within a safe network does not do the trick in this case. Even the best educated IT security expert can fall victim to this malware, as it operates completely invisible and requires no user involvement at all.
Due to the lack of communication about banking Trojans, users remain blissfully unaware of the risk, even though the average damages per case are around £4,000. Consumers assume they are safe when they install security software on their computer. And no one, banks nor AV vendors will tell them otherwise.
At InfoSecurity, G Data will demonstrate the world's first solution that detects and blocks over 99.9% of all banking Trojans: BankGuard. This technology works in a completely signature-independent way. It is firmly integrated in the browser and can protect users against all known and unknown banking Trojans. Manipulations by this type of malware are detected instantly and stopped automatically. BankGuard is compatible with all existing AV-solutions and incorporated into the brand's own consumer products since version 2012.
G Data Software AG
With headquarters in Bochum, Germany, G Data Software AG is an innovative and rapidly expanding software house that focuses on IT security solutions. A specialist in Internet security and a pioneer in the field of virus protection, the company, which was founded in Bochum in 1985, developed the first antivirus program more than 20 years ago.
Therefore, G Data is one of the oldest security software companies in the world. For over five years now, no other European security software provider has won as many national and international tests and awards as often as G Data.
The product range consists of security solutions for end customers and medium to large-sized enterprises. G Data security solutions are available in more than 90 countries around the world.
You can find more information about the company and G Data security solutions at www.gdatasoftware.com