Taking on the high-rollers

In Information Security ByTeam Acumin / 18th July 2012

The European Network and Information Security Agency (ENISA), which exists to improve network security within the EU, has stated that all banks should “presume” that all of its customer’s have PCs that are “infected”.

This fascinating suggestion by the security agency is predicated on the idea that it makes sense to go with the default position that computers – the definition here inclusive of devices like tablets and smartphones – are, to a degree, compromised.

ENISA believes that banks and financial institutions at present operate under the assumption that their online banking systems are secure, but this is a mistake that can and does lead to serious trouble.

The security agency felt compelled to make such an assertion in light of recent reports about “high roller” cyber attacks, which have been directed at wealthy corporate bank accounts.

In particular, ENISA draws its conclusions from a detailed report into the matter, produced by McAfee and Guardian Analytics, which discussed its discovery of a “highly sophisticated, global financial services fraud”.

“Unlike standard SpyEye and Zeus attacks that typically feature live (manual) interventions, we have discovered at least a dozen groups now using server-side components and heavy automation,” the authors of the report stated.

“The fraudsters’ objective in these attacks is to siphon large amounts from high balance accounts, hence the name chosen for this research: Operation High Roller.”

The intriguing thing about this is that no human participation is needed, with each assault moving at a swift speed. Combine insider knowledge of banking transaction systems with “custom and off the shelf malicious code” and you’re charting into organised crime territory, the research noted.

What can be derived from this is the notion that today’s bank robbers have migrated online because this is where the money is, another sign that the digital world is increasingly becoming the default habitat in which to do everything…literally.

The attacks occur in three distinct phases. First of all the targets are recognised using spear phishing. Those with large capital are then identified. Follow on from that, malware is then directed into their computers – and it’s bespoke to the victim’s online banking websites. It kicks into action soon as a person accesses their account. This then allows the fraudsters carte blanche to carry out deceitful transactions.

ENISA has some suggestions about how to beat the criminals at this. One, as mentioned above, adopt the attitude that all PCS are compromised and adopt security measures that protect against, for example, viruses like Zeus. Two, make online banking even more secure. Finally, there needs to be strong global cooperation (here the attacks were coordinated across the globe), otherwise there will always be shortfalls in knowledge.

Other things that can work, even against highly sophisticated attacks, includes anomaly detection strategies – criminal behaviour is fallible – developing solutions to more automated, obfuscated and creative forms of fraud, and providing equally diverse and multilayered forms of protection. The house always wins in the end.