At a security briefing held last week, Standard Bank of South Africa outlined the next steps that it intends to take towards ensuring safer Internet banking, and highlighted what it believes will be threats facing the online community going forward.
Standard Bank technology engineering director, Herman Singh, says that what used to be a nuisance (hacking) has now become a serious threat. ?Virus creation has increased by 1,300 percent over the last months (from 445 in June 2002 to 7,360 in December 2004 according to Symantec) with viruses frequently being used as vehicles for attacks, as opposed to being an end in themselves,? he notes.
He also says that spyware attacks have increased by 50 percent in 18 months, and, more alarmingly, Symantec?s figures show that phishing attacks increased in number by 290 percent between August and December 2004.
The criminal syndicates behind phishing attacks have also grown increasingly more sophisticated. The widely reported May 15 attack saw the syndicate recruit runners in SA (via e-mail sent from South Korea) under the auspices of a genuine business opportunity, whose accounts would be used to launder money gained from the attack.
The spam containing the spoofed message from Standard Bank was then sent from a Brazilian IP address to SA, and directed local users to a Russian Web site, where they were asked to fill in their details.
Using the details garnered on the Russian site, the attackers instituted fraudulent transactions from New York, and then attempted to transfer the illegally gained funds into the runner?s account, for the runner to send, via wireless transfer, to Russia.
Whilst all eyes were on the phishing attempt, the syndicate also released a Trojan that set about harvesting account information and sending it on to the Russian site.
Fortunately security systems have become equally more sophisticated, and Singh says that no customers lost any money in the attack. Working with specialist security firm, Cyota, the bank was able to shut down eight domains being used by the syndicate, effectively neutralizing the attack.
It was also able to freeze the runner?s account the minute the first deposit was made, block the relevant ports to prevent any more people accessing the sites (through UUNet, IS and Telkom - SA?s first-tier ISPs), and contact the Scorpions (anticorruption and organized crime unit) once the money-laundering attempt became obvious.
The bank managed to do all this by 3 P.M local time on 19 May 19 (the attack was launched at midnight). The runner was taken into custody on May 20.
Threats are escalating, however, says Singh. Pharming, for example, which allows criminals to harvest hundreds of address at once, as opposed to phishing, which collects data on one person at a time, is becoming more prevalent.
In the face of smarter and more sophisticated criminal attacks, Standard Bank is ramping up its efforts to protect its customers. Singh says that the bank is effectively extending the strategies it uses to protect itself to its customer base.
The bank will be introducing several new security measures in the next month or so.
Firstly, it is renewing the free access to McAfee software it has offered for the last three years. Further, it is expanding its SMS notification service, so that customers will be alerted immediately about all transactions on their accounts.
It is also introducing ?payment confirmation?, which will notify both payer and payee that a transaction has been completed. It will be introducing digitally signed mail, and will be encouraging customers to sign up for the MyNotification service.
Beyond that, it is introducing one-time passwords. These will be sent to the user once they have signed on, independently of the Internet banking session, and with a short expiry time. This two-factor authentication system adds an extra layer of protection as, even if a user?s account details are hacked, the hacker is unlikely to have access to their cell phone, for example, and be able to receive the one-time password needed to complete the log in process.
Customers wanting to use their credit cards online will have to register them for online use from August, says Singh. The bank is launching the SecureCode (a Mastercard product) service locally, which will ensure that all online credit card transactions are authenticated by the bank before completion.
In other words, once a user gets to the ?check out? on a Web site, they will be automatically directed to a Standard Bank page, where they will be authenticated, before going back to the e-commerce site to complete the transaction.
Pharming: Pharming is the exploitation of a vulnerability in the DNS server software that allows a hacker to acquire the Domain Name for a site, and to redirect that Web site?s traffic to a site controlled by the hacker. DNS servers are the machines responsible for resolving Internet names into their real addresses -- the ?signposts? of the Internet.