Too Late for Zero Day: How can cyber security teams stay ahead of malware attacks?

malwareThe focal point of almost all security teams, whether cyber or physical, is traffic. Who is entering the bank or the store? Who is coming into your network? Who is visiting the company website? Two important tips for all security professionals to keep in mind are, according to Stephen Northcutt, president of The SANS Technology Institute, to “First, configure the system and network correctly and keep it that way. Because this is impossible to do perfectly, the second key to information assurance is to know the traffic coming into and out of your network” (CSO, 2011).

With the recent surge in mobile banking, keeping track of fraudsters has become more slippery. Malware, short for malicious software, is created by fraudsters to permeate itself into mobile phone banking and steal user information. How can banks keep up to prevent malware from infiltrating their security systems? Solutions for this were covered recently in a webinar by Trusteer, a secure web access service, titled, “How Cyber Criminals are Bypassing Advanced Authentication and Fraud Prevention Tools.”

Fraudsters often use malware to collect a reference numbers that are sent by banks to users via SMS (text message). A common attack flow can go something like this:

1. A mobile banking user will attempt to log in.

2. The malware presents a fake re-calibration screen to the user that has been created by the fraudster.

3. The user will be then asked to enter the following information into the calibration device:
•The 1st calibration number – which is the destination account.
•The 2nd calibration number – which is the amount.

4. The transaction signing device will then return an authentication code.

5. The mobile banking user then enters data into the fraudster’s website.

6. Now the user has just unknowingly authorized a money transfer to the fraudster (Trusteer, 2011)

According to Trusteer, many technology approaches to preventing malware aren’t very effective. For instance, many anti-virus programs are signature based and have a small chance at being able to detect the malicious software. Behavioral analytics can be tricked by malware that is programmed to mimic human behavior; also it has been known to send out false positives. Static browsers can be used, but they are non-adaptive – making them susceptible to attack.

Malware creators have the ability to quickly adapt to new security measures, therefore solutions must be able to evolve just as quickly. Having operative intelligence of who entering and exiting the network is extremely important as well as developing solutions that are advanced and adaptive in order to stay ahead of malware attacks.