Monday, October 27, 2008

Banks, Malware, and More Failing Tokens

The Kaspersky folks have an interesting report on malware that targets the banking and financial markets that supports and echoes many of the things posted here over the last several months. For one, the banking industry is receiving targeted malware, which makes it more difficult for "signature" based anti-malware solutions to find the malware. For two, issues with second-factor authentication tokens don't solve the malware-in-the-browser problem.
"In order for a cyber criminal to be able to perform transactions when dynamic passwords are in place using phishing, s/he has to use a Man-in-the-Middle attack.... Setting up a MitM attack is inherently more difficult than setting up a standard phishing site; however, there are now MitM kits available, so cyber criminals can create attacks on popular banks with a minimum of effort."

2 comments:

Vikram Sareen said...

true. i will state the attack you are mentioning as MITB - man in the browser.

MITM is more done from a remote machine. it is still detectable with anti-phishing toolbar. however a trojan on the machine is a serious threat to any form on trasnaction.

MITB and MITM are serious threat. out of band signing would be a possible solution to mitb and mutual authentication could be the right solution for mitm.

cheers
vikram
http://vikramsareen.blogspot.com

Nick Owen said...

How can you leave out a reference to your good friends at WiKID? :)

I liked the part where the report discussed transaction authentication: "Ideally, it would have separate algorithms for both logging on to a site and signing a transaction." Because WiKID uses separate public key pairs for each domain, a separate domain can be used to transaction authentication. Thus WiKID can help prevent MITB and MITM (via the https mutual authentication support).