05:33 PM
Connect Directly

Trusteer Service to Analyze Online Bank Customers' PCs for Malware

Taking the Rapport software some banks ask their customers to download to prevent malware to the next level, where Trusteer reverse-engineers any attacks identified.

Breaking into online banking systems is not a job for amateurs; therefore, neither is blocking such break-ins. "It's typically a completely organized operation where they collect intelligence, study the bank carefully, and gather data on the bank's systems; the entire operation requires a lot of expertise," says Mickey Boodaei, CEO Of Trusteer, a company that makes security software that banks such HSBC ask their customers to download to detect and eradicate malware. Boodaei spoke to Bank Systems & Technology in an interview last week. Often a single financial institution is targeted by two or three groups of criminals that specialize in building and recruiting real bank accounts and understanding the security systems and procedures the bank uses, he says.

Online banking fraud involving the electronic transfer of funds has been on the rise since 2007 and according to the FDIC, it rose to over $120 million in the third quarter of 2009 alone. Almost all of the incidents reported to the FDIC related to malware on online banking customers' PCs.

But banks, Boodaei says, tend to have poor visibility into the fraud attacks they're hit with and the malware that cause them. "This is a very basic requirement when trying to figure out your security strategy, in order to use the right security layers, you have to realize how you're being attacked and how malware bypasses your current security mechanisms," he says.

Trusteer is announcing a service today called Flashlight that lets banks analyze their customers' computers for signs of foul play. When a customer contacts the bank to complain about fraud, the bank asks the customer to download Trusteer Rapport security software. Once that download is completed, the bank can ask the customer to click on buttons that generate a report about the attack that's sent directly to bank. If the software detects a new brand of malware, that report goes to Trusteer, which reverse-engineers the mechanism used by the malware to commit fraud so that the bank can block further attacks.

Flashlight has two pricing options, banks can pay per incident or pay a flat monthly fee. Banks will end up paying $500 to $1000 for the service, Boodaei estimates.

In the U.K., where HSBC and RBS offer Rapport to their customers, five million people have downloaded the software. "That's an impressive number that covers almost half the online banking population in the U.K.," Boodaei says.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.