ITWeb :Online banking under attack
[ Johannesburg, 29 May 2009 ] - In today's trying economic climate, it is becoming clear that every organization in every industry sector, be it financial, retail or telecommunications, is a target for cyber criminals. If they conduct banking online or host customer and supplier information, businesses must ensure they have proper security measures in place not to fall victim to these crimes.
This is according to Costin Raiu, Chief Security Expert at Kaspersky Lab, EEMEA, addressing delegates at ITWeb's 4th Annual IT Security Summit 2009 in South Africa this week.
The conference provided information security professionals and IT managers with the most up-to-date information, tools, trends, legislation and strategies to address information security issues.
“Cybercrime accounts for billions of dollars in terms of losses annually and the criminals are becoming more professional in developing technologies designed to counteract traditional anti-virus solutions every day. It is not so much an issue of computer malware, but the countless vulnerabilities in operating systems as well as the installed software applications that make it very hard to run secure computer systems,” he says.
Raiu says contributing factors that lead to the flourishing of premeditated online crime is the evolution of malicious code from viruses to Trojan horse attacks, designed to steal personal information for financial gain.“Online payment systems and online banking systems often make use of simplistic authentication technologies, and hackers use keystroke loggers, password-stealing Trojans and social engineering to gain access to accounts which are later emptied of funds.
“Even systems that use complicated multi-factor authentication techniques are at risk with the introduction of specialised Trojan horses, which are able to intercept transfers on-the-fly and replace the destination account with the attacker's account or highjack an online banking session,” he says.“At the same time, banking institutions that offer financial services online must use a blended approach to security, using two-factor authentication methods that rely on external devices to ensure that user accounts are not compromised,” he says.
In his closing comments, Raiu said businesses have to begin to realize that the IT security threat is not going to go away. The protection against such risks, he says, must be international priority, involving various industry experts and associations to guard against these financial risks.
0 comments