New Advanced Threats Facing the Financial Sector

Just finished listening to a very good security briefing from the FS-ISAC called “Research Update on Malware and Phishing Webinar“.

Here are some of the top points from the seminar:

Latest Threats

Mobile Zeus – First spotted in September of 2010 and next in Febuary of 2011. Attacks not only the PC but also mobile devices. It attempts to intercept the additional authentication from mobile device that many banks are using now.

Tatanga – Attacks at the TCP level, not HTTP. Basically takes over your browser. Sends all encrypted (SSL) data in plain text to the malware server, the malware server then creates the encrypted tunnel for you and plays man-in-the-middle. It also blocks all warning messages that would usually pop up in the browser.

They also talked about Phishing servers (bad sites that steal your credentials). These malware servers get up to 80% of their authentication thefts within 5 hours of the server being put online. No wonder they are so hard to take out!

Mobile devices are coming under increased attacks, and need to be secured. They are vulnerable to exploits just like PC’s and most users do not bother to update the operating systems. Also rooted or jail-broken devices are really starting to become an issue in corporate settings.

The best way to protect against these attacks are to keep both your PC’s and mobile devices patched and updated. A little security goes a long way!



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.