By John Jaser
The threat of cyber crime never truly goes away, particularly as banks increase their use of the Internet through social networking, browser tool bars and flash animations. This richer Web experience opens new possibilities for Internet crime, particularly as thieves shift their attacks from e-mail to the Web.
Recent stories in a variety of media have focused on the new generation of computer worms and viruses designed to turn our online “friends” against us. Because these exploits are embedded in social networking sites, they don’t attempt to infect via e-mail or website links. This often immunizes the exploits against antivirus and firewall software.
To combat these new threats, companies and financial technology services are installing advanced Web filtering capabilities along with other intrusion detection programs. These systems help prevent bank personnel from visiting criminal web sites and from inadvertently downloading crimeware, which can corrupt networks and steal private information.
One of the current risks is the koobface worm, which is spread through interactive social networking sites. The worm strikes while users are browsing Facebook, MySpace, Hi5 and other sites.
The danger comes from third party developers who add functionality to Facebook by contributing plug-in programs. In some cases, these plug-ins will accept user input without properly sanitizing the incoming data. As a result, malicious content can be injected onto the user’s Facebook page via the vulnerable plug-in.
This site mimics the appearance of Facebook and YouTube, and contains a fake Adobe Flash video with the error “This content requires Adobe Flash Player 10.37. Would you like to continue?” The user is then prompted to download a file called “setup.exe.” Once executed, this file attempts to infect the workstation and continue connecting with malicious servers for updates thereafter.
Web filtering and intrusion prevention systems are part of the multi-layered approach to security recommended for all users. To further protect your bank’s users, consider the following security countermeasures at your bank:
Ensure that all desktops and servers are running professional, up-to-date anti-malware and anti-spyware applications.
If you have a Web filter, consider blocking users from browsing sites in the social networking category via your Web filtering configuration. Many banks have blocked this category to improve productivity, since social networking sites are often considered a distraction. In light of the potential security risks presented by these sites, you might block this category completely. If necessary, you might grant specific client IP addresses access to these resources (such as the human resources and marketing staff).
Ensure that users do not have administrative rights on their PCs if not necessary. This can reduce an attack’s success.
Educate staff to be aware of suspicious URLs and websites. Many attacks rely on social engineering and user interaction. By training the user to be aware of suspicious addresses and behavior, you can reduce the likelihood that users will become victims of these scams.
John Jaser manages Internet Services and Security at Avon, Conn.-based COCC, Inc., (www.cocc.com), a 43-year-old firm specializing in outsourced information technology and support.