Freely subscribe to our NEWSLETTER

Eddy Willems, G Data Security Evangelist

Bank robbery 2.0: Attacks in the browser

Banks have invested heavily in the security of their systems and effectively encrypted the communication channels from the customer to the bank. They have also continued to improve the TAN procedure, having recently done away with printed TAN lists and introduced new procedures such as mobile TAN and flicker TAN. But, in reality, cyber criminals can circumvent all these protection mechanisms by attacking the customer’s PC.

In the world of bank robbery 2.0, perpetrators do not attack the banks. They infect online banking customers’ computers with intelligent computer malware called banking Trojans. Visiting an infected website is all it takes to infect the computer with this specialised malware. Once it has stolen the access data, this malware can actively intervene in the payment process and divert legitimate transactions to other accounts without being detected.

How does the fraud work?

If the browser has been manipulated by a banking Trojan, data is still transferred from the computer to the bank in an encrypted form, but it is not the data that the user actually entered in the browser. If the bank customer tries to pay his rent from his infected PC, for example, the data he enters is visible in the Internet browser, but once the TAN is entered the money is unnoticeably directed to the criminal’s account.

Diagram: The terminal browser is the weak link in the online banking chain. The data is manipulated before being encrypted and the money ends up in the perpetrator’s account.

Most antivirus solutions do not detect new banking Trojans until it is too late, since they require a corresponding signature for protection. In one test, conventional protection programs only detected 12 percent of the malware strains immediately and 27 percent after 24 hours. This means that traditional security technologies found it almost impossible to protect computers fully against current banking Trojans.

The biggest issue with this, is that the consumer is unaware of this fact. Nobody likes to talk about the threats of banking Trojans, because they are unable to offer a solution to the problem. Being aware, alert and working from an AV-protected pc within a safe network does not do the trick in this case. Even the best educated IT security expert can fall victim to this malware, as it operates completely invisible and requires no user involvement at all.

Due to the lack of communication about banking Trojans, users remain blissfully unaware of the risk, even though the average damages per case are around £4,000. Consumers assume they are safe when they install security software on their computer. And no one, banks nor AV vendors will tell them otherwise.

At InfoSecurity, G Data will demonstrate the world’s first solution that detects and blocks over 99.9% of all banking Trojans: BankGuard. This technology works in a completely signature-independent way. It is firmly integrated in the browser and can protect users against all known and unknown banking Trojans. Manipulations by this type of malware are detected instantly and stopped automatically. BankGuard is compatible with all existing AV-solutions and incorporated into the brand’s own consumer products since version 2012.