Banking Technology Solutions
Home Company Information News Products & Services Success Stories White Papers Partners Career Opportunities
 

White Papers

 
 

Business Strategies

Risk Strategies

White Papers


John Jaser

Web Filtering Helps Prevent Cyber-Crime

By John Jaser, Internet Services Manager

 

The threat of cyber crime never truly goes away, particularly as banks increase their use of the Internet through social networking, browser tool bars and Flash animations. This ‘richer’ web experience opens new possibilities for Internet crime, particularly as thieves shift their attacks from email to the web.

Recent stories in a variety of media have focused on the new generation of computer worms and viruses designed to turn our online ‘friends’ against us. Because these exploits are embedded in social networking sites, they don’t attempt to infect via e-mail or Web site links, often making them immune to antivirus and firewall software.

To combat these new threats, companies and financial technology services such as COCC are installing advanced web filtering capabilities along with other intrusion detection programs. These systems help prevent bank personnel from visiting criminal web sites and from inadvertently downloading ‘crimeware’ which can corrupt networks and steal private information.

One of the current risks is the koobface worm, which is spread through interactive social networking sites. Koobface strikes while users are browsing Facebook, MySpace, Hi5, and other sites.
The danger comes from third party developers who add functionality to Facebook by contributing ‘plug-in’ programs. In some cases, these plug-ins will accept user input without properly sanitizing the incoming data. As a result, malicious content can be injected onto the user’s Facebook page via the vulnerable plug-in.

The Koobface worm uses this technique to direct the user’s web browser to download a JavaScript file from a third party server. The Javascript then redirects the browser to a malicious website (screenshot shown below).
 

Web Filtering Services for Banks


This site mimics the appearance of Facebook and YouTube, and contains a fake Adobe Flash video with the error “This content requires Adobe Flash Player 10.37. Would you like to continue?” The user is then prompted to download a file called “setup.exe.” Once executed, this file attempts to infect the workstation and continue connecting with malicious servers for updates thereafter.

Web filtering and intrusion prevention systems are part of the multi-layered approach to security recommended for all users.

 

To further protect your bank’s users, consider the following security countermeasures at your bank:

  • Ensure that all desktops and servers are running professional, up-to-date anti-malware and anti-spyware applications.

  • If you have a web filter, consider blocking users from browsing sites in the Social Networking category via your web filtering configuration. Many banks have blocked this category to improve productivity, since social networking sites are often considered a distraction. In light of the potential security risks presented by these sites, you might block this category completely. If necessary, you might grant specific client IP addresses access to these resources (HR and Marketing staff).

  • Ensure that users do not have administrative rights on their PCs if not necessary. This can reduce an attack’s success.

Educate staff to be aware of suspicious URLs and websites. Many attacks rely on social engineering and user interaction. By training the user to be aware of suspicious addresses and behavior, you can reduce the likelihood that users will become victims of these scams.