 |
Web Filtering Helps Prevent Cyber-Crime
By John Jaser,
Internet Services Manager |
The
threat of cyber crime never truly goes away,
particularly as banks increase their use of the
Internet through social networking, browser tool
bars and Flash animations. This ‘richer’ web
experience opens new possibilities for Internet
crime, particularly as thieves shift their
attacks from email to the web.
Recent stories in a variety of media have
focused on the new generation of computer worms
and viruses designed to turn our online
‘friends’ against us. Because these exploits are
embedded in social networking sites, they don’t
attempt to infect via e-mail or Web site links,
often making them immune to antivirus and
firewall software.
To combat these new threats, companies and
financial technology services such as COCC are
installing advanced web filtering capabilities
along with other intrusion detection programs.
These systems help prevent bank personnel from
visiting criminal web sites and from
inadvertently downloading ‘crimeware’ which can
corrupt networks and steal private information.
One of the current risks is the koobface worm,
which is spread through interactive social
networking sites. Koobface strikes while users
are browsing Facebook, MySpace, Hi5, and other
sites.
The danger comes from third party developers who
add functionality to Facebook by contributing
‘plug-in’ programs. In some cases, these
plug-ins will accept user input without properly
sanitizing the incoming data. As a result,
malicious content can be injected onto the
user’s Facebook page via the vulnerable plug-in.
The Koobface worm uses this technique to direct
the user’s web browser to download a JavaScript
file from a third party server. The Javascript
then redirects the browser to a malicious
website (screenshot shown below).
This site mimics the appearance of Facebook and
YouTube, and contains a fake Adobe Flash video
with the error “This content requires Adobe
Flash Player 10.37. Would you like to continue?”
The user is then prompted to download a file
called “setup.exe.” Once executed, this file
attempts to infect the workstation and continue
connecting with malicious servers for updates
thereafter.
Web filtering and intrusion prevention systems
are part of the multi-layered approach to
security recommended for all users.
To further protect your bank’s users,
consider the following security countermeasures
at your bank:
-
Ensure that all desktops and servers are
running professional, up-to-date
anti-malware and anti-spyware applications.
-
If you have a web filter, consider blocking
users from browsing sites in the Social
Networking category via your web filtering
configuration. Many banks have blocked this
category to improve productivity, since
social networking sites are often considered
a distraction. In light of the potential
security risks presented by these sites, you
might block this category completely. If
necessary, you might grant specific client
IP addresses access to these resources (HR
and Marketing staff).
-
Ensure that users do not have administrative
rights on their PCs if not necessary. This
can reduce an attack’s success.
Educate staff to be aware of
suspicious URLs and websites. Many attacks rely
on social engineering and user interaction. By
training the user to be aware of suspicious
addresses and behavior, you can reduce the
likelihood that users will become victims of
these scams. |
