Emerging Threats and Account Takeover Fraud Needs an Innovative Defense Approach
By Amy Blackshaw, Senior Product Marketing Manager, RSA Identity Protection & Verification
One of the most difficult challenges for financial institutions today is preventing account takeover fraud in the face of advanced Trojans. In fact, the total number of account takeover attempts reported by financial institutions has more than tripled since 2009, according to survey results from the Financial Services Information Sharing and Analysis Center (FS-ISAC).
Fraudsters now have tools and techniques at their fingertips enabling them to infect unknowing end users at an alarming rate (Panda Security suggests that the average number of infected PCs across the globe stood at 32% in Q1’12). Once the end user is infected, Trojans can work in many different ways – all leading to the loss of money for the banking organization and their customers.
We have seen with the recent discovery of the Gozi Prinimalka Trojan that a “novel virtual-machine-synching module” tries to duplicate the victim’s PC settings, and access the victim’s account by a proxy connection enabling the fraudster to take on the genuine IP address of the victim.
“Fraud and falsehood only dread examination. Truth invites it.” – Samuel Johnson
This advanced technique could fool some authentication and fraud detection platforms even if fraudsters took possession of a victim’s device or software specifications, along with harvested credentials. RSA’s Adaptive Authentication solution helps combat this with the RSA Risk Engine which takes into account numerous other criteria when determining the risk score for any login or transaction attempt, including factors such as additional device identifiers and behavioral anomalies. RSA Adaptive Authentication examines activities to determine the truth.
The newest release of RSA Adaptive Authentication adds features to defend against some of the most malicious and costly malware that enable proxy attacks, HTML injections, and automatic scripting of payee and transfer fields leading to account takeover. If an anomaly is detected – and a Trojan is suspected – the session can be blocked outright, or an additional authentication request can be triggered. By combining intelligence, context and risk assessment data, organizations can thwart even the most advanced account takeover attempts.
Source: RSA AFCC
Above is a real example of an injection control panel used by fraudsters. Notice the options that are available for the bot master to inject fields into a live end user web session. This kind of attack is described in more detail on Brian Krebs’ blog.
In addition, RSA has broadened protections within RSA Adaptive Authentication to include the ATM channel as well and enhanced protections for mobile platforms. Look out for more information on these new enhancements in a future blog post coming soon.
To illustrate how RSA Adaptive Authentication is designed to protect online users from account takeover fraud, check out the cartoon below.
Fraudsters continue to innovate – and so will we.
Amy Blackshaw is a Senior Product Marketing Manager within RSA’s Identity and Data Protection Group. In her role, Amy is responsible for the go-to-market strategy for the RSA Adaptive Authentication solution which provides protection against advanced threats in the enterprise and online. Prior to joining RSA, Amy worked in the Energy Industry bringing secure technology solutions for sustainable energy businesses. Amy holds her undergraduate degree from the University of Massachusetts, Amherst, her MBA from Simmons College, and is a CISSP.
