talking points
Transcrição
talking points
ATS TALKING POINTS Automatic Transfer System, a New Cybercrime Tool Automating Online Banking Fraud and Man in the Browser Attacks Report by Loucif Kharouni Today’s cybercriminals face challenges due to the additional security measures banks employ such as imposing transfer limits and sending transaction SMS notifications. ATS users aim to clean out victims’ bank accounts without leaving a trace. Unfortunately, additional bank security measures do not prevent them from doing so. • • • • • • • • This research paper discusses automatic transfer systems (ATSs), which cybercriminals have started using in conjunction with SpyEye and ZeuS malware variants as part of WebInject files. These are toolkit addons for the SpyEye and ZeuS malware variants which can read and use WebInject files. SpyEye’s creator even made sure that SpyEye malware variants provided support for ZeuS WebInject files. 2-Factor authentication measures have been broken and it just requires ATS creators to analyze and program is ability within their code. As SpyEye and ZeuS are malware variants that work in the PC environment – this is currently only an issue potentially affecting accounts where Windows is accessing users banking records. This automates the Man in the Browser (MitB) attack, which is another known term used for these attacks. This automates online banking fraud and does not require a criminal being online during the victim's session. Some countries appear to be more targeted than others. In fact, most are created on demand and commonly target banks in Germany, the United Kingdom, and Italy. It is important for non-targeted countries to be aware of ATSs’ existence despite remaining under the radar for now. Trend Micro customers concerned about ATS’s can use the following products to help protect themselves. ___________________ Endpoint: Endpoint solutions such as Titanium, WorryFree Business Security, OfficeScan (with Intrusion Defense Firewall Plug-in) can help prevent infections from starting, or detect afterwards. Web Reputation Services (WRS) allow endpoint solutions to detect and block access to sites that harbor Web- based threats andblocks communication to criminal servers (C&C). Cybercriminals have now gone a step further with the help of ATSs. ATSs remain invisible, unlike WebInject files that display pop-ups to steal victims’ credentials. They do not prompt pop-up displays and performs several tasks such as checking account balances and conducting wire transfers using the victims’ credentials without alerting them. ATS scripts also modified account balances and hid illegitimate transactions to hide traces of their presence to victims. As long as a system remains infected with an ATS, its user will not be able to see the illegitimate transactions made from his/her accounts. Even though Germany, the United Kingdom, and Italy seem to be targeted, mostly due to high demand in the underground community, banks and other financial institutions from basically anywhere are not safe from attacks. WebInject files that can be used in ATSs to target financial institutions based in the United States. As a matter of policy, Trend Micro tries to work directly with affected entities to help them understand the situation and remedy it.