Combating global cyber crooks
Fraudsters using new and improved Zeus and SpyEye malwares like Hesperbot to infiltrate people’s computers, enabling them to steal their personal details so that they can siphon large amounts of money into their own bank accounts. This isn’t the first time that malware has conquered innocent victims’ computers, but what is more malicious about the new version is that money transfers are automated. Criminals are evolving with technology and targeting cloud-based servers.
Fraudsters needn’t lurk around the internet and wait for people to log on to their bank accounts anymore (classic Man-in-the-Middle type fraud), instead with the process computerised, criminals can now drain bank accounts more quickly and efficiently making it even more difficult to detect.
Organised criminal gangs are tactical and ambitious, targeting high net worth individuals and business accounts with large sums of money.
The real worry is the sheer scale of this global problem that we are dealing with which is now a major a core revenue generator for organised crime.
Perhaps, what the security industry needs to admit that alongside efforts to prevent fraud, the industry needs to focus increasingly on detection and what it can do is make it very difficult for fraudsters to actually use the stolen data to access bank accounts.
As I’ve said before, two factor authentication is no longer viable. The industry needs to move towards a multi-layered approach to authentication, using a mix of visible and invisible layers such as voice biometrics. Also, detection needs to work in real-time so that victims and their banks are alerted to attacks immediately and thereby given the chance to prevent it from happening, saving them the inconvenience of being out of pocket and their banks from the costs of fraud investigation.