Sometimes known as the zbot, the Zeus trojan is one of the powerful malware tools leveraged by cybercriminals to gain access to financial accounts. Threat actors use these methods to infiltrate banks, financial institutions, and their clients.
More recently, security analysts have observed a shift in cybercriminals who now use these attacks to target small to medium-sized businesses and local government entities. The lack of security of these smaller organizations makes them ideal targets for these attackers.
Blocking Cybercriminals from Ill-Gotten Gains
In a recent case, both a bank’s systems and several customer computers were seeded with a vicious malware, the Zeus trojan virus. The trojan moved money through mule accounts to make tracking difficult. Losses from this one attack were estimated at $2 billion. The US Federal Government estimates that these types of Zeus-like attacks will result in a loss of over $16.2 billion in 2022.
The most common variants include:
- Gameover Zeus
- Ice IX
With the increase of successful internet-based attacks, the only way to effectively deal with internet fraud is to develop a multi-faceted technology infrastructure. This helps block the many different methods, such as phishing, pharming, malware, and system breaches, that cybercriminals typically employ in their online fraud schemes.
The key strategy should focus on tools and techniques that provide a defensive shield. These technologies must have the capabilities of detection and notification, intervention, and prevention.
Building a Security Strategy
Reducing attacks is one of the typical goals of a comprehensive defensive security strategy. Traditional physical attacks come with a high risk of failure and tend to be a one-time event.
What if, instead, you could break in without detection?
What if you could linger and steal money electronically?
This concept is exactly why cybercriminals develop malware, the current tool of choice for would-be-attackers, and what they design it to do.
By using email blocking or filtering technology at the email gateway, businesses could reduce email-based malware attacks. Prevention is backstopped with detection and intervention. Still, when they are combined, these measures strengthen the overall defense and can by design, protect a target from within.
How a Honeypot Protects a Network
One tool used as a method of intervention is a closely monitored network decoy called a Honeypot. While potentially time-consuming and expensive, Honeypots can serve as a great early warning system.
This decoy is basically a server running a vulnerable service that can be used by an attacker to exploit the system. With the proper monitoring, this early warning identifies new attacks. It also analyzes exploitation trends and allows for an in-depth examination of the adversaries during and after the exploitation of the Honeypot.
This method allows for an advanced warning of a more concerted attack. While the prevention and intervention strategies described here can be costly and time-consuming to deploy and manage. The reality is that even with these in place, vulnerabilities may still exist.
Beyond these methods, additional basic preventative measures support these strategies with a lot less cost. These include tactics like domain name management and high-assurance SSL certificates. Besides, domain name management requires no technology, just a process around website registration.
As an example, a financial institution might reserve a set of domains resembling its primary domain. This prevents attackers from using these names to set up fake sites. Tools like Google can be used to scan for new domain name registrations while working with domain registrars to restrict who has the authority to register domain names for the financial institution.
Maintaining high-assurance SSL certificates helps assure consumers that conducting online financial transactions is safe. When used properly, such certificates can make the process of site verification much more user-friendly and can visually displace secure access by an image of a lock-in browser toolbar.
Strong Authentication Methods
In addition to the lower-cost tactics, a variety of stronger authentication solutions are available to provide better control and management of web traffic. For example, software vendors have developed web browser plugins that lock down the browser once the user has connected to a provider’s site.
Image identification is an additional authentication for visitors and subsequent authorization of high-risk transactions. Image identification involves an image and a personal phrase chosen by the user. Both are displayed during the login process. The purpose of the image and phrase is to let the user know they are logging into a genuine website.
Strong Security Strategies Help Stop Online Fraud
With the continued increase in the severity of online attacks, defense-in-depth strategies are required to deal with fraud. Implementing the methods outlined here will help.
E-commerce providers need to constantly provide the highest quality solutions to prevent fraud before it creates financial loss and erodes customer confidence.
Mike Tyk is an accomplished Enterprise Security professional with over 30 years of experience in information security consulting. In his current role as Director of Security Services with Novacoast, he assists customers in developing information security management policies and procedures, implementing breach response plans, conducting application threat analyses, and assessing infrastructure vulnerabilities.