CBA prepares for malware attacks

CBA prepares for malware attacks

Summary: Malware-led attacks will increase as cybercriminals respond to tougher security measures, including two factor authentication, according to the Commonwealth Bank's head of e-commerce.CBA e-commerce general manager Marcus Judge said he expected more miscreants to try and convince unsuspecting users to download malware, which allows unauthorised access to a computer, as a result of widespread adoption of two factor authentication in the banking community.

SHARE:
0

Malware-led attacks will increase as cybercriminals respond to tougher security measures, including two factor authentication, according to the Commonwealth Bank's head of e-commerce.

CBA e-commerce general manager Marcus Judge said he expected more miscreants to try and convince unsuspecting users to download malware, which allows unauthorised access to a computer, as a result of widespread adoption of two factor authentication in the banking community. Malware usually performs some sort of unauthorised activity such as keystroke logging or allows remote access to a computer.

The CBA last month introduced mobile phone codes and tokens as a second layer of online transaction security for its 2.3 million retail customers. Judge claimed 65,000 customers have signed up to the bank's latest security measure.

However, Judge expected the effect on cybercriminals would be that they would change their method of attack.

"If there's been a trend it's probably been away from just crude e-mails pretending to be from the bank more towards various forms of malware -- people trying to find ways to download it on to your computer," he said.

"When we have fraud cases we talk to people who have fallen victim to a straight phishing e-mail ... now and again people do fall for those unfortunately.

"But the malware ones, people typically just have no idea that it was there. With the couple of million people using Internet banking there's a lot of people using it who aren't highly sophisticated technically, they wouldn't necessarily know what stuff is on their computer.

"Our security guys do investigate the cases and try and ping down how they happen, but with limited time we can't always get there."

Online attacks
Banks in Australia experienced a noticeable increase in cyberattacks -- including malware, phishing and fraudulent activity -- last year as two factor authentication had not been widely introduced.

"I think all the banks experienced a big increase in activity last year," said Judge.

"We believe a lot of the fraud is originated overseas by organised crime. And I would imagine that they just formed the view it was worth focusing on Australia.

"A year or so ago most of our banks didn't have two factor authentication or if they had it they hadn't rolled it out very much. So they probably just saw Australia as a bit of an opportunity."

With so much activity directed at Australia, Judge said the CBA and other banks responded with a lot of backend system improvements to reduce the risk of attack.

For CBA, one of these was Hawkeye, a rules-based detection system that analyses every NetBank transaction. Hawkeye monitors patterns of activity over time and flags suspicious transactions for investigation by CBA staff. It also delays what it considers "high risk" payments so they can be investigated.

"The backend work that we did actually has made a huge impact on the level of successful fraudulent activity which was growing last year.

"The last three or four months it's actually been declining and it's now back at the level it was at probably about 18 months ago."

Judge would not reveal the number of fraudulent attempts, but said they were "well less than one percent" of all NetBank transactions. NetBank has about 216 million log-ons per year.

While fraud attempts increased last year, Judge gave one example of how Hawkeye gave CBA new capabilities in fraud prevention.

"Last year someone got into 14 of our customers' NetBank records. [But] Hawkeye picked that up. We picked up the thing about multiple records being accessed from one IP address.

"So we wouldn't have picked that up prior to Hawkeye as we weren't monitoring the IP address data at all," he said.

"Certainly we've seen a big reduction in just attacks, let alone successful attacks."

Topics: Banking, Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion