This year at RSA we experienced a new level of conversation about online threats. Anti-fraud protection was the topic for many guests stopping by the booth following the announcement of F5’s solutions for web fraud protection. Booth visitors shared with me that their customer-users expect web applications [& Mobile Apps] they rely on for online banking, shopping, etc. to protect their assets and sensitive information from unauthorized disclosure or access. Being an avid user of such applications I merely thought “of course we do buddy”. I was not surprised by the percentage (70%) of those representing retail banks who were greatly interested in what we offered around anti-fraud (or web fraud protections). After all, during the last 2 weeks my account was successfully breached for hundreds of dollars. It is clear that adequate measures towards strengthening security against web fraud attacks may be missing from overall security strategies at some banks – mine particularly. Let’s take a look at where some gaps may exist and what can be done to improve upon security.

Let’s look at protections against phishing attacks since this has been part of the conversation over the last few days. Phishing attacks are amongst the most common type of fraud threat retail banks defend against. Overall 37 million users were subject to Phishing attacks between 2012 and 2013[1]. The sophistication of this attack type continues to grow, targeting specific individuals (spear-phishing) and creating the impression of a credible organization to enable attackers to gain access to bank accounts, credit card information, or business systems. Spear-phishing combined with vulnerability exploits are commonly used to achieve an initial point of access that attackers can use to drain accounts or ultimately further a Trojan attack. Example - In December, 2013, a man was arrested for his part in a phishing scam targeting UK college students. The scam sent emails inviting students to update their loan details on a malicious site that took large amounts of money from their accounts. Given events like this, banking anti-fraud teams continue to look for more effective ways to guard against phishing attacks and before their customers fall victim and protect users from malware and fraudulent websites that seek to steal credentials, confidential information and make unauthorized money transfers.

Solutions like F5 WebSafe allows organizations to detect phishing attacks earlier and shut down phishing proxies even before convincing emails are sent to customers. Your fraud teams can quickly identify efforts to glean information and assets from your website to use in fraudulent activities, and provide alerts about website copies and uploads to proxies or servers, complimenting protections in traditional WAFs. With F5’s web fraud protection organizations can more effectively identify phishing attacks and easily drive efforts to shut down phishing servers to stop ongoing theft of sensitive information.

Proxy Trojans used to modify web pages, transactions or transaction flows is considered one of the greatest threats to online banking, allowing attackers to act as the man-in-the-browser (MITB/M). The transparency of this malware allows it to effectively intercept SSL/PKI and authentication measures to covertly control communications between customers and banks. Although some trojans of this type can be detected and removed with anti-virus software, there remains a great percentage that requires other detection and protection methods to help minimize or block such threats. This includes recommended security measures such as strong authentication, combined application validation by the device and user validation by the app, latency examination for cryptographic hash functions.

WebSafe is specifically designed to go beyond recommended security measures to analyze user behavior, identify infected users or devices and encrypt information at the app layer to protect against eavesdropping. With WebSafe companies gain an added layer of protection that more effectively identifies, scores and alerts of potential malware, while ensuring any information intercepted is render useless by an attacker.

Certain attacks use malware to target those using mobile devices. These concerns lead to great discussion during my RSA booth duty. One example discussed was FAKEBANK, a malware spotted in the second quarter of 2013. Once installed, it uses the Google Play icon to stay low-key. During installation, it replaces parts of legitimate banking app files with malicious code, but it does not modify their icons and user interface. Once users access these apps on their mobile device, they unwittingly give out their account information. Aside from this, FAKEBANK also steals call logs and received text message. As you can see, the attack can be very successful in ultimately acting as the customer to illegally transfer money.

The F5 MobileSafe SDK can help you prevent attacks like FAKEBANK by identifying jail broken devices and mobile malware. MobileSafe also provides virtual keyboard overlays and performs behavioral analysis to determine if attempts to login on mobile applications are potentially being executed by a script or BOT. MobileSafe is designed to protect against attacks that specifically target mobile device users.

In closing, although security is a continuous process, it is possible to fill the security gaps and provide early detection and protection to safeguard customers and banks from data interception and fraud loss. There are a variety of solutions in addition to what I have covered that can be used. The important thing to take away is look for transparent- clientless solutions, Layer 7 application encryption, early malware attack detection and solutions that also guard against attacks targeting mobile device users. For more information on F5 Anti-Fraud solutions visit us at RSA, on the web and read the blog titled ”F5 Anti-fraud Solutions: Frictionless Protection for the Masses

Watch for my next blog on developing a more cohesive and streamlined security strategy that fills in security gaps for retail banking.


[1] Kaspersky Report: The evolution of Phishing attacks http://media.kaspersky.com/pdf/Kaspersky_Lab_KSN_report_The_Evolution_of_Phishing_Attacks_2011-2013.pdf