Like Other Cancers, Malware Is Best Detected Early

Posted February 6, 2015

Senior VP for London-Based Global Bank Responsible for Reducing Emerging Malware Threats Advises Early Detection Critical

Like specific cancers that attack different parts of the human anatomy, cybercriminals have created specialized banking malware. Marco Morana, a London banking executive writing on, cites a Verizon study finding that “Citadel is the preferred banking malware among criminals for personal data information theft, while Zeus continues to be the favorite banking malware for stealing money from bank accounts.”

Regardless of what type of malware is attacking (or attempting to attack) a financial institution, Morana emphasizes that early malware detection is vital. The following has been excerpted from his piece and edited to fit our format. You may find the full piece by clicking on this link.

Multifactor authentication isn’t up to the task

Today, it is safe to assume that standard multifactor authentication and transaction monitoring can be compromised or bypassed by banking malware.

Complying with compliance

Early detection of possible data compromise for bank customers affected by banking malware helps banks comply with data breach notification laws. Bank-owned online banking applications also are required to adopt strong customer authentication, transaction monitoring and implement multiple layers of defense, as required by the Federal Financial Institutions Examination Council. [The FFIEC is a federal interagency body made up of five banking regulators, including the Federal Reserve Board of Governors (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB). In Europe, financial institutions must comply with European Central Bank regulations.]

Financial institutions must go beyond mere compliance

Today, it is safe to assume that standard multifactor authentication and transaction monitoring can be compromised or bypassed by banking malware.

Effective risk management should ensure that additional layers of detection and prevention controls are in place to reduce the impact of a personal data compromise and/or account takeover incidents.

Assuming the fraudster is able to modify the money movement transaction with an account takeover, he still might not be able to steal money if the money transfer requires approval from a different user. Generally, risk-prevention measures, such as out-of-band transaction verification and authentication, work best when used in conjunction with Web-fraud detection measures.

5 percent of major European bank customers’ devices infected

Giorgio Fedon, technical director of Minded Security, a software security company whose products include malware-detection, says in any given day at a major European bank, at least 5 percent of bank customers’ devices will be infected by some kind of malware. He points out that 3 percent will be infected by unwanted adware, 1.5 percent will be infected by spyware, and 0.5 percent will be infected by banking-related malware.

Browser compromise detection prevents takeover

Detecting which browsers are compromised by banking malware helps banks prevent fraud through account takeover. This detection of browser compromise, which includes the details of the origin of fraud, can be fed into the Web fraud system and be analyzed for anomalies and behavior to calculate the level of risk at the transactional level. From there, flagged transactions can be monitored or put on hold until additional verifications take place.

Multilayered defense

For account takeover fraud detection, it is important to cover multiple layers of detection, including the client browser, the online banking application, as well as the data and transactions that are at high risk of compromise by banking malware.

[Web] fraud detection needs to be transparent to the bank user and not impact the customer experience.

Finally, the Web fraud detection should be scalable for a large number of online users and not impact performance. It also should require minimal overhead for maintenance.



close btn