In the 2014 IBM Chief Information Security Officer assessment, nearly 60 percent of security leaders interviewed felt that “the sophistication of attackers was out stripping the sophistication of their organization’s defenses.”
It’s no wonder. Analysis of attacks over the years have shown that cybercriminals are studying their prey closely—understanding the security solutions, policies and procedures each bank implements—and devising successful countermeasures to circumvent their targets’ protections. Today, banking malware, such as Citadel, Zeus, Dyre and Bugat, incorporate advanced functionality that enables attackers to “fly under the radar” and elude detection by both the end user and banking security systems. In fact, recent attacks have shown that once a user’s endpoint is infected with advanced malware, criminals can bypass most security layers, including two-f actor authentication, device ID systems, risk engines and behavioral analytic systems.
Effectively combating cybercriminals requires understanding how they operate. How do they render endpoint protection solutions inoperable? What methods do they use to sidestep two- factor authentication? How do they trick device ID systems and behavioral analytic and risk engines into believing their transactions are legitimate?
This White Paper provides an overview of how cybercriminals circumvent security measures at each stage of a transaction’s lifecycle—pre- login, during login and post-login—and offers strategies to help financial organizations combat malware-d riven attacks. To download this white paper click here: 4-47394_BattlingFinancialFraudattheRootCause