Cyber attacks on banks likely to increase, says expert

UK banks need to be more proactive to deter trojan-style attacks

The latest Zeus trojan is responsible for an attack on a UK bank

Following this week's news that cyber criminals based in Eastern Europe have successfully drained £675,000 from customers of a major UK bank, an IT security expert has stated that similar attacks could remain undetected in other institutions, and are likely to be seen more and more in future.

The attack in question involved the use of the Zeus v3 trojan, a highly adaptable piece of software available to cyber criminals.

"The [trojan] is very easy to customise in order to target a wide variety of web sites and users," said Ryan Rubin, security and privacy European lead at Protiviti, an IT risk and consulting firm. "It's likely that other organisations have been unknowingly targetted now, and will be in the future."

Banks have made more effort in recent years to push security out to the consumer. Many banks use additional authentication systems beyond usernames and passwords, such as sending SMS messages to customer's mobiles, or using additional card authentication systems that provide a single-use code.

But cyber criminals have found ways of getting round this using the Zeus trojan.

"Two-factor authentication can also be thwarted by this type of attack," Rubin said. "The user puts their details into a device and gets a unique one-time password that gets picked up by the trojan and sent to an attacker who can use that information for a limited period."

Rubin commented that banks should be proactively looking at their log files, and analysing which IP addresses customers are logging in from.

"Banks should be looking at this – if their customer logged in from the UK with their one-time password, but then suddenly logged in from, for example, China there is something going on. The disparity will show up in the logs. Banks need to look into how to analyse these types of activities better," said Rubin.

The speed at which the online transaction occurs can be another tell-tale sign of fraud, according to Rubin. "A human takes time to click buttons and input information. Automated attacks typically happen very quickly," he said.

But the user is unlikely to be aware of the attack themselves, as from their point of view their online banking experience will appear normal.

"The big challenge with Zeus is that it becomes very difficult for the user to detect it. It intercepts all information coming from the user, and inserts pages and pictures onto the user's browser by exploiting browser vulnerabilities," Rubin said. "The user may be legitimately connected to the bank, but the trojan has intercepted the information."

According to Rubin, the best safeguard is for users to regularly monitor their balance, and report unauthorised activity to their bank.