Friday, October 19, 2007

Online Banking Fraud and Internet Security

Online banking fraud is one of the principal threats that Internet users currently face. This year alone, online fraud has increased by almost 40 percent over last year. The convenience of online transactions – from eBay payments to banking operations – is counteracted by a criminal plague that is causing many users to feel unsafe when transferring money across the Web.

Banks and companies have designed different security strategies to try and make sure that the person logging in to a service really is who they claim to be. From cards with coordinates to virtual keyboards, numerous authentication systems have already been undermined by cyber-criminals — often using banker Trojans designed to attack a specific organization. This is what is known as a targeted attack.

If a user discovers that their bank account has been raided, they file a claim with their bank in order to receive reimbursement. However, the bank must also take quick action in order to stop the attack and prevent other users from falling victim to the fraud. To do so, they must identify the malware responsible, find a way to block its effects and actually implement the necessary measures. This usually takes them a minimum of 48 hours—a window of vulnerability during which time the amount of money lost could increase considerably.

The situation is as follows: banks and financial entities spend considerable sums on online security. Despite this fact, they have to cover huge financial losses every year despite “being protected”. Why? Because they didn’t check the weakest link in the authentication process: the user. If a user happens to be infected by a newly created banker Trojan, then all the banks’ security efforts could be in vain.

To solve this problem, Panda Security has created Panda Security for Internet Transactions. This service allows banks and other financial entities operating online to scan the users’ PCs for malware. If they find that the user is infected, access to the banking website is denied, stopping the fraud from entering the system.

Blocking access, however, is just one of the options, as the service is completely configurable. Clients can determine how the scan operates, if it is mandatory or not, what malware samples must be present on the user’s computer for a transaction to be prevented, if infected users are notified, how they are notified, etc.

The scan is totally transparent and takes place in real time, so users can continue using the Web without problems. It is also fast - taking less than five seconds. Using this technology, users can feel much more secure about making online transactions and the transmission of confidential data.

The speed and transparency of the service is a key element. If it were a slow or cumbersome process, many banks would rather assume the losses deriving from fraud than trouble their clients with an awkward process. This high speed is possible because the signature file and the other scan components are not downloaded onto the users’ computers; they just have to install a small ActiveX control the first time that they use the service. The rest of the process is online and contains information on over two million malicious codes—making it one of the largest malware databases ever created.

Banks and companies will see their expenses notably reduced thanks to this service, as there will be less fraud-related losses to cover. They will also have greater control, as they will know what malware is affecting their clients at all times and how to stop it.

It is, to sum up, a development that will reduce financial losses for banks and will notably increase end-users’ confidence in online transactions.


By Bruno Rodríguez, International Business Development Manager for Panda Security

Antivirus Solution on Steroids?

What would be the “perfect” online antivirus solution?

For starters it would be easily accessible. It would work with existing antivirus and security software. It would work quickly and effectively without interfering with productivity. And it would be user-friendly.

Most importantly, it would detect even the hardest to find hidden malware and have the ability to remove it when found.

Finally, it would issue a full report of its findings, let the user know about potential vulnerabilities, and then disappear from the system without a trace.

Does such an antivirus solution exist? Yes it does. It’s called Malware Radar.

“Malware Radar is unlike anything currently available with respect to antivirus and Internet security solutions,” says Ryan Sherstobitoff, Panda Security’s Internet security expert. “To my knowledge, it is the most effective tool for finding and locating today’s new breed of super-secret, virtually undetectable malware that now infects a large percentage of computers and computer networks around the globe.”

Nothing is ever "perfect" of course, but Malware Radar is surprisingly ideal from a variety of viewpoints.

“This is what anyone who uses Malware Radar can expect: No matter how “protected” your system may be, no matter how much you are spending on your network security, the odds are pretty good that you will find hidden malware on your system using our technology,” says Sherstobitoff. “I realize that it can be shocking and somewhat unreal to find malware on a system – especially if you are a bank or Fortune 500 company – but we continue to find intruders on systems with security measures already in place.”

Sherstobitoff is speaking from experience. This past year he has been crisscrossing the country, demonstrating to various groups that they are not as protected with their antivirus solutions as they thought they were.

The truth of the matter is that the underlying dynamics of Internet security and computer malware has changed dramatically in the past few years. So successful have criminals been at hiding what they are doing, no one, it seems, is sounding the bell to let the general public know what is going on.

“For all intents and purposes, today’s malware is virtually invisible,” he states. “Criminals and hackers have gotten so sophisticated that they have created Internet invaders that can not be detected by traditional antivirus solutions. Today’s malware is able to slip past antivirus software and firewalls, and then reside on computer networks totally undetected. While residing on the system, they are usually stealing the computer network blind of all its confidential and profitable information.”

Panda Security seems to be one of the few antivirus companies that has tried to make the public at large aware of the seriousness of the problem. Because other providers lack the capability of detecting a large percentage of today’s malware, most of the industry isn’t anxious to talk about it. Panda, however, feels that it is very important that the public be informed.

“I think that it is extremely important that the general public find out for themselves that there is a problem with the Internet,” Sherstobitoff says referring to the current vulnerabilities in antivirus and Internet security software. “I don’t want corporations and businesses to take my word for it. I want them to go to the site and find out for themselves if they are infected.”

Assuming one intends to take advantage of this antivirus service, what can one expect to find?

“I think people will find that Malware Radar is a pretty amazing tool,” says Sherstobitoff. “There’s nothing to install. The user has a choice of a quick scan, or a much more thorough and in-depth audit. The size of the network doesn’t matter as Malware Radar is easy to deploy and comes with a distribution tool that the administrator can use to totally control what computers he wants scanned.”

After the audit, Malware Radar provides two full reports (type and quantity of malware detected and its exact location), the vulnerabilities detected, and the status of the current level of protection. One report contains the main results and recommendations; the other is a technical report with full details on each computer scanned.

“It’s important for potential users to know that Malware Radar is not going to conflict with the antivirus or security program that the user may have installed on the system,” explains Sherstobitoff. “Malware Radar is not meant to replace or interfere with any antivirus software program. After the scan is complete, Malware Radar leaves no trace of ever being on the system.”

Sherstobitoff says that Malware Radar is not an antivirus or Internet security program and that it is very important that the user continue to use an antivirus program after the scan is complete. What Malware Radar does do is take a kind of “snapshot” of the current state of any network on which it is used. It will give those who take advantage of it a complete picture as to just how well their system is being protected.

When the scan is complete, the administrator has the option of using Malware Radar’s cleanup tool. This is optional, but most find it extremely useful since the antivirus program in place isn’t seeing the hidden malware and therefore can’t remove it.

“We think it is going to be a real eye-opener when the public use this service," predicts Sherstobitoff. “Companies that have used it have been able to get a true picture of the state of their computer network protection. Although it has at times been shocking to find hidden malware on their systems, it was also a relief for them to be able to remove the danger before too much damage was done. It is our hope that everyone takes advantage of this remarkable service. It really is an antivirus solution on steroids."



By Thomas Hardy Faulkner, Editor, Collective Intelligence

Are Considering IP Telephony? Don’t Overlook Disaster Recovery!!!

Are Considering IP Telephony? Don’t Overlook Disaster Recovery!!!

As you consider which IP telephony system to choose for your organization’s needs, remember that unplanned downtime—whether it results from a sprinkler system that malfunctions in your head office to a Category 6 hurricane that temporarily knocks out an entire region of the country - is all but inevitable. Preparing to recover your voice system from an irritating inconvenience or a full-blown natural or man-made crisis must figure in your consideration of the various IP PBXs on the market. Here are a few considerations to help you build your disaster recovery plan for your IP phone system.

Highly Reliable Architecture. First, you’ll want to choose a voice system with a highly reliable architecture—reliable both from the standpoint of the necessary hardware and that of the operating system and applications running on it, such as auto-attendant and voicemail. System availability, with 99.999% availability widely considered the gold standard, is typically determined by comparing how often system hardware fails to the percentage of time the system is available.

Component Redundancy. Component redundancy will allow failover to another server, room or office in the next state should weather or another incident knock your IP telephony system offline for a while. A backup location in another town with dedicated networking infrastructure is a good place to start plotting out a disaster-recovery plan. Choose your secondary site based on your organization’s size, client base or business coverage area. Look for an IP PBX that supports N+1 redundancy. With N+1 redundancy, you’ll only need one additional system to backup all of the switches at a site. Some IP telephony providers support NxN redundancy, which means that you’ll need to buy a spare switch for each and every switch at a location if you want to be sure that phone service continues during an incident. Remember, NxN redundancy can get expensive fast!!!

Mean Time Between Failure Availability can be measured by calculating the average mean time between system failures (MTBF) of hardware components in the system. Per Wiki ‘Calculations of MTBF assume that a system is "renewed", i.e. fixed, after each failure, and then returned to service immediately after failure. The average time between failing and being returned to service is termed mean down time (MDT) or mean time to repair (MTTR).’

Ability to Work Remotely. If an event precluded workers from working in their usual offices and using their main telephone system, you need to find a system that simplifies the process of working remotely. You have to look for the system that gives users who must suddenly and temporarily work from home or a remote office the ability to go to another telephone on or off the network, log into a voicemail box, and assign internal extensions to external phone numbers that can be a cell phone or land line.

Network Redundancy. Next, think about network redundancy. Keep in mind that due to Quality of Service (QoS) issues, LANs and in particular WANs have lower reliability than do telecommunications systems like the PSTN. As such, you’ll want an IP telephony system that links both to the PSTN and backup WAN connections, which will permit the automatic re-routing of calls should a network become unavailable.

Backup Power. Lastly, you’ll need a plan for power backup to the office. If the organization rolling out IP telephony has redundancy built into its data network, the phones should still work if the power fails at the site. But if IP telephony switches go offline because servers go offline, IP phones will not work. Thus, a backup power source for the network is essential. For organizations with large physical plants, this may be less of an issue. Mid-sized or smaller companies that load up electrical outlets with copiers, printers and other gear must ensure that they have adequate power supplies in place to keep their IP telephony system online in the event of a power failure.

As you consider the move to IP telephony and how your organization would recover from a small power outage or a large-scale natural disaster, keep these considerations in mind. The preparation of a plan that will guide your organization is more than just a theoretical exercise - it’s common sense.