Despite the increase in Trojan viruses in Europe, in South Africa phishing attacks are still the major threat to financial institutions and other large corporations operating web-based portals which are accessed by high volumes of clients.
Karel Rode, Principal Consultant of RSA, the Security Division of EMC Southern Africa, says: “We believe that Trojans have yet to take off in South Africa because phishing attacks continue to be successful and are cheap to operate. However, we expect Trojans and other downloadable malware to become a serious threat as distribution methods evolve.”
A Trojan is malware which appears to perform a desirable function for the user prior to run or install, but instead facilitates unauthorised access of the user’s computer system. In essence, it is a harmful piece of software which looks legitimate. Users are typically tricked into loading and executing it on their systems.
Rode explains that Trojans collect user credentials, and use trigger lists (for example, user log-in and bank name). for specific logins and even collects domain logins, ). User log-ins to company domains, VPN gateways, Gmail and Facebook are also useful information for Trojans.
One example is Man-in-the-Browser attacks(MitB), a trojan which infects a web browser and has the ability to modify pages, change transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host application.
Through the Cybercrime Intelligence collected by its RSA FraudAction team, RSA has built up a substantial information base. “This enables us to identify a potential threat and approach the people or companies which have been targeted so that remedial steps can be taken,” Rode says. “Corporations must guard against the loss of internal log-in credentials, as fraudsters are no longer making the big money from banking logins and credit card theft. Corporations across the board need to be aware that these attacks can significantly compromise sensitive information.”
RSA is able to protect its clients using a risk-based engine with a step up authentication method. Called RSA Adaptive Authentication, the solution is customised for each organisation. It constantly evaluates the interaction between users and the organisation’s website, identifying any anomalies which may occur. If the risk score for a user’s device or actions reaches a certain level, the user is challenged for additional authentication details.
“This layered approach protects against multiple threats, including identity take over, account take over and account compromise – within multiple layers and multiple channels,” Rode says.
RSA has the credentials to help organisations protect themselves and their customers against Internet security threats. It was the first company to offer risk-based authentication as well as the first to offer both risk-based authentication and strong two-factor authentication in a Software-as-a-Service (SaaS) deployment (in the cloud).
Other firsts for RSA include its eFraudNetwork, a global shared repository of fraud resources, mutual authentication via site-to-user authentication, a 24×7 Phishing takedown service, and a 3D Secure service protecting millions of cardholders shopping at eCommerce sites.