Reports have surfaced that at least 10 financial institutions have been hit with a new strain of banking Trojan spread by an alleged Russian-speaking cybercrime group codenamed “Silence”. Analysis released today by Kaspersky Lab said the cyber-criminals are using tactics similar to another gang – known as Carbanak – in a sophisticated plot to steal millions in cash. Ryan Wilk, Vice President at NuData Security commented below.
Ryan Wilk, Vice President at NuData Security:
“Techniques such as passive biometrics and behavioural analysis correctly identify a customer without relying on their credentials. These new technologies are based on observed consumer behaviour over the lifecycle of their interactions, and not simply on a password or a security question.
“The Silence group was able to monitor the infected computers and look at the credentials and the information that was being submitted. With a layered authentication, hackers are still able to install the Silence Trojan and monitor computers to steal passwords and credentials but they are not able to use them to finalise a transaction – the hacker can’t replicate the additional layer that verifies the real user’s inherent behaviour. This is why validating the user behind the device through a multi-layer strategy is key to devaluing stolen identity data. Rendering personally identifiable information useless will restore the trust on customers and financial institutions.”
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.