Tier-3, the behavioural analysis IT security specialist, says that a new Trojan, spotted in various forms by Symantec in recent weeks, now poses a potentially serious threat to most authentication systems being rolled out by banks to protect their electronic customers.
"Most of the banks' two-factor authentication systems centre around the use of a customer-supplied password, plus a unique, one-time code generated by an electronic token such as a SecurID unit or a user's mobile phone," said Geoff Sweeney (pictured), CTO of Tier-3.
"This new Trojan, Silentbanker, allows hackers intermediary access to the information stream from the user, allowing them to create a man- in-the-middle type attack during an e-banking session. This effectively counters the protection afforded users by the two-factor authentication technology," he added.
The good news, says Sweeney, is that provided users keep their IT security software up to date, the software should spot the Trojan as it attempts to infect the users' PC.
"The danger is that hackers will develop several variations on a theme with this and other Trojans, generating the Trojan equivalent of a series of zero-day attacks. At that point, the efficacy of conventional security software starts to wane," he explained.
For more on the Silentbanker Trojan: http://www.financialstandard.com.au/index.php?id=11611
Tier-3, with headquarters in Sydney, is the inventor of Behavioural Anomaly Detection (BAD) technology which is the cornerstone of the HUNTSMAN Threat Management System. HUNTSMAN enables enterprises to scale security management while, at the same time, improving its effectiveness by offering for the first time, insight into enterprise ICT infrastructure and real-time risk-based threat management. Tier-3s significant customer base includes government, financial institutions, major corporations, and organisations in the critical infrastructure and intelligence areas around the world.