All the latest UK technology news, reviews and analysis
|
|
|
22 Feb 2010
Authentication and encryption firm IronKey has launched a new anti-phishing tool designed to help banks protect business customers from increasingly prevalent attacks targeting transactions.
Dave Jevans, IronKey chief executive and chairman of the Anti Phishing Working Group, said that criminals are turning to the corporate banking space because of the rich financial pickings on offer.
Criminals are using malware such as the Zeus Trojan to steal the user credentials of staff in a company responsible for corporate banking, and are waiting till they log on before hijacking the browser session and initiating payments out of the account, Jevans warned.
Organisations could lose as much as $1.5m (£970,000) in a single attack, although this amount would become insignificant when compared to a large corporate customer taking its business elsewhere.
IronKey Trusted Access for Banking is a USB device which includes several different layers of security to mitigate most of the vulnerabilities in online banking currently being exploited.
The product acts as an RSA SecureID token for two-factor authentication, and undertakes a malware scan of the user's PC with a view to reporting back to the bank if the systems show any sign of infection.
The device then fires up a virtual machine running a hardened Linux operating system inside which it runs a browser which points directly and solely to the corporate banking web site, explained Jevans.
This set up could help to mitigate the threat of so-called man-in-the-browser, session hijacking and key-logging techniques, said the firm.
Latest stories from Security
Related videos
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
TFL director of Games transport Mark Evers discusses how the public transport network is preparing for this summer's event
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
Functional Oracle Support Analyst - EBS Financials, Support...
Oracle E-Business Suite Technical Consultant - EBS...
Oracle Applications DBA - East London - All salaries...
Oracle Functional Consultants - Financial - Project Accounting...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
More secure and free solution from AFRL
The US Air Force Research Lab has offered a similar but free, faster, and more secure solution since 2008. Called Lightweight Portable Security, LPS creates a secure end node for cloud computing temporarily in almost any computer (Mac, Windows, Linux, etc). Nothing to install and using no virtualization, LPS runs a simple, trusted kernel and a modern browser. LPS-Public is only for web browsing, in this case for small biz and personal safer e-banking. The also free LPS-Remote Access is customized to only connect to a specific, existing remote network, for example to a bank's VPN, and supports multi-factor and other authentications. LPS-RA is so secure its the only product approved to access DoD networks from a home/public computer. LPS boots pristine every time, bypasses local malware, and is fundamentally immune to new malware and change -- no scanners dependent upon definitions needed. No service fees. Downloaded at http://spi.dod.mil/lipose.htm
Posted by: sweerek 24 Feb 2010