All the latest UK technology news, reviews and analysis


Trusteer dismisses HSBC and Natwest bank hacking claims

06 Aug 2013
HSBC

Trusteer has dismissed reports that criminals are exploiting a vulnerability in its Rapport browser-lockdown technology that is used by leading banks such as HSBC and NatWest.

Trusteer chief executive officer Mickey Boodaei told V3 that recent reports of an exploitable vulnerability in its Rapport banking service are inaccurate as it does not work, confirming the company is aware of the issue and has already taken appropriate action.

"There is no malware that incorporates this vulnerability. Moreover, Trusteer has accurate intelligence on the fraudsters who wrote, sold, and published this code, which we shared with law enforcement agencies," he said.

"This is just one out of many attempts to circumvent Rapport, which we fight on an ongoing basis. This time with great success as the group that wrote this code is most likely responsible for various fraudulent activities against UK banks."

Trusteer's Rapport technology is used by numerous financial firms, including NatWest and HSBC in the UK, and is designed to protect the banks' customers against Trojans, like the infamous Zeus. 

The vulnerability was first reported on the Full Disclosure forum and reportedly lets crooks bypass the browser's lockdown security features to sneak a banking Trojan onto the victim's machine.

Reports have since emerged about a number of cybercrime forums, suggesting that criminals are already exploiting the security vulnerability. However, Trusteer said this exploit does not work.

Trusteer chief technology officer Amit Klein added that a patch fix is already available and is being automatically rolled out to all Rapport customers.

"The patch for this vulnerability is available and is being rolled out automatically to the entire Trusteer Rapport customer base. No action is required from Rapport users," he said.

"This vulnerability has no impact on Rapport's ability to block financial malware like Zeus, KINS, Carberp, Gozi, Tilon and Citadel as Rapport uses additional mechanisms, other than the mechanism impacted by this vulnerability, to block these malware strains. Furthermore, there is no financial malware to date that is trying to exploit this vulnerability."

The financial industry is one of cyber criminals' most common targets. Most recently hackers hit the NASDAQ community forum with a password-stealing cyber raid.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Microsoft Azure outage

Is cloud computing reliable enough for business yet?
10%
8%
21%
61%

Popular Threads

Powered by Disqus
Nokia Lumia 2520 has a 10.1in 1080p HD display

Nokia Lumia 2520 video demo

We check out Nokia's Windows 8.1 RT tablet

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Senior Infrastructure Consultant, Derby, 50K + Home Working

A key client is looking for a skilled Microsoft Infrastructure...

Technical Tester

Technical Tester required for a fantastic luxury retail...

Oracle Developer - Forms/Apex

Working for an established MoD subcontractor, this role...

.NET Developer - C#, ASP.NET MVC, SQL, XML, XLST, HTML, CSS, Javascript, EAD, TEI

.NET Developer - C#, ASP.NET MVC, SQL, XML, XLST, HTML...
To send to more than one email address, simply separate each address with a comma.