Advanced Threat Intelligence: The Future of Online Banking Security

January 23, 2013

Author: Evan Thomas, EvanT@gladtech.net

Is it possible to stop online banking fraud before it happens? This may sound like an idea straight out of an early 2000’s science fiction movie, but this is where the latest fraud detection techniques are providing us today. With cyber criminals gaining the ability to ‘hijack’ an existing online banking customer’s session without the user knowing that a crime is currently in progress, these thugs are able to gain access to customer accounts without leaving a trace. How are banking institutions going to combat this growing trend? What are IT security professionals going to do to keep up with the bad guys? This is where the use of advanced threat intelligence techniques has come into play in the ever-changing landscape of online banking security.

So, what is advanced threat intelligence and how can it be used to stop the bad guys from stealing your customer’s money? Advanced threat intelligence is the collection of suspicious activity from online banking customer’s PCs that is indicative of a malware infection. This data is collected by security researchers who are able to now gain access to cybercriminal networks of malware-infected machines (aka Botnets). By having the ability to detect the locations (IP addresses) of these Botnets and machines which are actively communicating with these malicious networks, researchers are able to use that location data to determine which, if any, of their online banking customers have logged in from any of these locations. If this is the case, then there is a strong likelihood that the user’s online banking credentials or workstation itself has been compromised. Using this information gained through threat intelligence, security analysts are able to inform banking institutions of the possible account takeover attack that has occurred silently while the fraudster may still be in the planning phase of their attack execution. This gives firms a leg up in the race to combat banking fraud in the Internet arena.

To give a quick history lesson, behavior-based anomaly detection methods and out-of-band manual verification (phone, email, fax, etc.) have been (and still are) effective ways to detect many types of fraudulent transactions. Behavior-based technologies currently look for user activity that falls outside of a pre-defined pattern exhibited by the user when they are logged into their online banking account. Researchers are moving toward using new forms of threat intelligence to combat fraud before it actually takes place. This new form of data, I believe, will continue to be a very useful tool in the security analyst’s toolbox and help financial institutions be more confident in providing online services to their customers.