Month: December 2008

1. ATM Network Fraud According to Paul Kocher, president and chief scientist of Cryptography Research Institute, the number one area that institutions will see fraud growing over the next year is in ATM networks.

2. Check Fraud The area of check fraud is also becoming continuously more sophisticated, and the underlying technological systems haven’t kept pace with the sophistication of the adversaries, says CRI’s Kocher.

3. ‘Laser-Guided’ Precision Strikes The organization and sophistication of criminals is increasing, and so is the sophistication of their attacks.

4. Phishing Attacks To Continue In 2008, the financial services industry has seen an increase in the numbers of phishing attacks that are expected to continue into 2009, including sophisticated spear phishing and Rock Phish attacks.

5. Check Image Fraud Traditionally, after a successful phishing attack, the criminal would extract the needed information and go onto the online account and remove the victim’s bank funds.

6. Zero Day Attacks Another area that financial institutions will need to keep an eagle eye on is the shift in the way financial fraud is happening.

7. Low ‘N Slow Attacks Imagine having the best firewalls, intrusion detection systems and an unbeatable monitoring system installed, says eIQnetwork’s Rothman.

8. Drive-By Attacks Deliver Institutions need to educated and warn customers and employees to beware the online look-alikes and infected websites, says Tom Wills, Javelin Strategy Research’s Senior Analyst for Security & Fraud.

9. Phones Will Be Ringing All institutions need to keep a close ear and eye on their phone channel, says Wills.

10. Insider Threat This is one of the most important issues that financial institutions are going to face in the coming year, says Jody Westby, Adjunct Distinguished Fellow at Carnegie Mellon University’s CyLab and CEO of Global Cyber Risk, a Washington, DC-based cyber intelligence firm.

http://www.bankinfosecurity.com/articles.php?art_id=1098

DNS is critical to the functioning of the Internet, linking IP addresses with domain names. Thanks to security researcher Dan Kaminsky, awareness around the DNS and its shortcomings have been greatly elevated this year.

DNSSEC is a key solution to ensuring that the DNS cache poisoning attack that Kaminksy first warned about cannot occur. “Collaboration of this kind is how DNSSEC was developed in the first place, and it’s how BIND’s DNSSEC feature development was sponsored,” Paul Vixie, a leading authority on DNS and the founder of Internet Systems Consortium (ISC) told InternetNews.com. “Now it’s the thing I suspect a lot of IT managers are waiting for so that they can relax a little bit and see DNSSEC as non-controversial, worthy of investment.” DNSSEC provides a form of signed verification for DNS information, which is intended to assure DNS authenticity.

Vixie’s BIND DNS server has had DNSSEC capabilities since 2004, though global deployment of DNSSEC has been in the single digits due to a number of implementation related challenges.

The new coalition will aim to identify and overcome the challenges and make DNSSEC deployment a global reality. One of the key players in the new DNSSEC coalition is VeriSign, the vendor that controls the Internet’s root domain servers for the .com and .net domains. “We firmly believe that DNSSEC is a technology that requires implementation and it solves a specific problem that nothing else solves,” Pat Kane, vice president of naming services at VeriSign told InternetNews.com. The specific problem in Kane’s view is man in the middle cache poisoning attacks like the one discovered by Kaminsky.

The basic idea behind the attack is that DNS server responses can be tampered with to redirect end users to different sites, so a user could type in “Google.com” and be taken to a phishing site instead. With encryption signed DNS information from DNSSEC, a domain name would be validated to ensure authenticity. Though DNSSEC is something VeriSign is supportive of, Kane cautioned that it is not a solution for everything that ails the Internet.

http://www.internetnews.com/infra/article.php/3789181/Coalition+to+Secure+DNS+Takes+Shape.htm