PAPERS
THE SECOND INTERNATIONAL CONFERENCE ON FORENSIC COMPUTER SCIENCE - ICoFCS 2007
Online ISBN: 978-85-65069-01-4, Print ISSN: 1980-1114, pp 7-17
DOI: 10.5769/C2007001 or http://dx.doi.org/10.5769/C2007001
Cyber Fraud Trends and Mitigation
By Richard Howard, Ralph Thomas, Jeff Burstein, and Roxanna Bradescu
To dowload this paper, click here.
Online ISBN: 978-85-65069-01-4, Print ISSN: 1980-1114, pp 7-17
DOI: 10.5769/C2007001 or http://dx.doi.org/10.5769/C2007001
Cyber Fraud Trends and Mitigation
By Richard Howard, Ralph Thomas, Jeff Burstein, and Roxanna Bradescu
To dowload this paper, click here.
ABSTRACT
Phishing Trojan horse programs are not traditional bots, but sophisticated and original pieces of malicious code. Since iDefense began tracking this technique in May 2006, attackers have quietly seeded dozens of variants into the wild to target at least 30 specific banking institutions. These attackers had intimate knowledge of each targeted bank’s Web infrastructure and built a sophisticated command-and-control system that completely automated the attacks. The authors believe that criminal organizations are using these phishing Trojans to compromise millions of bank accounts across the globe. These Phishing Trojan attacks can defeat sophisticated authentication schemes that security experts previously thought rock solid. This document discusses mitigation techniques that work and fail in light of these new malicious code attacks. The audience will be given an overview on malicious code attacks against the financial infrastructure and an introduction to banking authentication schemes. The document also includes cyber fraud detection and mitigation strategies.
KEYWORDS
Authentication, Online Fraud, Information Security, Malicious Code, Phishing.
Phishing Trojan horse programs are not traditional bots, but sophisticated and original pieces of malicious code. Since iDefense began tracking this technique in May 2006, attackers have quietly seeded dozens of variants into the wild to target at least 30 specific banking institutions. These attackers had intimate knowledge of each targeted bank’s Web infrastructure and built a sophisticated command-and-control system that completely automated the attacks. The authors believe that criminal organizations are using these phishing Trojans to compromise millions of bank accounts across the globe. These Phishing Trojan attacks can defeat sophisticated authentication schemes that security experts previously thought rock solid. This document discusses mitigation techniques that work and fail in light of these new malicious code attacks. The audience will be given an overview on malicious code attacks against the financial infrastructure and an introduction to banking authentication schemes. The document also includes cyber fraud detection and mitigation strategies.
KEYWORDS
Authentication, Online Fraud, Information Security, Malicious Code, Phishing.
To return to the "Published Papers" main page, click here.