Financial services targeted for data theft
Tuesday, 17 May 2011 12:35pm

The financial services industry is being targeted for data theft, one of the world's foremost experts on hack attacks said today.

Tal Be'ery, web research team leader from US-based data protection firm Imperva, said the cyber criminals were following the money.

"The easiest data to monetise is financial data," he said.

Be'ery said data was the heart of every business and it was imperative for the financial services industry to protect its client information.

Internal threats did not get much publicity, he said, but were extremely prevalent.

"The threat comes from disgruntled employees ... using their position to get data from customers," he said.

A key-logging, form-grabbing Trojan called Zeus was presenting a specific threat to the world's banking and finance industry, he said.

First discovered in 2007, it is still active.

"The malware takes a client's log-in," he said. "You (the financial services provider) won't see anything unusual: it's the same time, the same place as the customer uses. Then it makes a transaction the customer didn't ask for."

"Funds get transferred from the customer's account to the hacker's account. It's a big threat now."

"The industry is trying to combat it but it's hard as you cannot trust the user because of the malware."

Be'ery said the SMS-verification system put in place by Australian banks would help combat Zeus to some extent, but every transaction would have to be SMS approved for the client to remain resilient against Zeus attack.

Imperva, which has its headquarters in California and its research team in Israel, provides data protection solutions for businesses.

"We protect the structural data of the organisation, the unstructured data and the web server," Be'ery said.

Link to something 7TUTFebJ