The Online Crook's Worst Nightmare

by CXOtoday Staff    Mar 05, 2009

The online channel has never experienced such a sophisticated and globally-integrated technological crime network as the one it faces today. Phishing and pharming attacks represent one of the most sophisticated, organized and innovative technological crime waves faced by online businesses. Fraudsters have new tools at their disposal and are able to adapt more rapidly than ever.

While financial institutions have traditionally been the primary focus, fraudsters are now waging attacks in other industries such as government, healthcare, retail, insurance, and education - just to name a few.In a nutshell, online fraud is evolving. To detect and counter such online threats RSA, a premier provider of security solutions for businesses, has an Anti-Fraud Command Center (AFCC). It is a 24×7 ‘war room’ that is designed to detect, monitor, track and shut down phishing, pharming and Trojan attacks against more than 300 institutions worldwide.

The AFCC is run by an experienced team of fraud analysts, many who have years of experience in military intelligence. They work 24×7, tracking and shutting down fraudulent sites, deploy countermeasures and conduct extensive forensic work to catch fraudsters and prevent future attacks. The AFCC has established direct, open channels with dozens of ISPs around the world. It also provides multi-lingual translation support in nearly 200 languages to further enhance its ability to locate and shut down fraudulent sites.

Till date AFCC has shut down over 120,000 phishing attacks in over 140 countries and is a key industry source for information on phishing and emerging online threats. In conjunction with the AFCC, RSA offers security solutions for businesses to counter online threats.

Some of the prominent solutions are:

* RSA FraudAction Anti-Trojan Service
* RSA FraudAction Anti-phishing Service

RSA FraudAction Anti-Trojan Service

Trojans have accounted for nearly half of all new malware variants detected. With the rise of advanced threats resulting from Trojans — specifically ‘crimeware’ — organizations continue to confront the challenge of protecting its users’ sensitive personal data. Financial Trojans, for example, can silently infect online PCs and steal valuable data or hijack a user’s secure session and carry out fraudulent activity after the user has logged off.  

The RSA FraudAction Anti-Trojan Service is a proactive, comprehensive approach towards helping organizations fight back against the threat of crimeware and Trojans. It does this by mitigating threats at the source. The Anti-Trojan service addresses two types of financial Trojans:
Identity theft: Crimeware designed to steal credentials such as usernames or passwords that can be used to commit fraud at a later date.
Funds transfer: Crimeware designed to automatically transfer funds through a user’s browser session after successful login. 

FraudAction Anti-Trojan helps organizations to:
* Identify what crimeware is targeting their users
* Analyze how the associated crimeware operates
* Block access to known infection points on the Web to minimize the impact on their online users
* Shut down infection points and ‘drop zones’ that collect stolen credentials

How does it work?

Through the AFCC and an extensive global partner network, RSA delivers a layered approach to identifying, analyzing, blocking, and shutting down crimeware attacks.

Identification and Analysis

By combining the data identified by AFCC and RSA’s partner network of anti-virus providers, the security division of EMC is able to identify what crimeware is targeting an organization. It is able to then carry out a comprehensive analysis of how the crimeware operates. By understanding the crimeware’s modus operandi — how it is controlled (via command-and-control), where stolen credentials are dropped — proactive steps can be taken to mitigate the threat.

Blocking and Shutdown

A site can be identified and confirmed to be distributing crimeware the AFCC through its established partnerships with nearly 4,000 ISPs, registrars, browser developers, and enterprise gateway partners around the globe that work on a 24×7 basis. The site will be blocked and shut down. This includes infection points and drop sites where stolen credentials are sent. Since the AFCC provides multi-lingual translation support in over 150 languages to further enhance its ability to quickly shut down known infection points and drop sites.

RSA FraudAction Anti-phishing Service

Phishing still remains a growing threat to organizations across the globe. Not only have the number of attacks continued to increase the sophistication level of fraudsters has also grown. By providing comprehensive, global coverage to our customers, RSA employs a number of measures to ensure end-to-end protection against the threat of phishing including:

* Monitoring and detection
* Real-time alerts and reporting
* FraudAction blocking network
* Site shut-down
* Forensics and credentials recovery
* Countermeasures - baits

Monitoring and detection

Using a wide array of tools, including Web logs and abuse-box monitoring in tandem with deep global partnerships, RSA scans over 3 billion e-mails per day. It also scans domain names and fraudster chat rooms. According to RSA, active scanning can lead to early detection of attacks thus preventing fraud attempts from occurring.

Real-time alerts and reporting

When a potential attack is identified the Anti-Fraud Command Center performs an evaluation of the attack using pre-defined statistics, models and utilities. Once the threat is confirmed to be legitimate, customers are immediately notified. FraudAction also provides a user-friendly dashboard tool that is updated in real-time with the latest threat information and is available for customers to access on a 24×7 basis.

Exclusive site blocking network

RSA’s extensive blocking network includes some of the world’s leading browser developers and ISPs such as Microsoft, AOL, Netscape, EarthLink, Google Chrome, Mozilla Firefox and Safari. In conjunction with its strategic partners, RSA ensures that tens of millions of online users are prevented from accessing confirmed phishing sites, even if they click on a link within a phishing e-mail.

Site shut-down

The AFCC leverages its strong relationships with over 8,000 ISPs and Web hosting service partners and its multi-lingual capabilities to enable quick shut down of fraudulent sites on a global scale.

Related links:

RBI Moves to Check Online Frauds
Secure Your Online Transactions
What Lies Ahead: 2009 & the Security Scenario
FutureBazaar Bucks Up to Fight Online Fraud