Sophos found 16,000 Web pages per day newly infected with keylogging or other malware in August. This means online banking customers remain vulnerable to unauthorized access-the difference now is that online reconnaissance is merely the first step in a multi-channel fraud play. SecurityCurve's Diana Kelley says tracking seemingly innocuous online activities requires analytics that are beyond most institutions' authentication firepower these days.
BTN: Can you walk us through the anatomy of the latest form of cross-channel fraud? Diana Kelley: [In a typical case] getting online and looking at the information in the account is actually a portion of the attack [called] reconnaissance; the attacker is now finding out information that can be used in other channels, in other ways. We looked at a case with one particular financial institution where there appeared to be a standard wire transfer and the request had been faxed in, and it wasn't until they went back in the past [that they] were able to find there was somebody who had been looking at the account to see what was in there and get information. And a lot of what went on during the recon didn't actually appear to be problematic. But if you think about what's in our banking accounts right now, it can actually be a lot of information that can be used in a variety of ways … The whole anatomy includes this reconnaissance portion, which may not be triggering the normal thresholds that you have, such as I'm transferring $10,000.