The Problem
We often hear from small business owners that the modest size of their companies provides them with “invisibility protection”. Employees believe that their organization and its activities are not interesting to cyberciminals. Unfortunately, this is wrong because small businesses are amongst intruders’ top targets.
There are several reasons for that. Firstly, the illusion of “invisibility” is why employees do not take special care in protecting their workstations. Hackers are well aware of it. They also know that even small companies hold relatively big amounts of money in their bank accounts.
Secondly, in small companies the same computers are often used for working and personal purposes. After all, they are often personal devices. As a result, an attacker gets more opportunities to infect PCs with banking malware.
The banking malware, in turn, is more likely to steal money unnoticed by the reckless user. Performing searches for the cause of the leak from the accounts of the organization are expensive. Cybercriminals are well aware of this, too. That is why the bank accounts of very small companies are their primary targets.
Small businesses have long been accustomed to online banking systems, but their security procedures during payment transactions either lack or need improvement. Banking malware uses this oversight by infecting the victim’s computer. The Trojans employ various techniques of stealing payment information. For example, banking Trojan Zeus has a range of technologies to steal payment data. After infecting a workstation the malicious code nestles into the browser and spoofs web pages of e-banking systems to steal the payment data. By working with mobile, Trojan ZitMo Zeus also steals one-time passwords sent to mobile phones (mTANs).
Another example of malicious codes is the malware Carberp, which is widespread in Russia. Infiltrating the browser, it stores the data of a card (the card number) from the main page of an online banking service and then requests additional information (CVV2, personal data, etc.) from the user.
The Solution
Kaspersky Small Office Security has a set of technologies named Safe Money to provide real time protection of transactions.
Safe Money monitors every user action in an online banking system. The technology enables the browser’s secure mode and does not allow any other applications to interfere, which means that the banking malware cannot spy on the data that the user enters in the browser.
Any malware attempt to intercept the user’s keystroke would fail; all users’ inputs are protected by the secure keyboard mode, which guarantees delivery of user’s keystroke to the browser running under Safe Money.
Safe Money technologies included in KSOS provide protection throughout the life cycle of a payment transaction and eliminate the introduction of malicious code at any stage of the transaction:
1. As soon as a user accesses an online banking system our software immediately scans the operating system for vulnerabilities that are dangerous for e-banking and can be exploited by malware. As a result the risk of malware penetrating the workstation is minimized by notifying the user of the need to update the operating system and applications.
2. Safe Money checks if a web page visited by the user is included in the base of trusted resources, and whether its certificate is in the SSL database. As a result, no forgery of the targeted resource is possible to mislead the user. In other words, any social engineering by hackers is excluded.
3. A new request for the browser is launched under Safe Money’s control and protection at the level of its process. As a result, any malware attempts to gain unauthorized access to the user’s browser are prevented.
4. Our software establishes a secure connection based on a validated certificate that excludes the possibility of tapping the traffic and intercepting payment data over the network.
5. Any details entered by the user during the session under Safe Money are passed to the online banking system under the “protected keyboard” mode. As a result, the possibility of malware keylogging is eliminated.