Last-minute paper: Intrusions and inside jobs: lessons from the banking industry presented at Virus Bulletin 2010

by Michael Kalinichenko (Safensoft),

Tags: Security

URL : http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute6.xml

Summary : "
ATMs across Europe and the US are increasingly compromised by targeted malware that takes advantage of vulnerabilities in
Windows XP, the OS that runs half the world's ATMs. Michael Kalinichenko, founder and CEO of Moscow-based SafenSoft, will
discuss what he has learned from a year working on dissecting security breaches and malware attacks with Sber Bank,
Russia's largest retail bank, and how that knowledge can be applied to improve network security. The presentation will
show how the interconnected nature of today's banking IT environment can impact not only the bank's security but that of
its customers as Michael tells the story of how SafenSoft originally became involved with Sber Bank and their success in
tracking down and identifying the source of internal account manipulation reported by customers.
Michael will discuss how and why traditional anti-malware and whitelisting solutions alone could not have uncovered this
crime, and by extension how and why those solutions are ill-matched to the protection of corporate networks in the 21st
century. One can't help noting that if we were still using the same cellphone technology we had in 1990, we'd still be
carrying bricks with one-hour battery life around, but anti-virus technology has barely changed at all in the past 20
years. Michael's R&D team worked closely with Sber Bank's technology and security personnel to develop an approach
that owes more to the hardcore DRM technology used to prevent game piracy than to traditional security technology and
which leverages certain underused Windows functions to provide a level of security that is adaptable enough to be used
on unattended devices such as ATMs but robust enough to prevent techniques like skimming and malware like banking trojans
from entering the system. They discovered that by establishing and maintaining machines - both unattended and typical
network endpoints - in a known-good state, allowing necessary usage and permitting trusted updates without manual
intervention, the bank could reduce the size of its dedicated security staff, as well as save a significant amount of
money on annual anti-malware update subscriptions. This last point was particularly interesting to Michael, who had spent
several years as the CTO of a well-known traditional anti-virus company in Russia before immersing himself in DRM projects
and learning that it was not necessary to keep returning to the corporate customer feeding trough to keep revenue streams
going.
"