The arrest of 19 people for using the Zeus Trojan shows that criminal groups are failing to cover their tracks.
As reported yesterday, the Metropolitan Police Central e-Crime Unit arrested 19 people this week under suspicion of using the Zeus Trojan to steal at least £6 million in the past three months from online bank accounts.
Mickey Boodaei, CEO of Trusteer, claimed that if cyber criminals fail to cover their tracks it provides an excellent opportunity for the police, banks and their customers to work together.
He said: “The police did a great job in tracking down this group and gathering information that can facilitate their arrest. This is not a simple task and I've heard many people saying that this is almost impossible due to the level of sophistication from criminals and the complication of the justice system. However, this case and a few others that precede it show that this can be achieved.
“By running more operations like this and by the banks and other organisations investing effort in tracing fraudsters and not just blocking their activities, there is a good chance we can lower the volumes of attacks. Customers can take their banks' advice and implement fraud prevention tools that provide valuable capabilities to banks in detecting and blocking these threats. By working together we can definitely stop this threat from growing.”
Mick Scott from Deloitte's security team said: “Fraud is a big problem for banks, and variant types of malware and viruses are continuously being produced. The never-ending challenge for security professionals is trying to mitigate them. As soon as we stop one piece of malware, then someone will write a variant of it.
“Good detection, monitoring and identification of the inappropriate use of systems or unusual behaviour of systems is critical. User awareness remains key to combating social engineering.”
Stephen Howes, CEO of GrIDsure, said that the arrest highlights the ‘confusing and dangerous world that consumers are increasingly facing when it comes to the online world'.
He said: “With the increasing threat from hackers and fraudsters, online banking customers are now all expected to be security experts – having to correctly patch browsers and operating systems, secure themselves from malware, viruses and spam, while at the same time having to jump through all the security hoops that banks put in place just to logon to their account.
“The truth, though, is that consumers aren't all security experts and never will be, and while user education of the risks is always important I believe that banks should finally be looking at putting in place technology and systems that are easy to use and secure enough to make it very difficult for a hacker to steal logon details even if they have infected the users' PC. These solutions are available today and it's no longer good enough for a bank to simply say ‘we'll reimburse our customers if they fall victim to fraud', by then it's too late and the users' trust in that bank may have been significantly marred.”
Carl Leonard, senior manager of Websense Security Labs, said that it is still seeing a huge amount of activity from Trojans such as Zeus, particularly with communities of users actively looking to target corporate business data.
He said: “Cyber crime is now a multi-million pound business which is becoming more sophisticated with each day that passes and businesses cannot afford to be lax in terms of security. They need to have in place an effective and up-to-date IT security protocol which staff follow to the letter.
“Much more crucial to protecting themselves against threats is the deployment of a unified security solution; technology which moves in tandem with the threat landscape. That is crucial, as more of the attacks that take place currently are blended threats – that hit email, web and data channels. Only this type of technology can provide a thorough defence against online threats.”