by clicking the arrows at the side of the page, or by using the toolbar.
by clicking anywhere on the page.
by dragging the page around when zoomed in.
by clicking anywhere on the page when zoomed in.
web sites or send emails by clicking on hyperlinks.
Email this page to a friend
Search this issue
Index - jump to page or section
Archive - view past issues
Connexus : Issue 37
Action stations Two-factor authentication may no longer be enough to protect against malicious software. By Christine Long Picture this. A credit union member sits down at their computer and does a $2,000 transfer from their online banking account. At least they think they do. Due to a version of Zeus malicious software infecting their computer, cybercriminals are able to change the amount transferred to $5,000. To the mutual, it appears the member has authenticated a $5,000 transfer. To the member, who is looking at a doctored online statement recalculated in real time, it appears they have made their intended $2,000 transfer. The first thing the member is likely to know of the theft is when they run out of money, receive a paper statement or check their balance at an ATM, says Ted Egan, chief executive and cofounder of TrustDefender. These so-called 'man in the browser' attacks are just one reason why mutuals and their members need to be stepping up security measures. There has also been a rise in 'mouse rollover' attacks in the past 12 months, says Rob Forsyth, managing director, Asia Pacific, at Sophos. "Perhaps through a search engine optimisation, you've been led to a page containing malware, and the simple act of rolling a mouse across the page will download software to your system," says Forsyth. When the software picks up that the user is typing a bank's name, it begins recording keystrokes and uses them to harvest the person's online banking username and password. Such developments need to be taken seriously, particularly with the rise in the use of smartphones, iPads and even gaming consoles to access online banking, and the recent targeting of Mac users with fake antivirus software. BREAKNECK SPEED With cybercriminals' innovations occurring at breakneck speed, security TECHNOLOGY 34 Connexus www.abacus.org.au "...a Zeus machine can be... turned into an attack machine to go after somebody they may not like." Joel Hatton, principal info security analyst at AusCERT