Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

AusCERT 2011: Mobile banking malware on the rise

Mobile OSes not as safe as they seem
Trusteer chief technology officer, Amit Klein

Trusteer chief technology officer, Amit Klein

Chief technology officer of Trusteer, Amit Klein, has spoken about the trends of mobile malware, citing mobile banking as the next big threat to the industry.

In the keynote session of the second day at the AusCERT conference on the Gold Coast, Klein said the financial and mobile malware began to increase during 2006, and has only become more prevalent in recent years.

“The financial malware for desktop started flourishing mid last decade around 2004 to 2005; we started seeing some earnest attempts at malware,” he said.

“We started seeing third generation malware as early as 2006 but market domination occurred around 2008.”

Klein identified a number of tricks used by those committing attacks on mobile devices, with botnets cited as one element behind attacks.

Check out our comprehensive AusCERT 2011 coverage

“Distributed command and control systems enable survivability and increases resistance to takeover attempts and ensuring there are many hosts out there to control the botnet,” he said.

“The botnet market has evolved from a one-stop shop into segments.”

Identifying a variety of myths associated with mobile banking malware, Klein said complacency by consumers is a dangerous trend that will only become worse once mobile banking increases in popularity.

“Sandboxing provides a malware free device, mobile apps are controlled, and there’s no money to steal in mobile apps are all myths will be proven wrong,” he said.

Citing Zeus attacks as one method that could be used to intercept Blackberry, Symbian and Windows Phone 7 devices, Klein said these attacks have been used to infiltrate banks in countries as varied as Spain, Poland and Germany, saying mobile devices will be even easier to infiltrate.

“Pay attention to how sophisticated and complex this attack is on behalf of the fraudster - what happens if or when mobile banking takes off? Then they will only have the mobile device to take care of.”

Klein's comments come as a US consultant said at AusCERT yesterday that a second Stuxnet worm will soon arrive.

Follow Lisa Banks on Twitter: @CapricaStar

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: CERT, Symbian
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Amit Klein, AusCERT 2011, banking mobile, mobile malware, Trusteer
Latest Blog Posts
Whitepapers
  • Web 2.0 in the Workplace Today
    More than a decade after the term ‘Web 2.0’ was coined, many businesses are still nowhere near to taking full advantage of the collaborative technologies the term refers to. Undoubtedly, confidence is growing in relation to using tools such as Facebook, Skype, Twitter, and indeed many more organisations are using such technology now compared to even just a couple of years ago. But the fact remains that a worrying amount of businesses seem to be operating a ‘lockdown’ approach – an approach that I’m sure many Board-level staff know is simply not good for business in the long-term.
    Learn more »
  • Botnets: The dark side of cloud computing
    Botnets pose a serious threat to your network, your business, your partners and customers. Botnets rival the power of today’s most powerful cloud computing platforms. These “dark” clouds, controlled by cybercriminals, are designed to silently infect your network. Left undetected, botnets borrow your network to serve malicious business interests. This paper details how you can protect against the risk of botnet infection using security gateways that offer comprehensive unified threat management (UTM).
    Learn more »
  • 10 Mobile Security Requirements for the Bring Your Own Device (BYOD) Enterprise
    An enterprise mobility strategy needs to include more than the provisioning and security services available through mobile application and MDM solutions. To meet the mobility and security requirements of mobile users, enterprises need to look at deploying a solution for mobile content management (MCM) that supports BYOD policies. Read this whitepaper to learn: Why provisioning for mobile users has become more complex; Ten requirements to consider when selecting a mobile content security solution.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments