In response to reports about Operation High Roller, the latest online banking scam, the European Network and Information Security Agency (ENISA) is warning that online banking systems “dangerously rely on PCs being secure.”
Operation High Roller, uncovered by McAfee and Guardian Analytics, added some new twists to the existing banking fraud malware, such as Zeus, SpyEye, and Ice 9. The new malware is highly automated, sophisticated, and targeted against wealthy customers, ENISA warned in a release.
The old adage that “criminals go where the money is” today means that “bank robbers go online”, quipped Udo Helmbrecht, the executive director of ENISA.
According to ENISA statistics, only 40% of Zeus infections of PCs are detected. Therefore, the agency recommended that banks presume that all PCs are infected and take protection measures to deal with that situation.
The agency also recommended that banks crosscheck transactions with the online customer using a trusted channel on a trusted device and cooperate with other banks and governments to take down global command centers of organized crime groups.
“Looking forward, browser security and smartphone security will play an increasingly important role as more and more transactions are being carried out on smartphones or tablets. The rapid adoption of smartphones offers an important opportunity to improve end-point security (for example, by using vetted app stores or by using smartphones as second factors) but we should not take smartphone security for granted”, ENISA noted.