Phishing Trojan horse programs are not traditional bots, but sophisticated and original pieces of malicious code. Since iDefense began tracking this technique in May 2006, attackers have quietly seeded dozens of variants into the wild to target at least 30 specific banking institutions. These attackers had intimate knowledge of each targeted bank’s Web infrastructure and built a sophisticated command-and-control system that completely automated the attacks. The authors believe that criminal organizations are using these phishing Trojans to compromise millions of bank accounts across the globe. These Phishing Trojan attacks can defeat sophisticated authentication schemes that security experts previously thought rock solid. This document discusses mitigation techniques that work and fail in light of these new malicious code attacks. The audience will be given an overview on malicious code attacks against the financial infrastructure and an introduction to banking authentication schemes. The document also includes cyber fraud detection and mitigation strategies.
[1]
J. Bigham,et al.
ANOMALY DETECTION IN ELECTRICITY CYBER INFRASTRUCTURES
,
2006
.
[2]
Germano Lambert Torres,et al.
Detecting Attacks in Electric Power System Critical Infrastructure Using Rough Classification Algorithm
,
2007
.
[3]
Enrico Tronci,et al.
Electric Power System Anomaly Detection Using Neural Networks
,
2004,
KES.
[4]
Andrzej Skowron,et al.
Rudiments of rough sets
,
2007,
Inf. Sci..
[5]
John Bigham,et al.
Test data for anomaly detection in the electricity infrastructure
,
2006,
Int. J. Crit. Infrastructures.