New Net security threat puts banks on the defensive
Banks are increasingly getting vulnerable and exposed to threats such as stealing of user passwords that can be used to extract account information, report Venkatesh Ganesh and MC Vaijayanthi.Updated: Sep 06, 2007, 00:02 IST
While they offer more and more services online, banks are increasingly getting vulnerable and exposed to threats such as stealing of user passwords that can be used to extract account information.
But the state-controlled bank assures that last week's “compromise” did not cause any loss. “There has been no damage,” said Kalyan Sundar, general manager, IT, at Bank of India.
Internet experts say the new security attack uses multiple URLs to hoodwink banks that can block out some URLs.
“In these types of attacks, there is a small downloading program that downloads additional files, which are additional password stealing trojans,” adds Mark Bregman, EVP, chief technology officer, Symantec.
It’s a new vulnerability and could have happened due to non -updating of software security patches,” said Patrik Runald, security specialist, F-Secure.
Users of Axis and Syndicate bank were confronted with a phishing problem recently, when the fraudsters attacked from Malaysia, according to Websense Security Labs.
Users receive a spoofed email message asking them to renew certain services, and claiming that failure to do so will result in the suspension or deletion of the account. However, no bank accounts or customer information was misused.