my timesThe Korea Times
  1. Lifestyle
  2. People & Events

Grand Prize Upgraded software security to power banks

Listen
  • Published KST
  • Updated KST

By Ku Yae-rin

In recent years, marked improvements have been made to upgrade banks’ online security systems or so the news media seem only too complacent to purport. Banks are hit by cyber-attacks on a daily basis, and are indeed becoming more adept at preventing relatively trifle breaches of security.

No matter, it is still very difficult to

provide an estimation of losses induced by cyber-crime activities against banks.

The majority of financial institutions prefer to keep data related to suffered attacks and compromised websites under radar and safely tucked away from the eyes of the public.

Such phenomenon creates a dominant ambience that online bank accounts are almost bullet-proof, which gulls people into believing the next target of hackers could be anyone but themselves.

The improvement of online banking system has led to increased use by consumers worldwide and the exponential expansion has made this service a privileged target for cyber criminals.

In truth, banks are bombarded by security threats every day, and the number is growing in congruence with the apparent improvements of systems for detecting and dealing with these problems.

Security analysts agree that cyber-crimes will experience sustained growth in the coming years as methods of attack are rapidly growing more sophisticated with the passage of time.

The biggest discrepancy between Korea and other countries that still stands today is the number of cases viable to safe online banking.

In Korea, online banking sites rely on security solutions such as hacking protection programs and one cannot proceed to the next page without going through virtually coerced installment of the program.

However, such requirement has little impact on getting to the bottom of cyber fraud related issues as the entire concurrent security solutions that are viable in Korea are concordant pairs to just Microsoft Windows.

To add insult to injury, it also has incredibly weak resilience due to the blockage of Active X put into motion when other operating systems, for instance, Mac OS X, attempt to access the system, ultimately making it impossible to enter online banking facility.

Partial improvements are in progress, and yet, this is only the tip of the iceberg when confronted with the overwhelming remnants of operating systems (OS) that still need to be connected to hacking protection software.

To put it blatantly, the current technology utilized in Korean banks is mostly antiquated, backward-looking and stiffly by the book, which is generally true for security software.

The infamous “watering hole” attack, orchestrated in a large scale, hit several South Korean banks directly, which resulted in hijacks of data and two-hour system shutdown.

Watering hole attacks are considered an evolution of spear phishing as this computer attack strategy is efficient even with groups that are resistant to spear phishing and other forms of phishing.

The efficiency of the method could be advanced with exploitation of zero-day vulnerabilities in many widely used software programs such as Microsoft Internet Explorer or Adobe Flash Player.

This, again, underscores the necessity to open up options of software and OS that can detect stealthy malware activities besides the aforementioned software.

Furthermore, analyzing the new attacks to the fullest extent to put in a new control to halt them proactively, rather than in reaction, is critical at this point. Behavioral modeling of normal activity will also contribute to exposing anomalies that could indicate an attack.

Financial service professionals consider “Man in the browser” ― the majority of malware activities ― to be the greatest threat to online banking due to its high efficiency.

The malicious code resides in the browser and it has the capacity to tamper with the contents of banking transactions or covertly perform operations without alerting the banks or the victims of the irregularities by way of injection techniques.

Mobile platforms, especially Android, are the technology of the latest trend that provide most banking services due to their high penetration level, while the downside is the lack of awareness in cyber threats, and therefore, a popular target for cyber-crime.

It is only a matter of time before consumers ditch their poor habit of downloading applications indiscriminately from Google Play, and eventually prevent the potential scenario of hacking taking place.

Part of the challenge comes from the need to keep website availability up and conduct complex and secure transactions at the same time.

Banks ought to invest in finding the least defective way to juggle with utility and functionality as well as that type of protection.

Not one technology is perfect and the cost factor is significant if the banks are trying to take this on by themselves. It is like a futile struggle to turn around the Titanic on a dime.

The more cooperation banks have among their clients and institutions, the better off everyone is going to be at the end of the day.