Sentor
Home Managed Security Services Professional Services News About Sentor Contact us
Sentor MSS UK
41a Coronet Street
London N1 6HD

Phone: +44 (0) 20 70 33 18 38
E-mail: info@sentormss.com


Page in Swedish In Swedish

Gartner picks up on strong two-factor authentication circumventing

2009-12-14

Fraudsters are using Trojan-based, man-in-the-browser attacks to get around strong two-factor authentication by using one-time password (OTP) tokens, it has been claimed.

According to Gartner, similar methods can be used to circumvent other strong authentication factors, such as those using chip cards and biometric technology that are reliant on browser communications.

"These attacks have been successfully and repeatedly executed against many banks and their customers across the globe in 2009," commented Avivah Litan, vice-president and distinguished analyst at Gartner.

She explained that this form of attack will move to other industries than the financial one and other applications that have sensitive and valuable data.

Despite the problems, there are ways to prevent such attacks, which could in turn save a business from significant issues in the future.

"A layered fraud prevention approach that includes server-based fraud detection and out-of-band transaction verification that precludes call forwarding to illegitimate user phone numbers has been proven to mitigate these threats," Ms Litan explained.

She claimed that either "automated fraud detection or manual review of high-risk transactions" have been used by Gartner clients as successful ways to fend off these kinds of attack.

Ms Litan advised using a variety of methods to get the best possible fraud prevention results. This could include fraud detection which monitors user access behaviour or that watches over suspect transaction values.

Another one of her suggestions was out-of-band user transaction verification. This makes use of a different communication channel to confirm a transaction request, she explained, adding that businesses need to protect their users and accounts by making use of these three measures.

Websense Security Labs recently made some predictions, suggesting that there will be more attacks on smartphone, Mac and Microsoft 7 platforms over the next 12 months. There will also be a shift in the way that botnets operate as well as new sophistication in email and blended attacks, according to the organisation.

Read more security news.

IT Security News
© Sentor 2010