E-BANKING

Module IV – E-BANKING SECURITY, CONTROLS AND GUIDELINES

Threats to Information System

VIRUS: Vital Information Resources Under Seize

A computer virus is a malicious software program loaded onto a user’s computer without the
user’s knowledge and performs malicious actions. They are often designed to replicate and
spread quickly to other computer users.
A computer virus attaches itself to a program or file enabling it to spread from one computer
to another, leaving infections as it travels. Like a human virus, a computer virus can range in
severity: some may cause mildly annoying effects while others can damage the hardware,
software or files. Almost all viruses are attached to an executable file, which means that the
virus may exist on a computer but it actually cannot infect the computer unless we run or
open the malicious program.
It is important to note that a virus cannot be spread without a human action such as running
an infected program, to keep it going. Because a virus is spread by human action, people will
unknowingly continue the spread a computer virus by sharing infected files or sending emails
with viruses as attachments in the email.

Generally, there are three main classes of viruses:

File infectors
These viruses usually attach themselves to selected program files like .COM or .EXE files. They
are invoked whenever the infected program is run.

Boot-record infectors
A portion of disk is always set by computer operating systems for code to boot the computer.
Boot sector viruses infect these system areas on the disk. They hide on the first sector of a
disk and are loaded into memory before system files are loaded. Once the boot sector of the
hard drive is infected, the virus will attempt to infect the boot sector of every disk that is
inserted into the computer and accessed.

Macro viruses
These are viruses that infect macro utilities in applications like Microsoft Word or Excel.
Macro viruses are application-specific, meaning a Word macro virus cannot infect an Excel
document and vice versa. They are however not specific to operating systems.

Note :
• Viruses have strange and sometimes even fancy names in order to catch the
attention of the user.

Compiled By – Poonam Warnulkar BCOM/ BCA III Semester Page 1

 E-BANKING
NOTE

Which Computer Viruses Caused The Most Damage Around The World?

➢ Melissa.
➢ ILOVEYOU.
➢ Code Red.
➢ Nimda.
➢ SQL Slammer/Sapphire.
➢ Sasser.
➢ MyDoom.
➢ Conficker.

FYI :

Ransomware attack: RBI asks banks to update ATM software systems

17 May 2017: In light of the ransomware attack triggered by WannaCry virus, RBI has
asked banks to update software systems at ATMs with a security patch released by
Microsoft.
To know more visit the link given below:
https://www.livemint.com/Industry/JuLbMd3HeuA3oHNPNsz8vN/Ransomware-
attack-RBI-asks-banks-to-update-ATM-software-sys.html

➢ Ransomware typically logs users out of their own systems and asks them to
pay a ransom if they want to access the encrypted data.

Worms
A computer worm is a standalone malware computer program that replicates itself in order
to spread to other computers. Often, it uses a computer network to spread itself.
Worms often use parts of an operating system that are automatic and invisible to the user. It
is common for worms to be noticed only when their uncontrolled replication consumes
system resources, slowing or halting other tasks.

How computer worms spread?

A computer worm infection spreads without user interaction. All that is necessary is for the
computer worm to become active on an infected system. Before widespread use of networks,
computer worms were spread through infected storage media, such as floppy disks, which,
when mounted on a system, would infect other storage devices connected to the victim
system.

Compiled By – Poonam Warnulkar BCOM/ BCA III Semester Page 2

 E-BANKING
How computer worms work?
Computer worms once active on a newly infected computer, the malware initiates a network
search for new potential victims: systems that respond to requests made by the worm. The
worm is able to continue to propagate within an organization in this way.
Email worms work by creating and sending outbound messages to all the addresses in a user's
contacts list.

Types of computer worms

There are several types of malicious computer worms:
• A bot worm may be used to infect computers and turn them into zombies or bots, with
the intent of using them in coordinated attacks through botnets.
• Instant messaging, or IM worms propagate through instant messaging services and
exploit access to contact lists on victim computers.
• Email worms are usually spread as malicious executable files attached to what appear to
be ordinary email messages.
How to prevent a computer worm
• Keeping up to date with operating systems and all other software patches and updates
will help reduce the risk due to newly discovered vulnerabilities.
• Using firewalls will help reduce access to systems by malicious software.
• Using antivirus software will help prevent malicious software from running.
• Being careful not to click on attachments or links in email or other messaging applications
that may expose systems to malicious software.
• Encrypt files to protect sensitive data stored on computers, servers and mobile devices

Trojan Horse
A Trojan horse, or Trojan, is a type of malicious code or software that looks legitimate but can
take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general
inflict some other harmful action on the data or network. Trojans can be employed by cyber-
thieves and hackers trying to gain access to users' systems. Users are typically tricked by some
form of social engineering into loading and executing Trojans on their systems. Unlike
computer viruses and worms, Trojans are not able to self-replicate.
Once activated, Trojans can enable cyber-criminals to spy on you, steal your sensitive data,
and gain backdoor access to your system. These actions can include: deleting data, blocking
data, modifying data, copying data and disrupting the performance of computers or computer
networks.

Malwares

“Malware” is short for “malicious software” - computer programs designed to damage

computers without the users consent. “Malware” is the general term covering all the
different types of threats to your computer safety such as viruses, spyware, worms, Trojans,
rootkits and so on. Malware is any software intentionally designed to cause damage to a
computer, server, client, or computer network.

Compiled By – Poonam Warnulkar BCOM/ BCA III Semester Page 3

 E-BANKING
The purpose of installing malicious software is to violate the confidentiality, integrity and/or
authenticity of data on that computer system. These are designed to collect card holders’
data and/or dispense cash. Malware or hacking attack can occur both locally or remotely.
These attacks are carried out by well funded criminal organizations.

These are the different types of malware: Virus , Worm, Trojan, Ransomware, Adware,
Spyware.

FYI
Top 10 Most Dangerous Financial Malware
• SpyEye (Zeus family) ...
• Ice IX (Zeus family) ...
• Citadel (Zeus family) ...
• Carberp (Zeus family) ...
• Bugat (Zeus family) ...
• Shylock (Zeus family) ...
• Torpig (Zeus family) ...
• CryptoLocker.

To know more visit the link given below:

https://heimdalsecurity.com/blog/top-financial-malware/

Software Bombs
Logic Bombs and Time Bombs
A logic bomb is a piece of code intentionally inserted into a software system that will set off
a malicious function when specified conditions are met.
For example, a programmer may hide a piece of code that starts deleting files (such as salary
database) , if ever they are terminated from the company.
Logic bombs are often used with viruses, worms, and Trojan horses to time them to do
maximum damage before being noticed.

In computer software, a time bomb is part of a computer program that has been written so
that it will start or stop functioning after a predetermined date or time is reached. It is a piece
of computer code that executes a malicious task, such as clearing a hard drive or deleting
specific files, when it is triggered by a specific event. It is secretly inserted into the code of a
computer's existing software, where it lies dormant until that event occurs.

Phishing
Phishing is the fraudulent attempt to obtain sensitive information such as usernames,
passwords and credit card details by disguising oneself as a trustworthy entity in an electronic
communication. It is a type of online identity theft. It uses email and fraudulent websites that
are designed to steal your personal data or information such as credit card numbers,
passwords, account data, or other information.

Examples: Phishing email / Phishing website

Compiled By – Poonam Warnulkar BCOM/ BCA III Semester Page 4

 E-BANKING
Phishing emails are usually sent in large batches. To save time, Internet criminals use generic
names like "First Generic Bank Customer" so they don't have to type all recipients' names out
and send emails one-by-one.
A phishing attempt usually is in the form of an e-mail that appears to be from customers’
bank. The e-mail usually encourages customer to click a link in it that takes him to a fraudulent
log-in page designed to capture authentication details such as passwords and Login ID.

Spoofing

Spoofing is the act of disguising a communication from an unknown source as being from a
known, trusted source. Spoofing can apply to emails, phone calls, and websites.
Email Spoofing
Email spoofing occurs when an attacker uses an email message to trick a recipient into
thinking it came from a known and/or trusted source. These emails may include links to
malicious websites or attachments infected with malware, or they may use social
engineering to convince the recipient to freely disclose sensitive information.
Sender information is easy to spoof and can be done in one of two ways:
• Mimicking a trusted email address or domain by using alternate letters or numbers to appear
only slightly different than the original.
• Disguising the ‘From’ field to be the exact email address of a known and/or trusted source
Caller ID Spoofing
With caller ID spoofing, attackers can make it appear as if their phone calls are coming from
a specific number—either one that is known and/or trusted to the recipient, or one that
indicates a specific geographic location. Attackers can then use social engineering—often
posing as someone from a bank or customer support—to convince their targets to, over the
phone, provide sensitive information such as passwords, account information, social security
numbers, and more.
Website Spoofing

Compiled By – Poonam Warnulkar BCOM/ BCA III Semester Page 5

 E-BANKING
Website spoofing refers to when a website is designed to mimic an existing site known and/or
trusted by the user. Attackers use these sites to gain login and other personal information
from users.

Spamming
Spamming is the use of messaging systems to send an unsolicited message, especially
advertising, as well as sending messages repeatedly on the same site.
Spam is electronic junk mail or junk newsgroup postings.
Email spam, also referred to as junk email, is unsolicited messages sent in bulk by email.
Effects of spam
• Fills the inbox with number of ridiculous emails.
• Degrades the internet speed to a great extent.
• Steals useful information like details on the contact list.

Skimming
Skim the information off the cards is another method of accessing customer’s private
information. It is a most commonly used method to obtain any consumer’s card information.
Skimmers are electronic devices that are used by the criminals to capture the data stored on
the magnetic strip of the ATM card.
Following are types of card skimming attacks that can occur
External card skimming: Placing a device over the card reader slot to capture consumer data
from the magnetic stripe on the card during a transaction.
Internal Card skimming: Gaining access to the ATM to modify the card reader or replace the
original card reader with an already modified one for the purpose of obtaining consumer card
data during a transaction.

Denial of Service attack:

A denial-of-service (DoS) is any type of attack where the attackers (hackers) attempt to
prevent legitimate users from accessing the service. In a DoS attack, the attacker usually sends
excessive messages asking the network or server to authenticate requests that have invalid
return addresses. The network or server will not be able to find the return address of the
attacker when sending the authentication approval, causing the server to wait before closing
the connection. When the server closes the connection, the attacker sends more
authentication messages with invalid return addresses. Hence, the process of authentication
and server wait will begin again, keeping the network or server busy.
• A denial-of-service attack (DoS attack) is a cyber-attack where the perpetrator (a person
who carries out a harmful, illegal, or immoral act.) seeks to make a machine or network
resource unavailable to its intended users by temporarily or indefinitely disrupting services
of a host connected to the Internet.
• Denial of service is typically accomplished by flooding the targeted machine or resource
with superfluous requests in an attempt to overload systems and prevent some or all
legitimate requests from being fulfilled.

A DoS attack can be done in a several ways:

• Flooding the network to prevent legitimate network traffic.

Compiled By – Poonam Warnulkar BCOM/ BCA III Semester Page 6

 E-BANKING
• Disrupting the connections between two machines, thus preventing access to a
service.
• Preventing a particular individual from accessing a service.
• Disrupting a service to a specific system or individual.

Information System Security measures, Policy, controls

As computers and other digital devices have become essential to business and commerce,
they have also increasingly become a target for attacks. In order for a company or an
individual to use a computing device with confidence, they must first be assured that the
device is not compromised in any way and that all communications will be secure. There are
certain security precautions that individuals can take in order to secure their personal
information.

Information systems security, more commonly referred to as INFOSEC, refers to the

processes and methodologies involved with keeping information confidential, available, and
assuring its integrity. It also refers to: Access controls, which prevent unauthorized personnel
from entering or accessing a system.

Online Banking Security

Due to a strong need for security, online banking has increased security measures to include
an access code, password, and several additional security questions required for access. Users
of these online banking systems setup their account to access bank statements and conduct
other banking activities.

Data and System Security Measures

In order to ensure the confidentiality, integrity and availability of information, organizations

can choose from a variety of tools. Each of these tools can be utilized as part of overall
information security policies:
1. Password Protection: All accounts and resources must be protected by passwords
which should meet the requirements such as should consist of 8 characters with
atleast one upper case character, a digit and a special character and should not be a
common word which can be easily under guess.
2. Software Updates: Systems must be configured to automatically update operating
system software, server applications (webserver, mailserver, database server, etc),
client software (web-browsers, mail-clients, office suites, etc), and malware
protection software (anti-virus, anti-spyware, etc).
3. Firewall: Systems must be protected by a firewall which allows only those incoming
connections necessary to fulfil the business need of that system. Client systems which
have no business need to provide network services must deny all incoming
connections. Systems that provide network services must limit access those services
to the smallest reasonably manageable group of hosts that need to reach them.
4. Malware Protection: Systems running Microsoft or Apple operating systems must
have anti-virus software installed and it must be configured to automatically scan and
update.

Compiled By – Poonam Warnulkar BCOM/ BCA III Semester Page 7

 E-BANKING
5. Authentication and Authorization
a. Remove or disable accounts upon loss of eligibility
b. Separate user and administrator accounts
c. Use unique passwords for administrator accounts
d. Throttle repeated unsuccessful login-attempts
e. Enable session timeout
f. Enforce least privilege
6. Access Control
Once a user has been authenticated, the next step is to ensure that they can only
access the information resources that are appropriate. This is done through the use of
access control. Access control determines which users are authorized to read, modify,
add and/or delete information.
7. Encryption
Encryption is a process of encoding data upon its transmission or storage so that only
authorized individuals can read it. This encoding is accomplished by a computer
program, which encodes the plain text that needs to be transmitted; then the
recipient receives the cipher text and decodes it (decryption).
8. Antivirus
Antivirus is the software that helps to protect the computer from any unauthorized
code or software that creates a threat to the system.
Backups
Another essential tool for information security is a backup plan for the entire
organization. Not only should the data on the corporate servers be backed up, but
individual computers used throughout the organization should also be backed up.

Compiled By – Poonam Warnulkar BCOM/ BCA III Semester Page 8