I know the importance of additional authentication measures, but I'm seeing reports of banking malware that can...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
now bypass two-factor authentication. How does this banking malware work, and what should enterprises do to defend against such threats?
Banking malware Vawtrak has functionality to bypass two-factor authentication included in its code. It doesn't actually exploit a vulnerability in the two-factor authentication mechanism itself, but instead uses social engineering to trick the user into entering the 2FA token code so the malware can capture it and use it on the website attackers are targeting. Vawtrak infects a user's endpoint device and modifies the targeted financial institution's webpage that generates a phony prompt for the 2FA token.
Financial institutions under attack by this type of banking malware could potentially detect the suspicious activity and then block any financial transactions via infected devices. The suspicious activity could be, for example, a user navigating through a bank's webpages faster than an actual person would, indicating that malware on the user's endpoint is performing the actions.
Users can defend against malware that can attack or bypass two-factor authentication systems by preventing it from infecting their endpoints with antimalware protection. Enterprises could require users that perform financial transactions make them from a secure endpoint or secure remote system. Enterprises could also use a network based antimalware device to block the command and control communications for the malware. The 2FA system could also require the user to re-authenticate periodically during a transaction. However, an updated version of the malware could adapt to capture any new tokens or codes generated by the reauthentication system, so financial institutions will need to remain vigilant.
Discover how Vawtrak malware blocks enterprise security software
Find out why the Carbanak banking malware attack caused nearly $1 billion in losses
Dig Deeper on Two-factor and multifactor authentication strategies
Related Q&A from Nick Lewis
An Apache Struts vulnerability is still being exploited, even though it has already been patched. Expert Nick Lewis explains why the Struts platform ...continue reading
A revamped Poison Ivy RAT campaign has been using new evasion and distribution techniques. Expert Nick Lewis explains the new attack methods that ...continue reading
Fileless malware hidden in server memory led to attacks on many companies worldwide. Expert Nick Lewis explains how these attacks fit in with the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.