‘Gozi’ virus part of the ‘new normal’

Oct. 25, 2012 – There has been much chatter in recent weeks about a new iteration of a Trojan horse virus dubbed “Gozi” that is targeting U.S. banks, and one expert says credit unions need to be vigilant to protect their systems and members’ sensitive data.

Gozi is a virus that injects fields into financial institution web pages without the host’s or user’s knowledge. This is how cybercriminals dupe people into providing them with sensitive data such as Social Security numbers, answers to security questions, etc. This type of attack has been around for some time and is only going to become more prevalent, says Greg Ogorek, deputy director of the cyber intelligence division at Cyveillance, a NAFCU Services preferred partner.

The Gozi Trojan is a cousin to the Zeus Trojan that has been around for awhile. “It's all related the way Zeus operated,” he said, “only more sturdy.” He called it the “new normal” in cyber attacks.

Stories about the latest iteration of Gozi – Gozi Prinimalka, to be exact – have centered around an Oct. 4 blog post by online security firm RSA, which said it had found 30 U.S. banks targeted by a group based in Russia working to recruit 100 botmasters in a plan to execute fraudulent wire transfers. This was most recently reported on CUInfoSecurity.com.

Those interviewed, the report said, are urging institutions to strengthen their transaction monitoring, proxy identification and malware detection, ensure end users are conducting ongoing updates to anti-virus software and move to multifactor authentication.

Ogorek adds that credit unions and their network operators should ensure they are keeping their intrusion detection systems up to date. These systems, which monitor activity between the credit union’s internal network and the Internet, can identify unusual activity. But he said any IDS “is only as good as the signatures you feed it.”

Credit unions can get those signatures through open source tools such as Snort or they can make up their own; or they can hire a cybersecurity firm to help.