Last-minute paper: Intrusions and inside jobs: lessons from the banking industry

Michael Kalinichenko SafenSoft

  download slides (PDF)

ATMs across Europe and the US are increasingly compromised by targeted malware that takes advantage of vulnerabilities in Windows XP, the OS that runs half the world's ATMs. Michael Kalinichenko, founder and CEO of Moscow-based SafenSoft, will discuss what he has learned from a year working on dissecting security breaches and malware attacks with Sber Bank, Russia's largest retail bank, and how that knowledge can be applied to improve network security. The presentation will show how the interconnected nature of today's banking IT environment can impact not only the bank's security but that of its customers as Michael tells the story of how SafenSoft originally became involved with Sber Bank and their success in tracking down and identifying the source of internal account manipulation reported by customers.

Michael will discuss how and why traditional anti-malware and whitelisting solutions alone could not have uncovered this crime, and by extension how and why those solutions are ill-matched to the protection of corporate networks in the 21st century. One can't help noting that if we were still using the same cellphone technology we had in 1990, we'd still be carrying bricks with one-hour battery life around, but anti-virus technology has barely changed at all in the past 20 years.

Michael's R&D team worked closely with Sber Bank's technology and security personnel to develop an approach that owes more to the hardcore DRM technology used to prevent game piracy than to traditional security technology and which leverages certain underused Windows functions to provide a level of security that is adaptable enough to be used on unattended devices such as ATMs but robust enough to prevent techniques like skimming and malware like banking trojans from entering the system. They discovered that by establishing and maintaining machines - both unattended and typical network endpoints - in a known-good state, allowing necessary usage and permitting trusted updates without manual intervention, the bank could reduce the size of its dedicated security staff, as well as save a significant amount of money on annual anti-malware update subscriptions. This last point was particularly interesting to Michael, who had spent several years as the CTO of a well-known traditional anti-virus company in Russia before immersing himself in DRM projects and learning that it was not necessary to keep returning to the corporate customer feeding trough to keep revenue streams going.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.