IronKey boosts corporate banking security

Authentication and encryption firm IronKey has launched a new anti-phishing tool designed to help banks protect business customers from increasingly prevalent attacks targeting transactions.

Dave Jevans, IronKey chief executive and chairman of the Anti Phishing Working Group, said that criminals are turning to the corporate banking space because of the rich financial pickings on offer.

Criminals are using malware such as the Zeus Trojan to steal the user credentials of staff in a company responsible for corporate banking, and are waiting till they log on before hijacking the browser session and initiating payments out of the account, Jevans warned.

Organisations could lose as much as US$1.5 million (A$1.66 million) in a single attack, although this amount would become insignificant when compared to a large corporate customer taking its business elsewhere.

IronKey Trusted Access for Banking is a USB device which includes several different layers of security to mitigate most of the vulnerabilities in online banking currently being exploited.

The product acts as an RSA SecureID token for two-factor authentication, and undertakes a malware scan of the user's PC with a view to reporting back to the bank if the systems show any sign of infection.

The device then fires up a virtual machine running a hardened Linux operating system inside which it runs a browser which points directly and solely to the corporate banking web site, explained Jevans.

This set up could help to mitigate the threat of so-called man-in-the-browser, session hijacking and key-logging techniques, said the firm.