Download: AOS – Banking Security Magazine-Attacks-Protection-Defense

- Attackers aim platforms and services including infrastructure and cloud computing

Seoul, January 3, 2011 – AhnLab Inc. (www.ahnlab.com), a leading provider of integrated security solutions, today announced ‘Top 7 Security Threat Prediction 2011’, outlining the top threats which were predicted by the top researchers at AhnLab. Today’s announcement mainly warns attacks on or using platforms and services such as social network service exploitation, DDoS (Distributed Denial of Service) attacks, threats aiming cloud computing service and infrastructure and growing attack on mobile devices including smartphone.

Social Network Service, being a platform for malware distribution

2010 was the year of social network service for instant communication represented by Twitter and Facebook. However, it also expected to be used as the instant platform for malicious software by cybercriminals in 2011. Malicious URLs that lead users to phishing website will be distributed via shortened URLs, Direct Messages, SNS applications, friend search optimization and chatting services under the disguise of Twitter or Facebook. AhnLab also identified an increase in email campaigns under the name of an SNS service provider, attempting to deliver malicious URLs. Malicious attacks utilizing SNS websites are expected to continue to increase.

Sophisticated DDoS Attack

Ever since DDoS attack hits whole internet system of South Korea in July 2009, AhnLab has identified that DDoS attacks are getting converged and sophisticated more than ever. In 2011, the variants for DDoS attack will be continue to increase, as attackers can capitalize diversified methods like SNS platforms to infect individual PCs by pouring malicious URL and downloaders containing malware. On the other hand, growing social commerce companies can be the new target for DDoS attackers.

Beware of cyber war: attacks on infrastructure

The Stuxnet worm, identified in July 2010, not only exploits zero-day vulnerabilities, but also preys on Siemens SCADA (Supervisory Control Data Acquisition) software which is widely used by many countries to control critical infrastructure. The malware opened new chapter of cyber terrorism. Zeus botnet, targeting online commerce infrastructure including internet banking system, is also expected to grow in 2011.

Increasing threat on smartphone

In August 2010, malicious applications that run on Android OS-based smartphones were reported including Android-Trojan/Ewalls and Android-Trojan/SmsSend, which steals personal information, such as SIM data, geographical location data without consent from the user. In 2011, with the widespread adoption of mobile devices in every class of business, the number of malicious apps that results in unconsenting payment to users or leads them to malicious website will rapidly increase.

Threats that exploit wireless AP vulnerability

As wireless AP(Access Point)s for mobile office and smartphones are widely spearhead, the threats exploiting wireless AP vulnerability will be emerged as serious security threat in 2011. Cybercriminals can easily snatch the data between APs and mobile device by installing illegal AP or exploiting APs without pass code.

Cloud and virtualization can be used for security threat

While offering significant benefits and significant cost-savings, AhnLab predicts that cloud computing and virtualization technology can be used in cyber attacks in 2011. For instance, cybercriminals can build several virtual C&C(Command & Control) servers based on cloud computing technology to manage botnets(infected PCs) more efficiently.

Exploiting zero-day vulnerability will be more general

Although many software dinosaurs including MS and Adobe struggles to minimize the vulnerability from zero-day flaw, such as ‘protection mode’, the zero-day vulnerability still is one of the all-time top security issues. In 2010 alone, numerous attacks using zero-day vulnerabilities in Internet Explorer, Adobe Acrobat Reader and Flash Player were identified, and AhnLab predicts that the feature will continue to grow in 2011.

AhnLab Full Range Solutions

A leader in comprehensive online security, AhnLab offers full range of solutions and professional services that are designed to secure and protect critical information from individual anti-virus solutions, network, mobile and online game security, security management and consulting services for all class of business. AhnLab Online Security (AOS), selected by world’s well known banks, offers integrated protection against Zeus through its innovative AOS security solution comprised of AOS Secure Browser, Anti-Keylogger, Firewall and Anti-Virus/Spyware programs.

• AOS, the online banking security solution of choice for Citicorp Banamex, Banco Santander, CitiBank Korea and others
• AOS provides stalwart protection against hacking threats including Zeus

SEOUL, South Korea–(BUSINESS WIRE)–AhnLab Inc. (CEO Hong-sun Kim, www.ahnlab.com), a leading provider of integrated security solutions, today announced that the Korea operations of Citibank has joined a client roster which includes many of the world’s most famous banks including Citicorp Banamex and Banco Santander. These banks and others turn to AhnLab Online Security (http://aos.ahnlab.com, AOS) for the very best in online banking protection.

To bolster its online banking security, CitiBank Korea (www.citibank.co.kr) has adopted the four key products which comprise AOS: AOS Secure Browser, AOS Anti-Virus/Spyware, AOS Anti-Key Logger, and AOS Firewall. These products act in harmony to block even the most sophisticated intrusion attempts such as web modulation and memory hacking. With AOS defending against cybercriminals, CitiBank Korea is expected to provide highest level of protection for its customers against all kinds of threats such as ZeuS –the most market-threatening malware today- and any other malicious codes. The AOS Secure Browser acts as an impenetrable fortress against dangerous threats, by blocking access to the allocated memory area and running all online transactions in a contained environment.

In 2007, Banamex(www.banamex.com), a leading Mexican bank and CitiGroup subsidiary, also implemented AOS to protect client personal and financial information as online banking began to boom. While the boom led to enhanced consumer convenience, it also opened doors for cybercriminals as evidenced by large-scale phishing attacks against banks. Protected by AOS, Banamex was the only bank to defend against these attacks successfully, drawing worldwide recognition for the bank and AOS.

Banco Santander Hispano Cetral, S.A, with 10,000 branch offices and subsidiaries across Spain, Portugal, Brazil, Mexico, Chile and other countries, is another world-leading bank who has chosen AhnLab for its online banking security needs. As part of a multi-year agreement, Santander has been utilizing AOS at its Mexico branches since 2007.

Different from traditional detection-and-elimination methods utilized by other security products, AOS is a real-time internet banking protection and prevention security solution effective against an array of malicious hacking tools. The impenetrable AOS Secure Browser starts automatically as soon as a user logs on to an online banking site, in conjunction with the Anti-Key Logger, Firewall and Anti-Virus/Spyware programs. This unique approach to internet banking security renders ineffective even the most malicious codes such as Zeus and its variations. More information on AOS can be found at http://aos.ahnlab.com. ]]> http://www.sqnetworks.com/world-famous-banks-choose-ahnlab-aos/feed/ 0 http://www.sqnetworks.com/aos-personal-secure-browser/ http://www.sqnetworks.com/aos-personal-secure-browser/#comments Thu, 14 Oct 2010 13:49:11 +0000 Editor http://sqnetworks.server52.nognietactief.nl/?p=689

Features

• Dedicated browser service that detects and blocks unknown security threats
• Detects hacks that use memory data and code alteration
• Detects analysis attempts that use debugging or reverse engineering
• Detects hacks that use website alteration

Benefits

AhnLab’s AOS Personal Secure Browser is an exclusive security browser geared to help block various hacking tools and secure safer Internet services.

Capable of directly monitoring and blocking even the least known hacking tools, the Secure Browser is a specialized anti-hacking service solution offering not only responses to memory-hacking but also prevention of infiltration in self-protection.

Now, no one, no system is 100 percent hacking-free. Virtually all Internet-based businesses, including online banking services, portals, and shopping malls, have become the targets of hackers. With that, the degree of damage incurred by hacking attacks is only increasing, as reported by a number of personal information leakage, online item and financial property theft, etc.

The majority of the previous and currently-available transaction security products offer their services by coping with the hacking issues at the moment and by complementing and expanding each of the fundamental features available. In contrast, AhnLab’s brainchild AOS Personal is a transaction security program combined with a multitude of security features to help protect the user system against full-blown, head-on, and relentless hacking attacks. AOS Personal’s multifaceted features offer far greater security, thanks to its well-coordinated, organic mutual interactions.

The Secure Brower, in particular, is a pre-emptive security service wherein only pre-authorized features or modules are exposed to operation and access, not one of those clean-up-after-the-mess types of solutions. This unique design helps block access attempts made by unknown hacking tools, and with the built-in self-protection program, competently fulfills its security functions without being compromised by various hacking tool activities.

AOS Personal Secure Browser is an outstanding solution to memory hacking and com interface hooking.

If the user wishes to use exclusive browsers, the program will allow him or her to do just that by activating the browsers; if not, the user may continue to operate using conventional e-transaction methods.

Features

• Signature technology to detect/block Trojans and worms
• Detects/blocks pharming in real-time using host altering
• Monitors of illegal communication in shared folder and network
• Blocks access to IP and port at user and kernel levels
• Diagnoses and repairs viruses, spyware, Trojans, and worms

Benefits

AOS Personal Firewall detects pharming activities on a real-time basis and blocks attempts at gaining unauthorized access to the Internet system and shared folders.

With Internet access and online networking becoming more and more integral in people’s lives, confidential information stored on a personal computer is exposed to a wide variety of hacking activities via the Internet and network-based sharing. Crucial personal information required for online banking and e-commerce activities has become the primary target of hackers in particular.

AOS Personal Firewall is an online PC firewall solution geared to help protect the user against such security threats. Capable of detecting real-time pharming, as well as infiltration and hacking attempts via unauthorized access to the network, the solution offers a pre-emptive measure against the stealing and exploiting of various personal information and passwords, and against threats of damaging data integrity.

AOS Personal Firewall, installed with AhnLab Inc.’s latest TS engine, ensures faster and more reliable response to worms, viruses, and hacking tools compared to existing products, and offers virus and spyware tests and removal features as part of the package.

Features

• Encryption technology-based keylogger detection and notification at the kernel
• and user levels
• Protects of PS/2, USB keyboard input values
• Protects from keyboard polling and port scanning at the hardware level
• Protects all password & text input field input values

Benefits

AOS Personal Anti-Keylogger is a security service geared to help protect the user’s important personal information against hacking tools that steal confidential information entered through the keyboard.

There has been a growing number of personal information and ID theft incidents taking place via Internet banking, online shopping, and other web-based operations. These exposed personal information is circulated online, vulnerable to illegal activities, and the risks of third-party exploitation of such information for secondary crimes are on the rise. It cannot be overemphasized that the damage resulting from personal information theft is no longer a personal issue, but has become a serious social problem. Therefore, the user must use proper security solutions for each and every Internet activity that requires his or her personal information, to be protected against unauthorized access.

Anti-Keylogger is a program designed to protect important personal information (pass words, account numbers, credit card numbers, social security numbers, and other resident ID numbers, etc.) entered through the keyboard, against keylogger programs and hacking tools. The program is an effective and powerful security measure that blocks confidential information leakage at the very basic level.

Benefits

Compliance with FSS’s security guidelines

Completely complies with various security guidelines recommended by FSS* to meet memory hacking, COM Interface hacking, etc.

Personal information and financial asset protection

Protects important personal information and financial asset from threats of hacking and phishing in Internet banking, home trading system of securities company, portal service, etc.

Webpage anti-hacking

Provides capability to prevent BHO attack, webpage attack such as HTML injection, etc.

Memory protection support

Protects the whole memory area for browser process and it’s child processes, etc.

Superior self-protection capability

Provides superior self-protection capability such as anti debugging, anti-reversing, program packing, anti-hacking for execution, etc.

Preventive measures

Completely respond to new hacking issues by allowing operation and access only by authorized functions/modules instead of taking reactive measures like in other security programs.

Simple implementation without changing the existing infrastructure

Integrates SDK with security browser and C/S environment to complete implementation in a short time without change in the existing infrastructure.