IronKey Chairman Dave Jevans Presents to Financial and Operations Executives on Crimeware, Today's Most Serious Threat to Online Banking

August 3, 2011

SUNNYVALE, CA -- 08/03/11 -- Online banking is facing an unprecedented crime wave and the battle is being lost not inside the banks' own systems but at the industry's most vulnerable point -- the banking customer's PC. To explain why and what needs to be done, Dave Jevans, chairman of IronKey and the Anti-Phishing Working Group (APWG), is addressing financial and operations executives from leading banks at two events. Today, Jevans will present to a Texas-based user group of Jack Henry clients, the Silverlake User Group. Then, on Wednesday, August 17th, Jevans will be speaking at the Infragard Information Security, Infrastructure Protection, & Law Enforcement Conference at Kennesaw State University near Atlanta.

Jevans will explain the increasing sophistication of financial malware and cyber criminals, as well as how online banking attacks work, why anti-virus software, firewalls and other conventional countermeasures are not stopping them and what needs to be done about it.

"It's important that banks understand how financial malware such as ZeuS, SpyEye, Sunspot, OddJob and others work, and how they can go undetected," said Jevans. "In light of the new FFIEC guidelines for online banking authentication that go into effect in January 2012, banks need to act now to better protect themselves and their clients from these potential threats at the customer's own PC."

Research firm Gartner Inc. is now recommending banks put their first layer of online security at their customers' PCs. One such product is IronKey's Trusted Access for Banking, which provides a secure Web browser protected in a fully virtualized, read-only environment tailored to protect online transactions from known and unknown crimeware. The FFIEC Internet banking guidance calls for multiple layers of security controls to prevent fraud and importantly, the guidance identifies the IronKey Trusted Access design as one of the five relevant and effective controls cited for preventing fraud.

According to Gartner, crimeware designed to takeover online banking accounts and steal money is now the most significant threat concerning U.S. banks.(1) A staggering 25% of computers, according to latest reports from the Anti-Phishing Working Group (APWG), are infected with banking Trojans such as ZeuS and SpyEye and used by criminals to take over online bank accounts and steal millions from businesses and municipalities. In just one recent crime, the FBI is searching for suspects based in China near the Chinese-Russian border believed to have stolen over $20 million from U.S.-based online business bank accounts during March and April 2011.(2)

About IronKey Trusted Access for Banking
IronKey's Trusted Access solves a problem that until now has been out of the bank's control -- the vulnerability of the client's PC to financial malware attacks such as ZeuS and SpyEye. These crimeware toolkits combine keyboard loggers, man-in-the-browser, 'backconnect' Trojans, and DNS tampering attacks that go undetected by up-to-date anti-virus software, firewalls and other software-based security. In a period of 12 months, over 70,000 ZeuS variants were detected in the wild, with many, many more going undetected. Using these tools, criminals defeat sophisticated bank security controls including one-time passcode token authentication and dual user payment authorization. Trusted Access enables banks to protect their business clients, even if the client's own computer is infested with the worst possible malware, by isolating their online access in a safe, bank-managed environment that is independent of the PC. The solution includes the Trusted Access USB security device, which launches a protected, virtualized operating system and Web browser that only works with the IronKey Trusted Network and limits the user's online access to bank-approved sites. Recently IronKey has added a new feature to their Trusted Access for Banking, Trusted Bookmarks. Trusted Bookmarks allows customers to safely access popular websites using a 'white list' managed by their financial institution. With Trusted Access, customers know they are accessing an authentic site and their transactions are not being monitored or tampered with by crimeware.

More information about IronKey's Trusted Access for Banking is available online.

Resources
"Protecting Online Banking Customers from Evolving Cyber Crime Threats" -- webcast explains the latest bank phishing attacks, the ZeuS Trojan and SpyEye, and why anti-virus software, firewalls and other conventional safeguards are not able to stop these attacks.

"Trusted Access Guided Demonstration" -- product demonstration and example attacks.

About IronKey
Ranked as the 14th best venture-funded company in The Wall Street Journal's "Next Big Thing 2011" survey, IronKey secures data and online access for individuals, enterprises, and governments. IronKey solutions protect remote workers from the threats of data loss, compromise of passwords, and computers infected by malicious software and crimeware. IronKey multi-function devices connect to a computer's USB port and are easy to manage with the IronKey management service. This allows users to securely carry sensitive corporate data, strongly authenticate to VPNs and corporate networks and isolate online banking customers from Advanced Persistent Threat attacks. IronKey customers include Fortune 500 companies, healthcare providers, financial institutions and government agencies around the world. Trusted Access for Banking has also won numerous awards such as 'FutureNow 2010 Top 5' from Bank Technology News. Visit www.IronKey.com for more information.

(1) "The Five Layers of Fraud Prevention and Using Them to Beat Malware," Gartner, April 2011
(2) FBI, April 2011 - http://www.ic3.gov/media/2011/ChinaWireTransferFraudAlert.pdf