Carbon Black is Banking’s Best Defense Against Rootkits

Recently, a hacker group called the Shadow Brokers released a list of security exploit staging servers that were hacked by NSA to launch online attacks. According to a Bank Info Security article, the released list contained systems across 49 countries, and included some U.S. domestic banking systems.

According to the article, Shadow Brokers used rootkits, a form of hard to detect malware, to compromise the affected systems. To make things worse, rootkits like these work by hiding their presence by self-destructing upon detection, or by changing its behavioral characteristics on the fly, and can include functional combinations of both aspects. Once a rootkit is in place, a remote user or system can gain and maintain control over the compromised system without the device owner being any the wiser. Not only can a rootkit gather data from an infected device, it can also use infected devices to install more malicious software and engage in a coordinated attack against anything connected in the IoT.

Sounding the Rootkit Alarm In Banking

The threat of rootkits in banking is not a new development, but it is an increasingly threatening banking systems on a widespread scale. Zeus, a banking Trojan that was discovered in July 2007, is the first known attempt to compromise banking information and caused much concern throughout the industry when it became known. Although modern security software by and large prevents the Trojan from doing damage, banks are not out of the woods yet.

Sometime in 2013, Zeus was converted into a rootkit exploit kit and sold by cybercriminals. The bot kit’s eases of purchase and installation is troubling, especially considering that anyone—regardless of IT competence—can use it to gather banking information. This latest version of Zeus is a killer when it comes to banking information. A few of Zeus’ most formidable features include:

  • Ability to add other malware and rootkits threats onto a compromised host
  • Innate ability to hide and protect itself from a host and any security protections on the host
  • Encrypted communications between the host and the cybercriminals to hide what is happening under the hood from security software and analysts
  • Disabling of security functions on a compromised host, including the disabling of the UAC or replacing internet browser security add-ins with its own add-in

And, now that it is being updated on a regular basis and being sold for profit, the danger level behind the Zeus bot is rapidly rising. Banks have no choice but to sit up and take notice.

The Carbon Black Remedy

As next-gen security attacks like the Zeus bot continue to grow more advanced and more easily accessible, it is imperative that banks formulate an appropriate security posture against these attack modalities. And while there are many great security products on the market, my go-to choice has become Carbon Black, which is the emerging leader in the next-gen endpoint security (NGES) space. This is more than just talk; in February 2016, Enterprise Management Associates (EMA) named Carbon Black as the industry leader in this category when it released its security forecast for 2016-2020.

Trust in the Carbon Black product is especially strong when it comes to identifying and preventing the latest and greatest in sophisticated malware and rootkit attacks. Carbon Black protects your bank’s endpoints by focusing in on the standard practices of black hats. These steps include:

  • Real-time monitoring of endpoints while recording all activity for the purpose of real-time playback to fully understand how and when an attack is unfolding
  • Advanced heuristic scanning that detects malicious actions via detected data patterns, known attack patterns, and referencing these across multiple security intelligence sources
  • Identifying and generating alerts during the earliest stages of an attempted attack by cutting off hacker recon and malicious software delivery attempts

While these are just a small sample of what Carbon Black does to prevent rootkit and other malicious software from exploiting systems, it is pretty obvious that Carbon Black isn’t cut from the anti-virus mold of old. Next-gen attack modes will require next-gen security software to combat them, and waiting to update your bank’s network is no longer an option.

Reserve Your Solution

It will be important for US banks to use an advanced security tool like Carbon Black to detect malicious rootkits and obtain cold forensics information in order to prevent losing forensic data, but also to prevent self-aware rootkit attacks from expanding. Champion partners with Carbon Black to bring a highly sophisticated security solution to your bank’s doorstep.


Multi-Factor Authentication Can Protect Your Customers - and Your Financial Services Firm


Close IoT Security Gaps with Windows 10’s UEFI