In a bid to stem the rise of malware-aided fraud, particularly online, Microsoft is lending the Financial Services Information Sharing and Analysis Center (FS-ISAC) a helping hand, the tech giant announced Sept. 29.
Trading in their guns and ski masks for PCs, today's bank robbers are fleecing banks and their customers from behind keyboards, according to Richard Domingues Boscovich, assistant general counsel of Microsoft's Digital Crimes Unit.
"Today's thieves quietly lurk in the shadows of cyber-space where they employ computer code to target banks, businesses and customers to make off with millions of dollars without ever cracking a safe," he said in a Microsoft on the Issues blog post. While the financial industry grapples with this problem, Microsoft has been steadily beefing up its online threat-monitoring capabilities.
The Redmond, Wash.-based software maker has been involved with some recent high-profile botnet takedowns, including Citadel and Caphaw. Last year, Microsoft announced that it had worked with the FBI to disrupt Citadel, a botnet believed to be responsible for at least a half-billion dollars in consumer and business losses.
"I think it will be a very, very aggressive and disruptive action—it's a full takedown," Boscovich told eWEEK's Robert Lemos in the wake of Citadel's collapse. "We'd love to say we get 100 percent, a kill shot like with Rustock, but given the number of bots involved and the complexity and logistics, we think we will be successful if we have a good, disruptive action driving up their cost of doing business."
Now, Microsoft is bringing some of that expertise to the financial industry at large with a new pilot program.
Describing the FS-ISAC "as the global financial industry's go-to resource for cyber- and physical-threat intelligence analysis and sharing," Boscovich said that the program embodies "a new collaboration with the FS-ISAC to share cyber-threat intelligence, free of charge, to better protect our mutual customers and partners." The initiative involves making Microsoft's Cyber Threat Intelligence Program feed freely available to FS-ISAC members.
The feed, distributed by Microsoft's Azure cloud computing service, provides near real-time information on malware infestations affecting more than 67 million IP addresses. Banks and other financial institutions can then leverage that data to detect infection on their networks, stopping potential breaches.
The financial industry—all businesses, in fact—have reason to safeguard personal information.
A new survey from HyTrust highlights the growing frustration felt by consumers following major breaches at Target, Home Depot and other retailers. Nearly half of respondents (45.6 percent) said that at the moment a breach occurs, which can expose sensitive personal and financial information, any companies involved should be considered criminally negligent.
"This collaboration will provide valuable intelligence into the global threat landscape affecting the financial services industry, including distributed denial-of-service attacks and financial botnet attacks," stated Boscovich. "Together, we'll be able to better protect FS-ISAC's members and Microsoft customers from cyber-threats."