Microsoft fights cyber crime with pilot project
Microsoft has begun a joint pilot project with the Financial Services Information Sharing and Analysis Centre (FS-Isac) to tackle financially-motivated cyber crime attacks, which are estimated to cost $100 billion a year in the US alone.
Under the free pilot, banks and financial institutions that are members of FS-Isac will be able to use Microsoft’s Cyber Threat Intelligence Program feed to cross-match their own networks against a feed of 67 million unique IP domains. The idea is to help banks and other institutions to see which computers on their network are infected. In return, FS-Isac will provide Microsoft with its cyber threat information from itself and its members.
Microsoft has contributed a team of 90 computer experts, focusing specifically on digital crime and malware. Colin Kerr, director of worldwide banking at Microsoft, said the team was tasked with taking over criminal infrastructures, disrupting them, identifying the victims from IP addresses and notifying them. Microsoft first began working with FS-Isac in 2010, he said, when it was decided that banking Trojans such as Zeus and Citadel were becoming an increasing threat.
“We help our financial institution customers to clean millions of computers, but new malware keeps coming so it’s a constant battle,” said Kerr. “We help governments. We are emptying the cup, but it’s constantly being filled back up again.”
According to Kerr, the kinds of crimes on which the unit focuses are purely those motivated by financial gain, which constitute the majority. State-sponsored or ideological attacks are not part of the pilot. Kerr noted that as banks increasingly seek to become customer-centric and provide a better customer experience to consumers born after 1980 (the so-called millennials), the danger of identity theft and false wire transfers are what “keeps people awake” at night.
Last year 552 million identities were breached, while every call about a compromised credit card costs a bank $4. Incidents of fraud, typically involving stolen bank account details, are thought to be on the rise. In May, a PWC survey in the US found that 75 per cent of businesses surveyed had detected a security breach in the past year, while the average number of security intrusions was 135 per organisation. A separate study by security firm Trustwave the same month found that 96 per cent of applications have one or more serious security vulnerabilities.
“We try to educate customers,” added Richard Boscovich, assistant general counsel, Microsoft digital crimes unit. “When I first joined Microsoft, I was amazed by how much effort goes into those auto-updates for security. If most people used the auto updates, the chance of being infected would be reduced dramatically. There are some serious threats out there, and we are working with governments and trying hard to educate consumers.”