Case 2: IBM Zone Trusted Information Channel (ZTIC)
1. What are some common types of malicious software, or malware? What best describes the
“man-in-the-middle” type of attack?
There are many different types of malware in the threat landscape. According to Verizon’s 2016
Data Breach Investigations Report (DBIR), the nine major security incident classification
categories are: web application attacks, point-of-sale intrusions, insider and privilege misuse,
miscellaneous errors, physical theft and loss, crimeware, payment card skimmers, cyberespionage, and denial of service attacks. Although new types of malware are constantly under
development, they will generally fall under a few broad categories:
Viruses & Worms: conficker worm is a form of malware virus, which consists of harmful
programs designed to infect legitimate software programs. Once a person installs and runs the
infected program, the virus activates and spreads itself to other programs installed on the
computer before taking further malicious action like deleting critical files within the operating
system.
Trojans: a common type of malware. While Trojans typically appear to be regular software,
they are often bundled with other software that can introduce backdoors allowing unauthorized
access to your computer. Trojans do not attempt to inject themselves into other files or
applications like computer viruses do; instead, they use tactics such as drive-by downloads or
installing via online games in order to reach their targets.
Shadyware, PUPs, Adware and Keyloggers: these types of malware do not technically fit into
the virus category because they are identified as “potentially undesirable processes” (PUPs), they
may still invade your privacy, contain malicious code, or at the very least become a nuisance.
Adware is a form of financially-supported malware that usually presents itself in the form of
unwanted advertisements displayed to a user
Keyloggers can collects information and transmits it to interested parties.
RAM Scrapers: RAM scraping is an old technique that has been given new life as a tool for
stealing payment information from compromised point-of-sale (POS) systems.
Botnets: Botnets/bots work in a way that is similar to spyware in reporting back. The difference
is that malware that turns a computer into a bot does not usually collect information like spyware
does. Instead, it just sits there waiting until it receives commands from a command-and-control
server controlled by the attacker. Recent attacks against Twitter, Spotify, the NY Times and
other major sites have also been attributed to the same botnet.
Backdoors: Backdoor attacks are accomplished using methods similar to botnet/C2 attacks in
their infection tactics, often using watering hole attacks and other methods to compromise
systems and are used to secure unauthorized remote access to a computer or obtain access to
plaintext in cryptographic systems.
Crimeware: ransomware is a form of malware also known as crimeware. The biggest change to
the malware landscape in the past few years has been the emergence of ransomware and
ransomware-as-a-service (RaaS). Ransomware uses spam, social engineering, drive-by download
and malvertising as infection methods. It basically locks up the files on a computer and holds
them for ransom, usually to be paid by bitcoin.
A man-in-the-middle attack is a type of cyberattack where a malicious actor inserts him/herself
into a conversation between two parties, impersonates both parties and gains access to
information that the two parties were trying to send to each other.
2. Provide some examples of each type of authentication factor. What are your personal
experiences with each?
There are three categories of authentication factors. These are generally broken down as:
Knowledge factors: It is something you know, such as a username and password. This factor is
one of good security. As we could say from our experience, people tend to choose very simple
passwords to remember them. There is why nowadays websites have password requirements like
numbers, letter, symbols and security scale to make them more diversified and secure.
Possession factors: It is something you have, such as a smart card or a security token. From our
experience, each possession item could be lost or stolen. For example if a credit card will get lost
or stolen an owner need to report it to the bank, block it, and wait till new will come.
Inherence factors: An inherence factor is something you are, an inherent biometric
characteristic such as a fingerprint, voice or iris pattern. From our experience they are they the
1
strongest level of security as those characteristics are unique to every person.
3. Can you think of any drawbacks of the ZTIC device?
4. How might malicious attackers try to get around devices like the ZTIC?
5. Do you foresee a future where malware is completely eliminated, or protections are so
good that malware is no longer a threat? Explain your answer.
Reference
Case 2:
Barraco L., (2016) Common Types of Malware, 2016 Update. Retrieved on April 8, 2017
from https://www.alienvault.com/blogs/security-essentials/common-types-of-malware-2016update
N.a. (2016) Man in the Middle (MITM) Attack. Retrieved on April 8, 2017
2
From https://www.veracode.com/security/man-middle-attack
Rouse M., (2016) Authentication factor. Retrieved on April 8, 2017
from http://searchsecurity.techtarget.com/definition/authentication-factor
3
Management Information Systems 14e
KENNETH C. LAUDON AND JANE P. LAUDON
CHAPTER 8
CASE 3
SUMMARY
SECURING INFORMATION SYSTEMS
IBM Zone Trusted Information Channel (ZTIC)
More and more attacks on online banking applications target the user’s home PC,
changing what is displayed to the user while logging and altering key strokes. In order
to foil these threats, the IBM Zurich Research Lab has developed the Zone Trusted
Information Channel (ZTIC), a hardware device that can counter these attacks in an
easy-to-use way. L=3:07.
Systems
URL
CASE
http://www.youtube.com/watch?v=mPZrkeHMDJ8
Online banking is growing in popularity due to its convenience and ease of use. However,
as with any transactions that take place over the Internet, online banking transactions are
vulnerable to multiple types of malicious attacks. Although phishing is still a common
method that hackers use to commit bank fraud, another method that is difficult to combat is
a “man-in-the-middle” attack, referred to in the video as a “man-in-the-browser”’ attack.
Banking transactions are traditionally conducted via two-factor authentication (T-FA). An
authentication factor is a piece of information or process used to verify the identity of
a person (or other entity) requesting access to a restricted asset or area. Authentication
factors are classified into three groups: human factors (biometrics, for example, “something
you are”), personal factors (“something you know”), and technical factors (“something you
have”). Two-factor authentication is a system in which two different factors are used in
conjunction to authenticate. An example of a traditional two-factor authentication method
is the use of a bank card and a PIN number to access a bank account from an ATM.
continued
CHAPTER 8, CASE 3 IBM ZONE TRUSTED INFORMATION CHANNEL (ZTIC)
2
However, if a transaction is initiated on a computer with malware installed, the security of
the transaction is compromised. Not even “padlocked” areas of the Internet that would
otherwise be secure can protect against this.
IBM’s Zone Trusted Information Channel (ZTIC, pronounced similarly to “stick”) protects
against this. The device sets up a secure link between the ZTIC and the bank’s server.
Because there’s a direct connection between the user and the back-end banking server,
and because this session is protected by keys that reside on the device itself (and not on the
user’s hard drive, where malware can find it), the ZTIC guarantees that banking transactions
are secure.
Additionally, the user must press “OK” on their ZTIC to legitimate any banking transaction.
So if a user suddenly sees that their ZTIC is asking them to authorize a very large payment to
an unknown account, he or she can cancel the transaction before it takes place.
According to IBM, “Various alternatives exist for protecting users against state-of-the-art
attacks to online authentication, such as chip card technology or special browser software.
The core difference between the ZTIC and these alternatives is that the ZTIC does not rely
whatsoever on any software running on the PC, such as device drivers or user interface
elements, as these can in principle be subverted, e.g., painted over, by attackers’ malware.”
Hackers and malware are continually developing new tools to commit identity theft and
fraud, so it’s important that new advances like the ZTIC become available to stay one step
ahead.
VIDEO CASE
QUESTIONS
1. What are some common types of malicious software, or malware? What best describes
the “man-in-the-middle” type of attack?
2. Provide some examples of each type of authentication factor. What are your personal
experiences with each?
3. Can you think of any drawbacks of the ZTIC device?
4. How might malicious attackers try to get around devices like the ZTIC?
5. Do you foresee a future where malware is completely eliminated, or protections are so
good that malware is no longer a threat? Explain your answer.
continued
CHAPTER 8, CASE 3 IBM ZONE TRUSTED INFORMATION CHANNEL (ZTIC)
3
COPYRIGHT NOTICE
Copyright © 2014 Kenneth Laudon.
This work is protected by United States copyright laws and is provided solely for the use of instructors
in teaching their courses and assessing student learning. Dissemination or sale of any part of this work
(including on the World Wide Web) will destroy the integrity of the work and is not permitted. The work
and materials from this site should not be made available to students except by instructors using the
accompanying text in their classes. All recipients of this work are expected to abide by these restrictions and
to honor the intended pedagogical purposes and the needs of other instructors who rely on these materials.
Purchase answer to see full
attachment