Financial sector protection systems (BotSense)
BotSense is non-intrusive deployment, a unique threat base, and user comfort.
Challenge
The BotSense system detects malware activity used against e-banking users on desktop and mobile platforms, allowing it to protect its users from attempts to steal funds or sensitive data. Currently, the BotSense system protects about 16 million bank accounts and is deployed in 12 major banks in Poland.
What we did
BotSense has been in development since 2014 and is installed in the client’s infrastructure (“on-premises”) alongside the transaction service’s application servers. The BotSense system generates JavaScript code that detects malware on bank customers’ computers based on a signature database provided by NASK-PIB. The JavaScript code is generated for each web browser request and allows verification of whether malware intrusion has occurred, indicating an attempt to steal data or funds.
In 2022, work was underway at NASK to prepare and implement two new modules of the system:
1. The Remote Checker module, which is used to detect remote desktop software like AnyDesk, Team Viewer during online banking sessions. The module has been implemented in two large banks and a dozen cooperative banks. Testing is currently underway at more institutions.
2. The Password Checker module, which, using behavioral analysis of the way the user enters the password for electronic banking, supports the process of user authentication in banking operations. In this module special attention has been paid to methods of analyzing the so-called masked password – consisting of randomly selected characters of the full password. This module is at the stage of testing and integration with the BotSense system.
In addition to the web version of BotSense, a mobile version is also being developed.
It has been under development since 2018 and is distributed in the form of an SDK library integrated into the client’s mobile app running on Android and iOS operating systems. Currently, BotSense Mobile protects about 9 million users of government and financial institutions’ mobile apps. In 2022, a deployment of BotSense Mobile was carried out and protection of the mObywatel application was launched. NASK performs the product support and update service and participates in the end-user support process for mObywatel.
In 2022, we also began implementing the results of the SKAM project in the BotSense Mobile product. As a result, customers will receive, in addition to signature-based detection of malicious applications, non-signature-based detection based on machine learning methods and tools developed as part of the SKAM project. This will allow detection of new threats and those derived from previously known threats. We hope that thanks to the new protection methods NASK-PIB will have a comprehensive security solution for mobile devices.