Last month saw two separate instances in the UK of attempted or successful bank theft using Keyboard Video Mouse (KVM) remote-access devices, apparently perpetrated by the same gang. Whether or not they signal the beginning of a trend in financial crime, these incidents ought to provide cause for thought for information security leaders at all of our financial institutions. The use of proactive counter-criminal intelligence gathering, along with sophisticated analysis of that data, have largely curbed the ease with which criminals can siphon money out of bank accounts at long distance.

However, The KVM approach seems to offer criminals a sort of half-way-house between this and the traditional hold-up. It lets them access larger sums of money than might be achievable by robbing a bank in person, but without necessarily needing to lock horns with the highly-trained cyber-spooks. The capabilities of the KVM device allow criminals to see everything that the user of a bank computer does, allowing them to circumvent the electronic security measures that the bank has put in place.

KVM attacks, on the other hand, do require that a foreign device is attached to a bank computer. In one of the recent London incidents, this was done by a criminal posing as an engineer. Retail bank branches are routinely monitored by high-definition CCTV and, while it may be difficult for a human observer to pick up this sort of activity on-screen, appropriately configured automated analysis of video data would very easily detect any object left on or inside a computer. Such software can also be programmed to automatically alert security staff in real time, should it detect anything untoward.

This is similar to the type of technology employed by London Heathrow to detect suspicious behaviour (i.e., a passenger concealing a weapon) within the airport, and the technology is widely used by retailers, for example, to detect shoplifters.  In a retail situation, the technology has the added advantage that the data feed can be used to help optimise customer footfall and product placement within a store. In much the same way as ‘this call will be recorded for security purposes’ allows banks to analyse the quality of their customer interactions, CCTV data can be analysed to make a branch’s layout more effective. When integrated with a branch’s workforce and customer data, this can be a powerful tool for improving the service on offer.

Whether or not we see other copy-cat attacks using KVM devices (the criminal fraternity is not known for its originality) may depend entirely upon whether banks take this threat seriously, and make their CCTV and security systems more effective. Combined with Desktop Process Analytics (DPA) software, which can detect unusual usage patterns such as unauthorised remote logins, video intelligence can offer the opportunity to ensure that KVM attacks do not become a significant or persistent threat to the security of our financial institutions.