By Roger Park
For over a decade, financial institutions have been fighting malware that targets online banking. Today these institutions must adapt their security policies to protect online transactions from cybercriminals using more sophisticated banking Trojans.
As the online transaction industry evolves, attackers continue developing techniques to circumvent new security measures --- targeting ways to get to your bank account.
And they’re helping each other to commit fraud.
“A global ecosystem has evolved where attackers trade and sell different Trojans including new tactics to bypass security measurements. Cybercriminals motivated by financial reward are using these advanced Trojans to commit large-scale financial fraud, targeting more than 1400 institutions across the globe,” said Candid Wueest, Principal Threat Researcher, Symantec Security Response, and author of the recently published Symantec Threat Analysis “The State of Financial Trojans.”
Symantec conducted a deep investigation into the current financial Trojans landscape. Analysis examined their effect on the online banking sector, on enterprise and ultimately on consumers.
Key findings from the Symantec Threat Analysis report include:
- 1,467 financial institutions in 86 countries are targeted with financial Trojans.
- The top nine targeted financial institutions were attacked with more than 40 percent of the Trojans.
- The most targeted financial institution is located in the U.S. and was attacked with 95 percent of all analyzed Trojans.
- Stolen bank accounts are sold for 5-10 percent of the balance value on underground cybercrime forums.
The Symantec Threat Analysis also provides a detailed assessment of the prevalence of financial Trojans, targeted institutions and methods used by cybercriminals.
Going Mobile
More consumers now use mobile banking, which has become a common target for attack. The Symantec report examined mobile malware techniques that often hijack all the information needed for a scam – without having to infect the desktop computer.
“We have noticed an increased interest by the attackers for mobile banking. The main reason is, because some banks use text messages for strong authentication (2-factor authentication). This means the attacker need to infect the smartphone as well to retrieve this code in order to clear out the bank accounts,” says Wueest.
As more payment services move to smartphones, we can expect further growth of mobile attacks.
“Especially worrisome is that most smartphones are not protected by security software, although they are as powerful as any laptop 10 years ago,” adds Wueest.
How the Attackers Do It
The underground financial fraud community has become increasingly organized; in fact, some attackers just create tools to facilitate financial fraud for other attackers to use.
Infection strategies mainly comprise of two approaches: broad strokes and focused attacks. Broad stroke attacks try to infect as many users as possible while focused attacks aim for small, well-defined sets of users; for example, customers of a regional bank.
According to the Symantec investigation, the infection vectors used by financially motivated Trojans are usually comprised of four common methods:
- Malicious emails
- Drive-by download sites
- Social engineering
- Supply-chain attacks
Hackers Target Enterprise and Consumers
If you believe that only the banking industry should be concerned about financial Trojans, you may be setting yourself up for disaster.
“Consumers need to be aware that there is malware that targets their online banking accounts. Regardless of the financial institution, even if it is a small regional bank, the chances are very high that some attackers will try to defraud the client. Therefore, it’s important that people protect their computers and smartphones. Also they need to stay vigilant when being online,” advises Wueest.
As for enterprises using online transactions, providing a secure environment where customers can confidently authorize transactions is essential. Compromised customer accounts can damage a company’s brand image and send revenue down.
“Similar to consumers, enterprises need to ensure that their endpoints are protected,” advises Wueest. “This includes smart monitoring and alerting in order to track and detect abnormal behavior. Larger companies with a dedicated finance department need to review their process and check how easy it would be to conduct a fraudulent transaction.”
Protection Tips
Here are some safe protection measures users should adhere to:
- Exercise caution when receiving unsolicited, unexpected, or suspicious emails.
- Keep antivirus software and operating systems up to date.
- Enable advanced account security features, like 2FA, if available.
- Use strong passwords for all your accounts.
- Always log out of your session when finished.
- Enable account login notification if available.
- Monitor your bank statements regularly for suspicious activity.
- Notify your financial institution of any strange behavior while using their service.
Team Up with a Security Technology Partner
Whether you’re large enterprise, small business or individual consumer, you should take a proactive approach in protecting your sensitive information. Teaming up with a security technology partner or using their product or services can provide you the assurance that your data – business or personal – stays safe.
Interested in reading more detailed analysis?
Download the Symantec Threat Analysis “The State of Financial Trojans” for free.
