By The Numbers: Malware Fraud Heavy, And Rising

Financial institutions are well aware of the heightened threat they face from targeted attacks and malicious software campaigns. A new report from Kaspersky Lab puts that reality into numbers, with second-quarter increases in online banking threats and mobile malware.

Malware attacks, indeed, are on the rise, according to Kaspersky Lab’sQ2 Threat Report. During the period ended June 30, cybercriminals launched some 354.5 million attacks from online resources globally, 1.3 million more than the previous quarter. The company says it detected and neutralized a total of almost 10 million threats, but as reported on Wednesday (Aug. 6), crooks are still succeeding in getting what they want.

A group of Russian thieves reportedly succeeding in committing what is possibly the largest high-tech swindle to date, accessing some 1.2 billion usernames and passwords in addition to more than 500 million email addresses.

Hold Security, a security company that has often identified major breaches, was also at the center of this discovery. “Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” Hold Security CISO Alex Holden told The New York Times. “And most of these sites are still vulnerable.”

Historically, data-theft gangs that collect huge amounts of data (especially payment card data, which apparently was not at issue with this group) either sell the data to other criminal groups, or they use it to commit identity theft and retail payment fraud. This group, however, is apparently using it to send target SPAM.

“They appear to be using the stolen information to send spam on social networks like Twitter at the behest of other groups, collecting fees for their work,” the Times reported.

Main targets

The main targeted attacks during the quarter included the banking-fraud campaign Luuuk, where crooks were able to steal €500,000 (US$668,000) from 190 victims in just one week, according to Kaspersky Lab’s Q2 report.

Luuuk represented the latest Hacking Team Remote Control System software used for pervasive device surveillance, as well as the first in-the-wild mobile-encryptor Pletor that earlier infected 2,000 devices in 13 countries in less than a month, the company said.

Mobile attacks

During the second quarter, Kaspersky Lab found the collection mobile malware increased by more than 65,000 new programs from the previous quarter’s nearly 300,000 total. Cybercriminals have increasingly exploited iOS functions, with anattack on Apple ID completely blocking a device, the company said in itsannouncement of the Q2 Threat Report. The thieves then followed up with demands for a payment to unlock the device. This news exposed the activities of Hacking Team, an Italian company that sells “legal” software called Remote Control System (RCS), Kaspersky said.

In its latest research, Kaspersky Lab found a malware module for iOS that allows an attacker to access data on the device, secretly activate the microphone and take regular camera shots, thus giving the data thief  complete control over the whole environment in and around a victim’s device.

Online banking

During the second quarter, banking malware attacked 927,568 computers, with 2,033 mobile banking Trojans detected, according to Kaspersky Labs. Most attacks were recorded in Brazil, Russia, Italy, Germany and the U.S. Since the beginning of the year, the number of mobile-banking Trojans has increased fourfold, and since July 2013 the figure has increased 14.5 times, the company said.

Nine out of 10 families of popular banking malware work by injecting a random HTML code in the Web page displayed by the browser and intercepting any payment data entered by the user in the original or inserted Web forms, according to Kaspersky.

Commenting on the latest trends, Alexander Gostev, Kaspersky Lab’s chief security expert, noted that criminals are making money from mobile threats using methods that have been effective for PCs.

“The growing interest in ‘big’ money among those carrying out these attacks is obvious – reflected in a sharp rise in the number of banking Trojans over the last year,” he said. “In addition to the financial benefits, the surveillance-technology race is showing no let up. Hacking Team mobile modules showed that a mobile device can be used to gain complete control over the whole environment in and around a victim’s device.”

ATM fraud

Kaspersky Lab’s Q2 report didn’t delve into ATM fraud, but the2014 Trustwave Global Security Report found thieves’ attacks against ATMs that traditionally have involved the use of explosives, fake facades, skimming devices and covert micro-cameras to capture victims’ PINs now increasingly include malware to steal cash, the company said.

Trustwave said it discovered Ploutus malware during several investigations of compromised ATMs within the Latin America/Caribbean region. “This malicious software was installed both by USB or CD/DVD and by taking advantage of non-hardened OS configuration,” its report noted. “This enabled attackers to access a covert control interface on the screen by entering a specific key sequence in the display, which allowed adversaries to withdraw money.”

Acknowledging the rising threat of ATM fraud, ATM manufacturers have gone on the offensive. Diebold and Wincor Nixdorf, traditionally archrivals, recently formed the firstATM Security Industry Association to improve information-sharing across the ATM community. With the ATM market expanding to 3.7 million machines globally by 2018 from 2.6 million currently, the companies said they expect criminal activity to increase as well.

“This represents an important step in the global effort towards ensuring ATMs remain a safe, secure option for consumers to confidently conduct financial transactions,” Adam Mattes, Diebold president and CEO, noted during a Wednesday (Aug. 6) earnings conference call with analysts. “We want to take this opportunity to encourage our colleagues within the ATM industry to join this important effort against global ATM crime.”

Diebold last week introduced ActiveEdge, its first card-readingantiskimming product. It is designed to prevent modern skimming devices from reading a card’s full magnetic stripe by shifting the card’s angle 90 degrees.

“Card skimming is the biggest ATM security risk facing consumers today and (it) costs the industry more than $2 billion annually,” Mattes said. “We believe this innovative approach will be a game-changer in the ongoing fight to protect consumer data.”



New PYMNTS Report: Preventing Financial Crimes Playbook – July 2020 

Call it the great tug-of-war. Fraudsters are teaming up to form elaborate rings that work in sync to launch account takeovers. Chris Tremont, EVP at Radius Bank, tells PYMNTS that financial institutions (FIs) can beat such highly organized fraudsters at their own game. In the July 2020 Preventing Financial Crimes Playbook, Tremont lays out how.

Click to comment