nextlogic-website-logonextlogic-website-logonextlogic-website-logonextlogic-website-logo
  • HOME
  • ABOUT
    • Portfolio
  • SOLUTIONS
  • MANAGED SERVICES
  • CLIENT STORIES
  • CASE STUDIES
  • NEWS & UPDATES
  • CONTACT

A Closer Look At Banking Malware Attacks

  • Home
  • Security Solutions For Banks
  • A Closer Look At Banking Malware Attacks
SD-WAN For Banks: What’s Really Possible?
March 2, 2022
Published by cloud_xd0r8vy2 on March 2, 2022
Categories
  • Security Solutions For Banks
Tags
  • malware
  • malware attacks
  • malware attacks banks
sd-wan-for-banks

Not surprisingly, the banking industry is one of the top targets of hackers using phishing attacks to breach security. And, while safety protocols are built into both internal and consumer-facing banking websites and apps, it is often the human element that fails to detect the scam, resulting in thefts large and small.

Why Target Banking?

One word: money. Access to a bank account or to the internal network of a financial institution is akin to striking gold. Unlike the “old days,” where breaking into a bank involved digging tunnels and having a highly skilled team that included a safecracker, cyber-thieves can do much more damage remotely with very little skill and much less risk; now there are groups operating in the dark web that create malware or password-cracking apps and share or sell them to others.

Similarly, robbing people of their money used to involve using weapons and/or making threats; now, instead of hearing “this is a stickup,” you are more likely to receive an innocuous-looking email that asks you to “reset your password.”

How Is the Banking Industry Targeted?

What do most  attacks have in common in the banking industry? They all involved standard email communications that upon first glance seemed legitimate. They had official-looking logos and email addresses or were personalized in some way. Yet, a trained employee could have easily spotted these emails as scams or at least questioned their authenticity and brought them to the attention of IT or other security professionals.

Five Weak Links in the Fraud-fighting Chain

Aside from addressing the malware itself, banks should always think more holistically and consider it one key chink in the anti-fraud armor. These five weak links enable malware and fraud among banks today:

  1. Static authentication – Simple username/static passwords are easy to hack. If they are the sole authentication method, they open the door to hackers to use them repeatedly across user applications. Cost effective multi-factor authentication, including biometric options, enables stronger security with a better user experience.
  2. Vulnerable channels – Unencrypted client/server authentication channels allow bad actors to intercept user credentials. Encrypting these communications is vital.
  3. Insufficient protection of the mobile app – Most experts agree that app developers spend disproportionate time on user experience over security. For this reason, app shielding should be used on all banking apps to mitigate sophisticated malware attacks. Banks with the ability to detect, prevent, and report on various attacks can mitigate account takeover fraud and better adapt to emerging fraud methods.
  4. Selective data collection and analysis – Any fraud solution should leverage comprehensive user, device, and transaction data across digital channels to get a clearer view of context, ultimately using it to drive fraud detection accuracy.
  5. Reactive approach to fraud detection – Near real-time and manual fraud review doesn’t cut it in the modern, omnichannel banking world; it allows more fraud to flow through driving greater exposure for banks. Fraud detection platforms should be real time, using traditional rule sets with machine learning to better detect new and existing fraud.

Indications of Compromise

  • Unexpected pop-up windows are often a sign of an infection. Clicking on those pop-ups can install additional malware.
  • Missing files or users noting that files are missing.
  • Hijacked email or other accounts.
  • Anti-virus solutions that stop working.
  • Applications that take a long time to start or won’t start at all.
  • A computer that is actively doing something when no one is using it.

Mitigating Phishing Attacks

Standard countermeasures such as anti-spam filters and anti-malware protections will usually filter out part of these types of scam emails; however, they are not fool-proof, especially against the most targeted attacks such as spear phishing and whaling. Organizations should therefore look to adopt a broader approach, which can include:

  • Educating your team. Organizations should heavily invest on educating their personnel against these types of attacks and how to recognise them. Update your security awareness training content to include the Business Email Compromise Scenario. This should be a part of new hire training, but you should conduct ad-hoc training for this scenario as well. Additionally, employees should only have access to the infrastructure and resources appropriate for their position and level, that way even if they are compromised the attacker will be limited to that part of the company network. Two-factor authentication should also be required as part of the company’s security policy.
     
  • Enhancing company policies around wire transfers. Work with your wire transfer application vendors to build in multiple person authorizations to approve significant wire transfers and prevent successful Business Email Compromise attempts against your organization.
     
  • Turning on all policies and ensuring all features are enabled. It sounds obvious, but this is a surefire way that you’ll get the best protection out of your endpoint solution. Be sure to enable features that detect file-less attack techniques and ransomware behavior.
     
  • Regularly reviewing your exclusions. Exclusions are sometimes leveraged to soften complaints from users who feel your protection solution is slowing down their systems. Malware that manages to make its way into excluded directories will likely succeed because it’s excluded from being checked.
     
  • Enabling multi-factor authentication (MFA) within your security console. MFA provides an additional layer of security after the first factor, which is often a password.
     
  • Ensuring every endpoint is protected and up to date. Checking your devices regularly to know if they’re protected and up to date is a quick way to ensure optimum protection.
     
  • Maintaining good IT hygiene. Not only does this mitigate your cybersecurity risk, but it can save you a lot of time when it comes to remediating potential incidents in the future.
     
  • Hunting for active adversaries on your network. Malicious actors are more cunning than ever. Take advantage of endpoint detection and response (EDR) technologies in your endpoint solution to identify advanced threats and active adversaries, and take swift action to stop threats.
     
  • Closing the gap with human intervention. Hackers typically spend time exploring your network before deploying ransomware. The best way to detect this malicious activity is to combine human expertise with advanced endpoint technology.

Share
0
cloud_xd0r8vy2
cloud_xd0r8vy2

Comments are closed.

Offices

Cebu Head Office

G/F Copenhagen Residences,
A.C. Cortes Ave., Mandaue City
Cebu, Philippines

Cagayan De Oro

3F D15 Southbank Bldg.
Velez St., Cagayan de Oro,
Philippines

All Content Copyright 2020. NextLogic Distribution, Inc. All Rights Reserved.