Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Cyberthreats Targeting Financial Services, According to Fortinet Threat Report for Q2 of 2019

By Anthony Giandomenico, Senior Security Strategist and Researcher, FortiGuard Labs

Every quarter, Fortinet’s Threat Landscape Report highlights threats targeting various industries, including the financial services sector. In Q2 of 2019, threat activity across the internet hit its highest point ever, and those new trends and developments revealed increased cybercriminal intent to exploit the financial industry. Organizations are encouraged to explore this threat intelligence report to stay in the know and better protect their institutions from current as well as future risk.

Threat Actors Employ Evasive Anti-Analysis Techniques

Many of today’s more nefarious malware tools use anti-analysis techniques: features for evading antivirus, sandbox and other threat-detection measures to slip past their target organizations’ defenses. While these techniques are not new, their popularity appears to be growing.

For example, a new variant of the Dridex banking Trojan was discovered in June 2019. This malware was able to successfully evade several traditional antivirus tools by leveraging 64-bit DLLs disguised using the file names of legitimate Windows functions. Each time a victim logged in, the file names and associated hashes were changed, complicating signature-based detection on infected host systems even further.

In addition to evasive Trojans, a number of downloaders with built-in, sophisticated evasion techniques were also spotted last quarter. One example, AndroMut, was used by the Russian-speaking TA505 group in a campaign that targeted employees working at financial organizations in the U.S. and elsewhere. This downloader’s anti-analysis features consisted of sandboxing and emulator verification, checks for mouse movement, and debuggers.

Similarly, two other downloaders – Brushaloader and a new version of JasperLoader – were reported to have employed advanced evasion techniques like location verification, as well as sleep timers for delayed malware execution.

The growing use of anti-analysis and expansive evasion tactics presents a challenge to financial organizations and highlights the need for layered defenses. These defenses must span beyond traditional threat detection and include more than just signature and behavior-based techniques.

Cyber Criminal Organizations Are Also Targeting Online Transactions

Many major events in Q2 highlighted the growing number of attacks focused on trusted third parties.

Magecart, an umbrella term for multiple cybercriminal organizations that have been using card-skimming software to exfiltrate data from ecommerce websites. These groups insert JavaScript skimmers into third-party components that websites rely on for critical business functions, such as content management and payment services. These skimmers then capture payment data from behind the scenes.

In May, more than 185,000 payment cards were stolen from various ecommerce sites using JS/Cryxos.PWS!tr, a lightweight JavaScript skimmer. At the beginning of Q2, this variant showed steady activity, followed by a large spike in June. Most victims of this exploit were in the U.S. However, other pockets of victims were observed in Australia, Britain, France and Italy.

Threat intelligence plays a critical role in helping financial institution stay ahead of the latest threat trends and challenges. Government mandates like GDPR make organizations using third-party services primarily responsible for protecting customer data, and failure to protect critical payment data can result in serious consequences and fines. Threat intelligence plays an essential role in providing critical insights and providing guidance on how and where to implement third-party risk management.

Final Thoughts

Cyber criminals are constantly evolving their attack strategies and techniques to increase their accuracy, evade detection and achieve their malicious goals. Financial institutions must continually leverage threat intelligence, like that provided by Fortinet’s Quarterly Threat Landscape Report – in conjunction with advanced security tools – to identify looming threats and thwart the impact of advancing cyberattacks.