By Mateusz Chrobok, VP of Innovation, buguroo
When it comes to cybercrime, perhaps no industry is as lucrative as the financial sector, where low-risk, high-reward malware attacks can fundamentally compromise personal data, funds and the customer trust banks work so hard to maintain. To thwart malicious actors from gaining access to their systems, banks’ cybersecurity teams need first to understand what they are up against.
A recent banking malware report has exposed which malware types have been used to exploit new channels and procedures organisations have adopted due to the pandemic. In the financial sector specifically, 2020 has seen the birth of new families of banking malware for Android devices and an overall rise in mobile-focused malware to coincide with the rising adoption of mobile banking. Based on the report, there were three particularly active types of malware detected which will likely keep banks’ cybersecurity teams busy in the months to come.
The evergreen: Ransomware
Ransomware has been steadily on the rise in recent years and is a popular tactic to attack banks through their employees. It is one of the most prolific types of malware designed to extort users by encrypting their files and locking them out of their online systems until a ransom is paid. Clicking on a simple malicious document is often enough to do the damage, as the example of the Chilean bank BancoEstado shows, which had to shut all its branches in an attack last September.
Kaspersky estimates that in the UK alone, between January and September 2020, there were almost 73,000 ransomware attempts – 265 attacks per day – detected and blocked. And while it is estimated that the average cost of remediating a ransomware attack falls between $700,000 and $1,400,000, the damages done to customer relationships outstrip the financial loss.
Banks have huge databases of confidential information, making them key targets in attacks that blackmail victims through their personal data. Ransomware actors are now organising themselves into cybercriminal rings at a level of sophistication and scale never seen before. As they look to make use of evolving malware techniques, these types of attacks will pose an increasing threat to financial organisations.
The prowler: Cerberus
Before the pandemic, not many would have predicted mobile banking adoption to soar to the extent that it did in 2020, but lockdowns have made more people turn to their mobile devices than ever before – much to fraudsters’ delight. The mobile banking Trojan malware ‘Cerberus’ has boomed at an opportune time.
Cerberus is designed to intercept communications and carry out covert surveillance on Android devices. It enables cybercriminals to overlay a fake display on the bank’s webpage or app and monitor as the unsuspecting victim inputs personal information such as online banking credentials. In 2020, Cerberus became even more dangerous to mobile banking users when its developers equipped it with remote access functionality (RAT) and published its source code online.
This development has made Cerberus a more exciting prospect to cybercriminal gangs, who will most likely experiment with developing newer versions capable of bypassing even the more sophisticated security measures such as two-factor authentication – where intercepting text messages containing one-time passwords would lead to more online banking fraud.
The incessant: Anubis
Before Cerberus came along, Anubis Bankbot was the most frequently detected banking trojan in the US, Australia and, to some part, the UK. It’s designed to steal credentials through malicious overlays, but unlike Cerberus, Anubis is an established banking trojan with a number of reliable functionalities that make it a safe choice for cybercriminals.
While Anubis hasn’t changed much in the past year, there is now a new functionality gaining popularity, which banks’ fraud teams should watch out for in the second half of 2021: keylogging on Android devices. This would enable attackers to log all the events that occur in the overlay, including the keys typed in the text fields of banking applications, in order to record credentials.
Step up deterrence to increase the cost of committing fraud
2020 was a year where Android banking malware and desktop ransomware became more sophisticated, and this trend is expected to continue as the costs and risks associated with malware continue to be an easy price to pay for criminals. The key to actively defending against these attacks going forward is not simply detection – it’s deterrence as well.
It is for this reason that technologies that combine advanced malware detection with behavioural biometrics are fast becoming core capabilities in banks’ fight against cybercrime. Automating malware detection and response is just one side of this coin. By applying behavioural biometric analysis, banks’ cybersecurity teams and fraud analysts can attribute fraud to the person or criminal ring behind it, thus increasing the costs of cybercrime. Only by getting one step ahead of cybercriminals and putting their identities on the line can organisations deter future attacks and safeguard customers’ money, data and trust.