Banks and financial services organizations were the targets of 25.7 percent of all malware attacks last year, more than any other industry, IntSigths revealed in their latest report.
- Trojans (banking, info-stealing, downloaders)
- ATM malware (since the start of 2018, more than 20 ATM malware families have hit banks around the globe)
- Ransomware (Mexican financial institutions were particularly targeted)
- Mobile banking malware – both fake banking apps and banking Trojans. (According to the company, fake mobile banking apps that mimic major blue-chip banking apps have proven to be remarkably successful endeavors for hackers.)
Types of attacks employed
Aside from being targeted with malware, financial institutions were also hit with DDoS attacks.
Phishing – made easier by phishing kits offered for sale on dark web markets – continues to be one of the most common methods cybercriminals use to target financial organizations and their customers.
A relatively new and rarely used attack vector has been flagged in February 2019, when UK-based Metro Bank became the first publicly reported victim of SMS verification code interception. Cybercriminals exploited flaws in the SS7 telecommunication protocol to intercept messages that authorize payments from accounts and emptied a small number of customers’ bank accounts.
“This was not the first instance of an SS7 exploitation. However, Metro Bank was the first bank to be publicly identified as a victim of this kind of attack,” Hadar Rosenberg, white hat hacker and a Threat Intelligence Research Analyst at IntSights, pointed out.
Finally, according to IntSights research, there has been a marked targeting of banks and financial institutions in developing regions of the world, mainly Latin America, Africa, and South Asia (primarily India and Pakistan). SWIFT ISAC also reported that cyberattacks involving the SWIFT system are mostly directed at institutions in those parts of the world.
It’s not difficult to see why: financial organizations in those countries lack the comprehensive security systems that are common in more developed areas.
A spike in data leaks
The leak of Collection #1 and Collection #2-5 resulted in a big spike in leaked credentials during Q1 2019. The amount of leaked credit card data has also skyrocketed in the same period.
“Cybercriminals use these compromised credit card numbers to primarily make small purchases, as this practice does not often attract unwanted attention. However, these small purchases can generate nearly ten times more “free money” than what the card is worth on the black market,” Rosenberg explained.
“Since credit card companies will typically reimburse customers who have been victimized by fraudulent credit card usage, cybercriminals find stealing card numbers to be a relatively safe and simple way to generate profits. The risks are small and the potential gains are significant.”