Thursday, October 9, 2014

Top four bank fraud techniques

Woody Allen said in one of his movies "If only God would give me some clear sign! Like making a large deposit in my name at a Swiss Bank." We don’t know if his prayers were ever answered, but we do have evidence that cybercriminal gangs share his pleas and make their way to wreak havoc on the financial system worldwide.

This week the Central European University launched an extensive study about the evolution of security breaches affecting European citizens’ privacy. 24% of attacks target United Kingdom, which is followed by Germany, Greece, the Netherlands and Norway. Major vectors for these attacks are the companies themselves, with 89% of historical records. Corporations, governments and organizations are a very attractive target for this dark market.

Such study did not present the causes, but if so, there is no doubt that banks are in the spotlight for cybercriminals. In fact, bank branches are hit by thousands of attacks every day. Our aim with this article is to collect four news that point out the top four bank fraud digital techniques.

The first of these techniques involves taking advantage of users by compromising legitimate websites. In this case, one of the Russian black hat groups that populate the third environment compromised WordPress websites’ security as bait for a exploit kit which seeks vulnerabilities among their visitors. Then they install Qbot or Qakbot malware in the background, which allows them to steal online banking login credentials. 52% of victims (nearly half a million computers) use Windows XP, a no longer supported operating system, which therefore represents a perfect breeding ground for multiple kinds of attacks.

The second practice is based on the generation of infected user botnets. Sednit is an espionage group (unfortunately) specialized in this type of abuse and has further developed its technique, which is supported by a new tailor-made exploit kit that not only redirects users to the bank alike fraudulent site, but maintains its persistence in the infected system (mostly Windows with Internet Explorer browser) and can even take control of the CPU remotely for future denial of service attacks, spam campaigns, bitcoins mining...

The third one is to conduct an APT against ATM’s. This point is highly interesting because its use its growing as never before. Tyupkin is a malware designed specifically to attack ATMs at several American, European and Asian branches. In order to install it, cybercriminals need to physically access the device (using social engineering), insert a CD with malware, and reboot it. Once it’s done, crooks send a code to the system when such malware is listening (usually on Sunday and Monday very early in the morning). Such code processes an internal transaction that allows them to withdraw up to 40 notes in seconds, the maximum amount that  each cartridge can contain.

Finally, we have a classic among classics: phishing campaigns. Any breaking news is useful to mislead users and drive them to infected content thanks to social networking spreading power or email’s immediacy. In some cases, this dangerous content is hosted on the fraudulent website itself. In others, it can be downloaded as an alleged HTML file containing Dilma Rousseff’s crash summary.

Therefore It is not surprising that the largest companies of the Internet (Facebook, Twitter, and Google), along with other major IT corporations such as Microsoft meet with senior officials of the European Union in Luxembourg to discuss strategies to minimize risk. This summit hopefully will provide more protection for our data, and especially to our pockets.


Post a Comment