While financial threats tend not to get as much news coverage as ransomware, maybe because they have a less visual impact, they are far more prevalent. With over 1.2 million annual detections, the financial threat space is 2.5 times bigger than that of ransomware.
Further Reading
Financial malware more than twice as prevalent as ransomware (https://www.symantec.com/connect/blogs/financial-malware-more-twice-prevalent-ransomware)
Financial threats review 2017 (https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-financial-threats-review-2017-en.pdf)
24. 24
Uneven sample/target distribution
oThree Dridex samples
targets the same 16
banks in Germany, and
10 in Austria
oPrevalence fluctuates a
lot
oNot all groups have
precision in
distribution method
Talking points:
Credit Card fraud:
Most common threat type.
Card data is sold for as low as $0.10 in underground forums
Stolen with Trojans or through data breaches
The move to Chip&Pin in the US will shift this threat.
Financial Trojans:
Methods have not changed much over the last years, because they still work
Modify the traffic/transactions in the browser of the user
Phishing:
1 in 965 emails in 2014 was a phishing email
The trend is declining as it no longer works with all services
Social Engineering:
Difficult to block with technology, awareness is key
Attackers convince the victim to conduct the fraudulent transaction or to reveal security tokens
Popular example: Attackers hack the mail server of a company and change the details of the invoices at the end of the month.
Mobile Fraud:
Mobile payment solutions are starting to emerge and therefore gain focus of the attackers
Mobile phones are attacked to access two-factor authentication tokens
----
Disruption / DDoS
DDoS can be used as distraction during a targeted attack
Blackmailing:
Classic blackmail attack against the company to release sensitive data from a data breach or to conduct a DDoS
Bank2Bank Fraud
Increasing trend: Attackers hack into the bank and issue transaction directly on the backend
ATM/POS Attacks
Financial institutions need to secure all devices that process their data (PointOfSales, ATM,…)
Common Attacks
Financial institutions have to fight against common threats like any other company. Data breaches etc
Targeted attacks (APTs) against financial institutions are common. In September 2015 the financial sector was the most targeted sector by targeted attacks with 27%
This same group was also linked to heists targeting banks that make transfers using the SWIFT network, though the SWIFT network itself was not compromised in any of these attacks.
Vietnam’s Tien Phong Bank revealed that it had intercepted a fraudulent transfer of more than $1 million in the fourth quarter of 2015. Research by Symantec also uncovered evidence that another bank was targeted by the same group in October 2015. A third bank, Banco del Austro in Ecuador, was also reported to have lost $12 million to attackers using fraudulent SWIFT transactions, although no definitive link could be made between that fraud and the attacks in Asia.
Symantec has evidence that these attacks targeted at least 30 other countries.
Symantec believes the Lazarus group may have reappeared in 2017 with further attacks against financial institutions.
The ability to enable macros is just a click away. But the attacker must get the victim to click. To get the victim to do this all the attacker does is ask. Or as in this case, make the victim think the file is unreadable unless they enable macros.
Five Bebloh samples represented 93% of global infections in Jan 2016