Quarter of All Malware Attacks Targets Financial Services, Credit Card Fraud Up 200%

Research published on Monday by cyber threat intelligence company Intsights paints a bleak picture for cybersecurity across the global financial services industry. According to the report, more than 25% of all malware attacks hit banks and other financial services organizations, more than any other industry, and there were huge year-on-year increases in the numbers of compromised credit cards (212%), in credential leaks (129%) and in malicious apps (102%).

The report is all about the numbers. “Around the globe, banks are seeing more frequent and more aggressive cyber attacks,” Hadar told me, “and the severity and sophistication of these attacks are increasing all the time.”

January 2019 saw historic data leaks, according to the report, with “Collections #1-5″ exposing more than 2 billion sets of login credentials or personal information records, resulting in Q1 2019 “nearly doubling those of any of the previous four quarters dating back to Q1 2018.”

With credit card compromise up more than 200%, “cybercriminals are using these compromised credit card numbers to make small purchases, as this practice does not often attract unwanted attention. However, these small purchases can generate nearly ten times more ‘free money’ than what the card is worth on the black market.”

Security research by Cisco Talos hit the headlines when it published a list of 74 groups on Facebook where members advertised “an array of questionable cyber dirty deeds”, including the sale of cards, credentials and hacking services. The Facebook groups had an extensive reach, with “approximately 385,000 members,” and they were not difficult to find, “a simple search for groups containing keywords such as ‘spam,’ ‘carding,’ or ‘CVV’ will typically return multiple results.”

“While it’s no surprise that credit card leakage is rising,” Hadar told me, “the rate at which it’s rising is quite interesting. You’d think it’d be a top priority for organizations to protect this kind of data, given how easy it is to commit fraud once credit card details are stolen, yet cybercriminals keep finding ways to get new credit card numbers at an alarming rate. I think this shows it’s the most successful way to make money online, given the abundance of credit card data available and the low risk to cybercriminals of getting caught.”

The Intsights report sets out emerging cyber threats, including the exploitation of “SS7 flaws”, as seen with thefts from banks in the U.K. (Metro Bank) and Germany (as reported by the Suddutsche Zeitung). These flaws, explains Motherboard, “allow attackers to listen to calls, intercept text messages, and pinpoint a device’s location armed with just the target’s phone number, [and then] direct a target’s text messages to another device, and, in the case of bank accounts, steal any codes needed to login or greenlight money transfers (after the hackers obtained victim passwords).”

“Banks and financial services organizations were the targets of 25.7 percent of all malware attacks last year, more than any other industry. In addition to Trojan attacks, IntSights observed large-scale malware attacks leveraged against multiple organizations.”

The report also details ATM malware, where “more than 20 ATM malware families have hit banks around the globe” in the last year, with attackers inject[ing] a malicious executable into the switch application server of the ATM network.” Think of this as a sophisticated electronic care skimmer. And those still exist as well, with “organized cybercriminal groups installing payment card skimmers on ATMs around the world, with new stories emerging daily about perpetrators being arrested.” And then, of course, there’s ransomware, fraudulent mobile apps, and DDoS attacks.

And it’s only going to get worse. “I think hacker automation will be a key trend over the coming years, enabling cybercriminals to run fraud campaigns faster without needing an advanced technical background,” Hadar explained. “To combat this, organizations need to leverage automation themselves and should be working to identify attacks as early as possible, because that will give them the best chance at thwarting and/or preventing these campaigns. External visibility into threat activity will be key to early identification and successful mitigation.”

Hadar sees South East Asia as an epicenter for the growth in financial cybercrime. “What is interesting about Asia,” she told me, “is that it’s one of the most-attacked regions, while also being the primary region where cybercriminals are sending their stolen money.” And she is certain that the reason for Asia’s emerging dominance is that “hackers are attacking this region because banks typically lack the more comprehensive security systems that are common in developed countries. In turn, hackers send the stolen money to accounts in this region, since the banks don’t usually have adequate monitoring capabilities to spot and stop these fraudulent transactions.”