Cybercriminals have countless ways that they breach financial institutions that range from ATM infections to many different types of network penetrations that are all based on malware attacks. This includes remote bankingsystems, PoS terminal networks, and making changes in bank databases to manipulate card balances. Now, cybercriminals are beginning to concentrate on network-based attacks.
Network security has become increasingly complicated for financial institutions when looking at the top financial industry security threats. Criminals have numerous ways to penetrate a financial institution’s endpoints that range from the network to the ATM and the employee communications in between.
Malware and ATM Attacks Gain More Popularity with Cybercriminals
One disturbing trend to look out for is the malware attack targeting ATMs known as jackpotting. Although many of these ATM attacks have been traditionally outside of the US, recent reports from the Secret Service and other sources warn of jackpotting attacks against ATMs in the United States.
ATM crime increased from 42 to 54 percent between 2016 and 2017, according to the ATMIA Global Fraud and Security Survey.
Security threats to watch out for, according to the survey, include:
- ATM skimming
- Compromised PINs
- Deposit fraud
- Card trapping, and
- Card data malware
Physical ATM malware attacks are often possible because some financial institutions don’t quickly implement system updates and patches that install crucial security features required to fix system vulnerabilities. Two of the most recent malware threats include:
- Prilex, which uses highly targeted attacks to hijack banking applications to steal user data
- Cutlet Maker, which is a flexible standalone application for emptying the ATM's safe.
With Prilex, Cutlet Maker, and other threats, an important component of security is remaining current with updates and patches. Keep in mind that often requires up-to-date hardware capable of running the latest security software.
The Rise of Trojan Malware Attacks
Banking Trojans have been some of the primary drivers of botnet traffic and malicious activity in financial institutions. One-third of phishing campaigns delivered banking Trojans in Q1 2017, according to Proofpoint’s 2017 Quarterly Threat Report. Some of the more prevalent Trojans include:
- ShadowPad, which can infect networks with Trojan updates for the software used in financial institutions.
- Zeus, which is designed to steal online-banking credentials through phishing schemes and drive-by downloads.
- IcedID, a new banking Trojan hitting financial institutions across the US, UK, and Canada. Like other banking Trojans such as Zeus, Gozi, and DRIDEX it uses web injection and redirection routine techniques.
These Trojans feature sophisticated coding making them difficult to detect and guard against without closely monitoring network activity for anomalies.
Your Partner in the Fight Against Malware
In the fight against malware protection for financial institutions, the best course of action is a multi-layered security approach. Today’s cyber threats require moving beyond protecting the perimeter to including security measures like network segmentation and robust encryption that runs from deep in the network to the cloud and all endpoints. This comprehensive security approach requires:
- Intrusion detection systems and incident response to ensure attacks are stopped fast once detected through automated identification and response to abnormal activity
- Intrusion Prevention systems and incident response to ensure attacks are stopped before they can enter your organization in the first place.
- Automated patch management protocols to ensure all systems and software are quickly updated to guard against weakness exploitation by malware
- Recurring vulnerability assessments and pen testing to identify and address vulnerabilities that may allow ransomware to infect a host
End-user device protection and education to ensure that devices are tied into the strong security chain while also providing ongoing employee education on how to avoid phishing scams and protect data.
Although the largest global financial institutions have teams of security experts to assess, plan, and implement these types of measures, other financial institutions aren’t likely to have the resources for these skills in-house. DataComm can serve as an extension of your organization with a team of financial IT experts that can evaluate your security posture and technology options to provide data security to all financial institution systems and endpoints.
Contact us today to see how we can help.
Financial institutions remain an attractive target for cybercriminals. Learn how to keep your customer data safe.