Vienna - Cyber criminals are no longer just targeting individual bank users, but are widening their net of victims and money stolen by attacking routers, internet service providers and banks themselves.
Costs associated with cyberattacks on the financial sector are constantly rising, as organisations face increasingly sophisticated threats.
The Financial Institutions Security Risks 2016 revealed that POS (point of sale) exploits carry the largest costs, with an organisation typically losing $2m a year on these attacks.
Attacks on mobile devices are second at $1.6m a year and targeted attacks at $1.3m.
South Africans lose in excess of R2.2bn to internet fraud and phishing attacks annually.
This is according to global cybersecurity company Kaspersky Lab, which made a presentation this week at a conference in Vienna on the latest trends and figures in the Middle East, Turkey and Africa region.
Trojans, phishing scams and scanning devices at points of sale, which target individual users by gaining access to their credit card and banking details, are massive problems. However, cyber criminals are increasingly targeting ATM machines, routers and modems, networks and banks themselves.
Mobile phone apps a boon for cyber criminals
Fabio Assolini, a senior security researcher at Kaspersky Lab, said that while phishing emails are still popular because so many people still fall for them, criminals are increasingly targeting mobile phones because mobile banking apps have become convenient and popular to use.
There are now many fake banking applications which pop up at the top of the Google Play store, Assolini said.
There are also links which redirect you to a fake webpage of your bank in order to access your banking details.
Phishing attacks have also migrated to sms's, which is called smishing.
“These attacks are evolving,” Assolini said.
“Last week there was a very interesting attack that happened in China. They are buying fake mobile base stations. Your smartphone is designed to connect to the strongest signal available and it will connect to this mobile station because it has a strong signal,” he said.
The scary thing is that these fake mobile stations are not expensive to buy. They will open links to fake webpages and steal your information.
“It is not long until this happens in other parts of the world,” he said.
Assolini said criminals want to target multiple people in one shot, and so they are infecting routers and modems which are often set at default passwords and can have vulnerable software.
Silent attack on your device
“They can steal your bank account without affecting your computer or smartphone. You put the modem or router there and you forget about it because it is working. The bad guys put a silent attack on the device and they can control you. They can redirect you to fake websites and users will have no idea there is a problem,” Assolini said.
The attacks can go even bigger and cyber criminals target internet service providers. Then there are the attacks on the banks themselves, where millions of dollars can be stolen at one time.
Recently Kaspersky Lab published the results in a more than a year-long investigation into the Lazarus group – a notorious hacking group allegedly responsible for the theft of $81m from the Central Bank of Bangladesh in 2016.
In February 2016 the group of hackers attempted to steal $851m and managed to transfer $81m. This was one of the largest and most successful cyber heists ever.
Through investigations, Kaspersky was able to stop the group from stealing money from a financial institution in South East Asia; they then moved onto a bank in Europe, where they were also stopped.
A rising trend is for criminals to focus on ATM machines. While many ATM bombings are still taking place, criminals have become more sophisticated.
Kaspersky Lab’s Amin Hasbini described a mysterious fileless attack against a bank where criminals used in-memory malware to infect banking networks. In one example, known as ATMitch, an ATM at a bank was emptied and all they found was a file. In the code they found the words “Catch some money, bitch. Dispense success.”
Investigators at Kaspersky then went on to VirusTotal, a website where you can upload a suspicious file and have it scanned with over 50 virus scan products. They then waited for someone to put this file on.
It took 20 hours before someone uploaded the same file to the site.
“The attackers were very active,” Hasbini said. They were then able to catch some attacks while they were happening.
“Stage one is a fileless attack. They attack through a weak server and then spread throughout the web server. They then take full control of the system. (In) stage 2 they send a malware file to an ATM, run it and dispense the money. Someone waits with a big bag and wheeeh they are gone,” Hasbini said.
* Angelique Serrao is in Vienna for the Cyber Security conference as a guest of Kaspersky Lab.