Research published on Monday by cyber threat intelligence company Intsights paints a bleak picture for cybersecurity across the global financial services industry. According to the report, more than 25% of all malware attacks hit banks and other financial services organizations, more than any other industry, and there were huge year-on-year increases in the numbers of compromised credit cards (212%), in credential leaks (129%) and in malicious apps (102%).
Earlier this month, I asked a cyber threat specialist to see what level of financial fraud he could find on social media in just 15 minutes. Zack Allen of Maryland-based ZeroFox did not let me down. “In just those 15 minutes,” he told me, “I was able to identify fraud scams across YouTube, Eventbrite, Medium, Reddit, GitHub and Telegram. And there were surprises even to us, around some of the stuff that we found and how quickly on these sites.”
According to the Intsights research paper authored by Hadar Rosenberg, this should actually come as no surprise. The Threat Intelligence Research Analyst based in Israel, but who lived in China for five years, told me that “when it comes to financial crime, it’s mostly a numbers game. The more stolen account numbers you can try to access, or phishing sites you can launch, the better your chances of success.”
And the report is all about the numbers. “Around the globe, banks are seeing more frequent and more aggressive cyber attacks,” Hadar told me, “and the severity and sophistication of these attacks are increasing all the time.”
January 2019 saw historic data leaks, according to the report, with “Collections #1-5″ exposing more than 2 billion sets of login credentials or personal information records, resulting in Q1 2019 “nearly doubling those of any of the previous four quarters dating back to Q1 2018.”
With credit card compromise up more than 200%, “cybercriminals are using these compromised credit card numbers to make small purchases, as this practice does not often attract unwanted attention. However, these small purchases can generate nearly ten times more ‘free money’ than what the card is worth on the black market.”
Security research by Cisco Talos hit the headlines when it published a list of 74 groups on Facebook where members advertised “an array of questionable cyber dirty deeds”, including the sale of cards, credentials and hacking services. The Facebook groups had an extensive reach, with “approximately 385,000 members,” and they were not difficult to find, “a simple search for groups containing keywords such as ‘spam,’ ‘carding,’ or ‘CVV’ will typically return multiple results.”
“While it’s no surprise that credit card leakage is rising,” Hadar told me, “the rate at which it’s rising is quite interesting. You’d think it’d be a top priority for organizations to protect this kind of data, given how easy it is to commit fraud once credit card details are stolen, yet cybercriminals keep finding ways to get new credit card numbers at an alarming rate. I think this shows it’s the most successful way to make money online, given the abundance of credit card data available and the low risk to cybercriminals of getting caught.”
The Intsights report sets out emerging cyber threats, including the exploitation of “SS7 flaws”, as seen with thefts from banks in the U.K. (Metro Bank) and Germany (as reported by the Suddutsche Zeitung). These flaws, explains Motherboard, “allow attackers to listen to calls, intercept text messages, and pinpoint a device’s location armed with just the target’s phone number, [and then] direct a target’s text messages to another device, and, in the case of bank accounts, steal any codes needed to login or greenlight money transfers (after the hackers obtained victim passwords).”
“Banks and financial services organizations were the targets of 25.7 percent of all malware attacks last year, more than any other industry. In addition to Trojan attacks, IntSights observed large-scale malware attacks leveraged against multiple organizations.”
The report also details ATM malware, where “more than 20 ATM malware families have hit banks around the globe” in the last year, with attackers inject[ing] a malicious executable into the switch application server of the ATM network.” Think of this as a sophisticated electronic care skimmer. And those still exist as well, with “organized cybercriminal groups installing payment card skimmers on ATMs around the world, with new stories emerging daily about perpetrators being arrested.” And then, of course, there’s ransomware, fraudulent mobile apps, and DDoS attacks.
And it’s only going to get worse. “I think hacker automation will be a key trend over the coming years, enabling cybercriminals to run fraud campaigns faster without needing an advanced technical background,” Hadar explained. “To combat this, organizations need to leverage automation themselves and should be working to identify attacks as early as possible, because that will give them the best chance at thwarting and/or preventing these campaigns. External visibility into threat activity will be key to early identification and successful mitigation.”
Hadar sees South East Asia as an epicenter for the growth in financial cybercrime. “What is interesting about Asia,” she told me, “is that it’s one of the most-attacked regions, while also being the primary region where cybercriminals are sending their stolen money.” And she is certain that the reason for Asia’s emerging dominance is that “hackers are attacking this region because banks typically lack the more comprehensive security systems that are common in developed countries. In turn, hackers send the stolen money to accounts in this region, since the banks don’t usually have adequate monitoring capabilities to spot and stop these fraudulent transactions.”
The report warns that “threat actors are using tactics like social media impersonation, malicious mobile applications, and phishing schemes to circumvent corporate networks and leverage organizations’ brands to trick users and run scams. While these are not direct attacks against a corporate system, they can be incredibly damaging and costly. This is why organizations need to be operating in the external threat environment, seeking out threats before they manifest into attacks.”
Zack Allen told me the same story, his company generated almost 1.5 million fraud alerts for its customers in 2018. “It’s one thing to be able to Google and find some stuff,” Allen said, “it’s a different thing to be able to process a big chunk of the internet and dark sources every day and pick out specifically what a particular company is interested in, whether they’re trying to protect brand or protect their customers or their organization from financial fraud.”
“In today’s increasingly digitized world,” the Intsights report concludes, “financial services organizations need to expand their view of the threat landscape to not just protect against direct attacks, but protect their customers and prevent successful fraud.”
With fraudsters getting ever more creative and sophisticated, it’s unclear how this can be done.
Read more at Forbes.