THE banking sector is the single most important target for cybercriminals. Most banks have invested substantially in cybersecurity infrastructure to ensure their assets remain secure and to safeguard incredibly sensitive data of users (its clients).
Despite that, cybercriminals constantly develop new ways to infiltrate even the most extensive and sophisticated security systems.
One of the most common and typical types of criminal malware in the financial sector is banking Trojan. It is responsible for a large share of attacks on banks albeit indirectly via their customers.
The core function of a banking Trojan is to compromise online banking credentials used on compromised devices and to use that unauthorised access for fraud, either by the attackers themselves or third-party buyers in underground black markets.
Meanwhile, mobile banking Trojans have become an increasingly important segment of the banking Trojan market for two reasons. The widespread adoption of mobile banking apps makes mobile devices an equally or even more important target – especially Android phones due to its open-source system – for attackers that seek to compromise online banking credentials.
Furthermore, most 2-Factor Authentication (2FA) for online banking logins relies on mobile devices via either SMS or authentication apps. Compromising mobile devices with banking Trojans can thus facilitate attacks on online banking credentials by enabling 2FA bypasses.
In addition, SMS intercept functionality is typical of mobile banking Trojans, and some now have the ability to collect 2FA codes from authentication apps.
In 2018, the number of users attacked with banking Trojans rose 15.9% to 889,452 compared to 767,072 in 2017. Users in Russia, Germany, India, Vietnam, Italy, the US and China were the most often attacked by banking malware. Out of the total, 24.1% of users attacked with banking malware were corporate users.
Malaysia is also not spared as it experiences cybercrimes since the early 2000s. Between 2005 and 2010, Malaysia have saw a rise in cybercrimes especially in the financial sector with RM2.75 bil losses incurred.
In 2019, data gathered by Kaspersky for period January till September showed Malaysia has climbed the ladder from 36th to 17th country with the greatest number of detected mobile ransomware Trojans.
What does cybercriminals do with the data? According to IntSights, an all-in-one external threat intelligence and protection platform, cybercriminals often sell the data that they have compromised to third parties in underground criminal forums and black markets, rather than monetize it themselves.
This data often sells for a fraction of its face value.
IntSights researchers found a Russian-speaking criminal selling a database of bank account details for 20,400 US bank customers. The database included account numbers, names, mailing addresses, e-mail addresses, phone numbers, and IP address. The actor began auctioning this database at a price of US$10,000 with a “buy now” price of US$20,000.
Moving forward, we will definitely not be seeing Trojan banking disappears. This is due to the advancements of technology which does not only make life easier for us but also for cybercriminals to continue making profits from the loophole in the system. – Feb 3, 2021
