Malware: An old enemy causes new problems for banks

Malware isn’t a new problem; the use of malicious software to gain access to sensitive data and private computer networks has been a significant security headache for decades.

However, the rise in quantity and sophistication of malware attacks means financial institutions (FIs) must continuously adapt their detection and prevention systems to stop fraudulent activity.

Recent Symantec figures revealed criminals created 430 million new pieces of malware last year, which was a 36 per cent increase from 2014. In the first quarter of 2015, Symantec stopped 550 malware threats each day. But what repercussions does this have for banks?

Recent malware attacks 

Despite the well-known dangers of hostile software, FIs remain vulnerable to attacks worldwide. Earlier this year, fraudsters successfully stole $81 million from Bangladesh Bank using malware. The hackers were attempting to take more than $950 million from the central bank, but were spotted and stopped after making errors during the digital heist.

Media reports claimed Bangladesh Bank had been using second-hand $10 routers and neglected to implement a firewall, creating easily exploitable weaknesses. At time of writing, the $81 million had not been recovered.

Criminals hijacked SWIFT payment messages to instigate the attack, with the company urging banks to bolster their security measures to prevent further problems. Nevertheless, SWIFT reported a second attack on an unnamed FI in May.

“The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks – knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both,” the organization said in a statement.

Threats closer to home

FIs in the US and Canada have also fallen victim to malware recently. IBM security professionals reported that 24 banks across the two countries lost a collective $4 million due to a new breed of malware called GozNym.

The software is a Trojan hybrid of the Nymaim and Gozi ISFB malware. The former is known for its stealth, while the latter enables hackers to commit fraud via infected web browsers.

“The new GozNym hybrid takes the best of both the Nymaim and Gozi ISFB malware to create a powerful Trojan,” said Limor Kessem, executive security advisor at IBM.

Unlike the Bangladesh Bank incident, which targeted the institution, GozNym attacks consumers. Etay Maor, executive security adviser at IBM Security, told the Wall Street Journal that the software is installed when unsuspecting users click on a link or attachment.

The program then lies dormant until the individual accesses their bank account, at which point GozNym begins tracking keystrokes and can take images of the interface. People may even receive fake emails from their bank that the malware creates.

Overcoming malware challenges

FIs face a difficult challenge when trying to tackle malware threats. They are not only under attack themselves, but customers are often tricked into giving up their personal information through a variety of cunning ploys. Banks can only do so much to prevent fraud that arises from consumer behavior.

Organizations must therefore take a multifaceted defensive approach. This requires investing in comprehensive solutions to detect and prevent fraudulent behavior within their businesses, while also educating and informing customers of malware dangers.

Only with a comprehensive strategy can FIs overcome the increasingly complex and evolving attacks that modern cybercriminals employ to circumnavigate security systems.

Written by Dena Hamilton

Dena Hamilton

Dena is NCR's Director of Enterprise Fraud & Security Software Solutions. She specializes in fraud, risk, compliance and security, with over 35 years of experience in the financial services space. Her focus is the development and deployment of enterprise financial crime solutions optimized in prevention, detection and back office efficiency.

Read more articles from Dena Hamilton
Our privacy policy has been updated. Click here to see the updates.