Banks remain a tempting target for cyber criminals

Digital attacks on financial services companies increased rapidly in the last quarter of 2015.
Written by Danny Palmer, Senior Writer

Just one successful bot attack can paralyse a major bank for days.

Image: Aleksandar Kosev

Banks will continue to be a tempting -- and constant -- target for cyber criminals in 2016, according to new research.

The ThreatMetrix Cybercrime Report for Q4 2015 found there has been a 40 per cent increase in cybercriminal activity against banks over the past 12 months, which includes more than 100 million attempts at fraud during this period: 21 million of these attempts came in just 90 days between October and December.

The same 90-day period saw a record of 45 million bot attacks against banks, an increase of tenfold when compared with the previous quarter. The report warns that even if just one of these attacks was successful, a major bank could be paralysed for days, potentially leading to billions in lost business.

"A trend in our latest report shows bot attacks as the biggest attack vector to financial businesses globally," says Vanita Pandey, senior director at ThreatMetrix.

Fraudsters use vast networks of infected devices at their disposal to inundate online systems with large volumes of fraudulent transactions, using scripts often in conjunction with bots. ThreatMetrix said it had detected millions of credential testing attempts using bots/scripts that targeted financial institutions, almost 10 times the volume from the previous quarter. An increase of such testing almost always occurs following a large-scale data breach, it said.

"Bots and other sophisticated attacks, such as malware, have determined strategies to mimic the behavior of authentic customers in order to bypass traditional security defences. This has serious implications for businesses across industries and geographies, as bots are difficult to detect," she added.

Indeed, bots continue to be one of the biggest attack vectors against businesses across the globe, with ThreatMetrix figures suggesting that 200 million bot attacks were stopped during the three month period between October and December 2015, as cyber criminals looked to take advantage in a busy period for online transactions in the run-up to Christmas.

"Online lending is a hotbed for fraud because it is a less secure channel and an attractive target for attackers. They are also working with much faster transaction cycles than traditional lenders," says Stephen Topliss, VP of products at ThreatMetrix.

"Security and fraud risks continue to grow at a rapid pace as fraudsters seek to capitalize on easily available identity data and the anonymity of online transacting," warned the report.

More on cyber security

Editorial standards