Hackers find it more lucrative to target banks, not customers

It's harder to break into a bank's network, but the spoils yield higher rewards for successful cybercriminals.
Written by Danny Palmer, Senior Writer

Trojan malware is being used to directly target banks.

Image: iStock

Trojan attacks against the financial industry are becoming more effective and will continue to plague the sector for some time, as cybercriminals move away from attacking customers and instead choose to target the banks themselves, due to the increased incentive of a more lucrative cash haul.

That's the warning in a new report by cybersecurity firm Symantec, which the company says is based upon "comprehensive research" of the 2015 financial threats landscape. The study found that while detection of Trojans has dropped by 73 percent, the attacks themselves are becoming far more capable.

The drop in financial Trojan detections can be attributed to a number of factors, partially due to arrests and takedowns, while the evolution of security software as a threat prevention tool could also have helped. It's also thought that the drop has partially come about due to some cybercriminals ditching Trojan attacks in favour of attempting to exploit targets using ransomware.

However, while the number of attacks is down, that doesn't mean banks face a reduced risk from hackers. Instead, as attacks become more sophisticated, they're able to do more damage by targeting banks themselves instead of individual customers.

As the report says: "Although such targets are harder to compromise than a home user's computer, if the attack is successful it can potentially yield much higher profits with larger transaction values."

The report specifically cites the Carbanak Trojan malware attack, which saw cybercriminals make off with over $1bn, as evidence of the increasing capability of Trojans to get inside networks undetected. They usually accomplish this by hiding within malware embedded in spear-phishing emails -- and do significant amounts of damage over a long period of time.

"The tactics are simple: through classical attack methods like spear-phishing, the targeted financial institution is compromised and a foothold is established," explains Candid Wueest, principal software engineer at Symantec and author of the report.

"Once inside the financial institution's network, the attacker can wait and learn how to transfer money, issue fraudulent transactions, or orchestrate ATM machines to dispense cash," he adds.

It's malicious email attachments which remain the most common distribution method for financial Trojans, with corrupted Office documents or Zip files packed with malicious JavaScript most frequently used to compromise networks.

It's arguably the data-stealing Dridex Trojan which poses the biggest risk to the security of the financial sector in this way. Millions of emails containing the malware are sent everyday -- and that number is rising: Symantec reports a 214 increase in Dridex detections in February 2016 compared to the month before.

Nonetheless, Symantec warns that cybercriminals are still quite capable of breaking into a network by specifically targeting a bank's end users.

"The end user still remains the weakest link in the chain during an online transaction; even the strongest technologies are susceptible to social engineering attacks," says the report.

"Institutions need to be open about these risks and continue to educate their customers about security issues they may encounter," it continues.

"Until adequate protections become ubiquitous, cybercriminals will continue to defraud institutions and their customers out of millions of dollars annually," the report concludes.

Read more on cybercrime

Editorial standards