Last week, we got you up to speed on the latest happenings in the Technology Industry where we looked at “.cn” extensions, the hacking of Google Palestine, malware and some pretty ridiculous stories in the technology industry – like luxury toilet hacking.
This week, we’re looking at the financial industry, and our heads are spinning with everything going on. We’ve got the usual batch of online banking fraud and malware, with some social engineering tactics stirred in for good measure.
Here’s the important stuff, which should serve as a healthy reminder to keep a vigilant eye on your finances.
Online Banking Fraud
A new technique was spotted last month, which showed that fraudsters were targeting the wire payment switch at American banks by using DDoS as a diversion. The method, using inexpensive software called Dirt Jumper, is used in order to capture the attention of bank staff, so they don’t notice the fraudulent wire transfers. They’ve been found out; however, their methodology is slick.
Social Engineering Tactics
An administrative assistant at a French company received an email earlier this year, which included a link to what was described as an invoice hosted on a file-sharing site. Following the email, the admin assistant received another phone call from a senior team member at the same firm, who told her to process that invoice. However, that senior team member was not an employee of the organization in question but a cybercriminal. This same technique is also happening in the banking industry, so it’s something to be on the lookout for.
In the middle of September, eight men were arrested in the UK on suspicion of stealing $2.1 million from a Barclays Bank branch in the UK. One of the suspects walked into the branch, posing as an IT engineer, and installed a mouse (KVM) switch, which was used to steal the funds. Barclays managed to recover a lot of the stolen money for their customers. This isn’t the first time this has happened – remember the UK-based Santander plot from earlier this month?
Two years ago, it was discovered that Citi Bank had a major security flaw when hackers managed to obtain names, email addresses and account numbers of Citi credit card customers, allowing them to steal over $2.5 million. All the hackers had to do was use an account number and password to log in and then, by changing some characters in the URL, they managed to get into several accounts. Citi has now agreed on a $55,000 settlement with Connecticut as over 5,000 of the victims were from there.
An online banking Trojan targeting Japanese users was discovered earlier this month. The Trojan was determined to be a variant of the Citadel family, which is known for stealing online banking details to be used for theft. According to Trend Micro, “at least 9 IP addresses” in Europe and the U.S. were found to be working as the command and control server for the botnet. Due to the discovery, the financial institutions targeted issued warnings to their customers.
Earlier this month, a piece of malware was discovered in the Czech Republic, which was set up to threaten online banking customers in the UK. Using the domain www.ceskaposta.net the Hesperbot Trojan launched in August. That domain name is a take on the actual website for the postal service in the Czech Republic, which made it even more believable for victims. The malware is quite advanced in that it is similar to ZeuS, which can take screenshots, commit keylogging, and set up a VNC to communicate with hackers, among other things. Most victims are located in Turkey and Portugal.
Speaking of ZeuS, during the month of August 23 percent of malicious spam was carrying ZeuS/ZBOT variants according to Trend Labs. ZeuS/ZBOT were also the most distributed malware by IPs related to spam botnets.
The Shylock/Capshaw malware, which has been wreaking havoc since 2011, was back on the scene this month with activity being reported in the UK, Italy, Turkey and Denmark. The malware is so effective because it takes over a victim’s computer and has a method of preventing scanners from detecting that it even exists, making it able to resist removal. Several banks are being monitored in order to ensure they are not affected by the malware.
At the beginning of September, Japanese bank Sumitomo Mitsui decided to implement an online security technology by VASCO Data Security International, Inc. called DIGIPASS 275. The DIGIPASS 275 is a one-time password technology and will be distributed without charge throughout the bank’s branches.
Mandiant released a study this week based on the second quarter of this year, which showed the financial services industry as the most targeted sector by cybercriminals. Targeted companies include: banks, investment firms and payment processing companies among others.