Cyber security company Symantec has released new research showing financial threats are 2.5 times bigger than ransomware with over 1.2 million annual detections last year.
That is not to play down the scope of ransomware detection and protection but to show yet again that cyber criminals follow the money. Cyber criminals have a range of tools at their disposal from Trojans attacking online banking, to more calculated hackings which learn about its victims and makes fraudulent transactions, costing both users and the banking sector.
Increasing returns from financial malware are directly related to the increasing use of socially engineered phishing campaigns. Expect to see better, highly focused and relevant, AI and Machine Learning campaigns driven by location, local business, and even people you know as references.
Symantec has detailed the threat in a security response bulletin . Highlights are below.
{loadposition ray}
Financial threats do not get as much news coverage as ransomware because they have a less visual impact, but they are far more prevalent. With over 1.2 million annual detections, the financial threat space is 2.5 times bigger than that of ransomware. Take, for example, the financial Trojan Ramnit (W32.Ramnit) whose total number of detections in 2016 equalled all ransomware detections combined.
Financial threats are still profitable and continue to be popular among cyber criminals. From financial Trojans that attack online banking (users), account takeovers (users), attacks against ATMs, point of sale (POS) machines, and fraudulent interbank transactions, there are many different attack vectors utilized by cyber criminals.
In fact, Symantec says the quantum could have been very much higher if it were not for the disruptions caused by arrests, takedowns, and regrouping by the perpetrators of the three main financial malware “families” responsible for 86% of all global detections.
Once a cyber criminal gains access to a device they are interested far more in what else can be learned about the user or organisation. For example, it looks for financial apps that may be accessed by a hidden virtual network computing server and the attacker will work out ways to use that to perpetrate other attacks. The result is that there are now more attacks against banks and financial institutions instead of their retail customers.
From an end user's perspective, Symantec advises
- Exercise caution when conducting online banking sessions, if the behaviour or appearance of your bank’s website changes
- Notify your financial institution of any strange behaviour while using their services
- Exercise caution when receiving unsolicited, unexpected, or suspicious emails
- Keep security software and operating systems up to date
- Enable advanced account security features, like 2FA and login notification, if available
- Use strong passwords for all your accounts
- Always log out of your session when done
- Monitor bank statements regularly
- Be wary of Microsoft Office attachments that prompt users to enable macros
Symantec’s Internet Security Threat Report 2017 (ISTR) is good reading.