Financial Services Malware – Security Threats Thriving


Ted McKendall

Financial services organizations continue to be among the top targets for cash-hungry cyber-criminals. 

In its annual X-Force Threat Intelligence Index, IBM revealed that while the number of records breached surprisingly dropped by nearly 25 percent in 2017, cyber-criminals increasingly shifted their focus to launching ransomware and other destructive attacks that would lock or destruct data unless the victim paid a ransom.  

Mixed News for Financial Services  

Financial services have long been cybercriminals’ number one target and for obvious reasons – that’s literally where the money is – and there’s little sign that these attacks are slowing down. 

For the second year in a row, IBM found that the financial services industry suffered the most cyber-attacks against it, accounting for 27 percent of security incidents across all industries, and 17 percent of attacks. 148m records were breached across the industry. 

This wasn’t all bad news from a year-on-year perspective; the sector did fall to the third-most attacked, behind ICT (33 percent) and manufacturing (18 percent), but it did see the most amount of incidents requiring further investigation (27 percent).  

Interestingly, researchers found that over three in four attacks involved old-school injection attacks – where untrusted and usually malicious code is inserted into a web browser. Approximately 23 percent of attacks were attributed to the Gozi malware, which first appeared on the scene as long ago as 2012. 


Security Issues Stem From Legacy IT and Human Error  

So, why is financial services in such bad shape?  

In many ways, it could be argued that now is an opportune moment in time for cyber-criminals. Banks, facing increased competition and compliance too with MiFid II and GDPR on the near horizon, are in the middle of their digital transformation initiatives, most of which involve some element of migrating certain applications and workloads to the cloud. 

To make a success of this, organizations need to connect people, process and technology, with any gaps across the three often resulting in project failure – and insecurities. 

This is backed-up by the study, which saw a 424 percent jump in breaches related to misconfigured cloud infrastructure in 2017, with most of these down to human error. The report also showed that inadvertent activity, such as misconfigured cloud infrastructure, was responsible for the exposure of nearly 70 percent of compromised records tracked.  

Human error, of course, remains at the root of all breaches across all sectors, with phishing attacks representing a third of activity that led to a security event in 2017. 

In addition to exploiting human error (at the financial services company) and a rapidly changing IT infrastructure, cyber-criminals also see an opportunity to get around cyber-security defenses by targeting the customers themselves. 

In particular, while financial services organizations are amongst the biggest spenders on cyber-security technology (and amongst the first to pilot emerging but untested technologies), cyber-criminals are increasingly using banking Trojans to target the banks’ end users – those using devices not managed by the bank to access the web applications. 

Take Gozi; in 2017, the Gozi banking Trojan and its numerous variants were the most prevalently used malware against the financial services industry. The Gozi malware specifically targets customers as it takes over initial banking login screens with prompts for consumers to enter other personal information, which is then shared directly with the attacker.  


Why You Need Full Transaction Stack Protection 

Such attack methods are particularly key when considering an attackers’ motives. Do they attack the infrastructure (i.e. the website) or the end user? 

There are many advantages to an attacker targeting individual end-users instead of the website. End-users, especially consumers, are usually much softer targets. They typically have fewer defenses – at best simply using a traditional signature-based antivirus solution (which is more than likely not up-to-date), at worst running no security software.  


Their computers are also much more likely to be behind in applying software patches to address vulnerabilities than the server running the web application. In addition, users visit a wide range of sites, most are non-business-related, so are much more likely to click a link, get fooled by a pop-up or phishing email, or visit a website that distributes malware. 


Any organization that has a web application that deals with sensitive information or is used for financial transactions needs to include all aspects of the web threat environment into the security and anti-fraud strategy. This means focusing on full transaction stack protection – which includes both the end customer’s device as well as the web application. Trusted Knight’s cloud-based Protector Air offers exactly that. Click one of the buttons below to read the technical whitepaper or get a free 90-day trial of Protector Air. 


Request a Free Trial Download Whitepaper Now