Banks and other financial institutions have been warned about the increasing threat posed by more advanced and sophisticated pieces of financial malware.
Attackers have new malware, and new techniques, such as managing the Trojans through blogs, according to a report from NSS Labs, which examines the evolution of financial malware threats during the third and fourth quarters of last year.
The report warns that there has been a great deal of innovation in financial malware of late, with the emergence of new malware suites such as Hesperbot and Beta Bot.
According to research vice president Dr. Ken Baylor, financial malware is at the cutting edge of botnets and financial crime technology. He said that updated malware threats are employing SSL to encrypt their communications with C2 servers in order to better conceal the type of data they are stealing, as well as the new instructions they receive.
And he warned that there is a growing pattern of new financial malware Trojans that first appear in Europe, and then propagate outwards to US banks and account holders. For example last September the Hesperbot Trojan was first spotted by ESET researchers as it was using a domain that purported to belong to the Czech Postal Service.
“The trend continues of new Trojans emerging via targeted campaigns in Europe and then spreading throughout Europe before reaching US banks,” wrote Dr Baylor in the report.
And Dr Baylor believes that banks have to improve their internal security measures to deal with the evolving threat landscape.
Specifically, he believes that banks need to better invest in more advanced anti-fraud risk engines to better pinpoint potentially fraudulent transactions, as banks now need a multi-layered approach to tackling account fraud.
“Rapid development of new malware platforms such as Hesperbot requires banks to have in-depth security rather than rely on traditional patterns of attack,” warned the report. “Newer bots are using Secure Sockets Layer (SSL) for communication with their C2 servers.”
Another problem has also come from the leaking of the Carberp source code, which “will likely give rise to new generations of Carberp malware.” Trusteer discovered in June that the source code is being offered on underground forums for as much as $50,000 (£30,446).
Banks also should conduct regular risk assessments to make sure they are keeping ahead of these evolving risks, said NSS Labs, not just to meet compliance rules, but to “avoid crippling losses in an innovative banking malware environment.”
Dr Baylor pointed out that financial institutions should “invest in modern antifraud risk engines to detect user‐level anomalies between customers’ historical transactions and current transactions under review.”
What do you know about Internet security? Find out with our quiz!
Intel shares sag after company shares gloomy revenue predictions, as data centre chip demand hit…
Germany's Tuta Mail says Google broke EU's new DMA rules with March algorithm update that…
US auto safety regulator opens new investigation into adequacy of Tesla Autopilot recall, saying it…
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…