Credential-Harvesting Malware Focuses on Financial Services
Financial losses associated with security incidents have increased 24 percent in 2014 in the finance sector, with overall detected security incidents increasing 8 percent, according to PricewaterhouseCoopers’ Global State of Information Security Survey: Financial Services.
Similarly, Verizon’s 2015 Data Breach Investigations Report (DBIR) identified financial services as one of the top three industries affected by security issues (others include Public and Information industries).
According to the Verizon DBIR, crimeware and web application attacks account for the top types of attacks against the financial services industry. In both attacks, banking information and credentials are exploited, as well as the use of backdoors for successful attacks.
The common attack vector trajectory started with phishing a financial services customer, stealing credentials, accessing a web application and then transferring money from their bank or cryptocurrency account.
Malware is also commonly used in attacks against the finance industry. According to Websense’s recent 2015 Industry Drill-Down Report: Financial Services, the top malware threats to the finance industry all involved some data and credential-stealing components.
The top three types of malware include Rerdom, Vawtrack and Geodo. Rerdom is seen in 30 percent of attacks - as a spam generator, the malware sends malicious emails to financial service customers. It also harvests credentials used to log into FTPs (file transfer protocol), email, and other browser-accessible accounts.
Likewise, Vawtrack is a malicious banking trojan used to steal passwords, digital certificates, browser history and cookies. The trojan detects and disables antivirus software to keep itself intact. Geodo is a trojan that steals credentials, system information and other data. It has a self-replicating feature that spreads itself via email using a botnet.
As in any industry, third-party vendors, contractors, business partners, suppliers and service providers introduce new risk, as they’re often granted remote access to systems in order to do their job. But with 41 percent of respondents detecting security incidents stemming from third-party access, finance organizations may not be doing enough to properly secure or monitor their access, as Verizon reported.
So how does a data breach affect a finance organization? According to the Ponemon Institute’s Cost of a Data Breach Study: Global Analysis, per capita, data breach costs are nearly 40 percent more in the financial sector than the average of all industries combined. The financial services industry is also among the top industries susceptible to customer churn after suffering a data breach (other industries include health and pharmaceuticals).
How can financial (and other organizations) protect against these credential and data-stealing attacks? Verizon recommends strengthening authentication by using two-factor authentication for web applications.
Two-factor authentication can keep your financial information secure by providing an extra layer of security to your logins, requiring a physical device, like a smartphone, to verify your identity.
It’s also recommended by the the Federal Financial Institutions Examination Council (FFIEC); the governing body that provides guidance on keeping web-based financial services secure. The FFIEC provides a risk management framework for financial institutions that offer online banking to customers.
The FFIEC states that single-factor authentication is not enough for sensitive communications, high-dollar value transactions or privileged user access (such as network administrators). And, since two-factor authentication is recommended for financial institutions as an authentication control, it is also recommended for any vendors that support financial institutions.
Learn more about two-factor authentication for the financial and banking services.