The banks most attacked with ATS are located in Italy, UK and Germany, the countries where have been observed the major investments in security and where the level of protection is high and request sophisticated techniques to realize scams. Trend Micro researcher, Loucif Kharouni declared:
“ATS infection is difficult to determine since ATSs silently perform fraudulent transactions in the background. It is, therefore, a good practice to frequently monitor banking statements using methods other than doing so online (i.e., checking balances over the phone or monitoring bank statements sent via mail),”
The ATS aren’t the unique cyber threats to banking, we have also other kind of malware that hit the sector and it is observed an increasing trend for other attacks such as DDoS attacks made by hacktivists of foreign states sponsored hackers. In the last months another fraud schema has been deployed to attack banks and financial institutions, using ransom Trojans, agents that demands money before attempting to steal user logins. An example is provided by the Trojan:W32/Reveton, a ransomware application that claims to be from a legitimate law enforcement authority and prevents users from accessing their infected machine, demanding that a ‘fine’ must be paid to restore normal access.
These methods of attack alongside the classic frauds in the sector, such as identity theft and cloning of smartcards, but to worry the security experts of banking is also the rapid spread of new botnets based on P2P technology due the extreme difficulty to counter them.
Finally, as mentioned in the first part of the article, great emphasis on security aspects must be given at the opening of banking services to mobile and social networks, platforms that are relatively young in which the perception of the cyber threat is low and the adoption of safety systems is the almost zero, fruitful ground for cyber criminals looking for easy business.
IT Banking, a growing sector that must be adequately protected