The new year does not bode well in terms of cyber threats banking universe. The need for new services, primarily the ability to make transactions in mobile scenario, exposing the banks and their platforms to serious threats. Particularly in these early days of 2012, two reports have raised some concern:
Let go in the detail of the two threats.
Criminal organizzation have launched massive cyber attacks against banks like diversive to distract their customers from noticing perpetrated cyber theft. New malware have been implicated in Distributed-Denial-of-Service attacks with the intent to shut down bank websites diverting attention away from fraudulent transactions. The warning has been provided by the FBI, announced the spread of a new variant of the dreaded virus Zeus, called “GameOver”. Zeus malware is used to steal online bank users credential.
The propagation vector is e-mail spam, in fact a huge quantity of infected messages have been spread. The interesting feature of Gameover malware, like similar agents, is its ability to remain silent in the infected host waiting the rigth time to steal user’s credentials during on line bank accesses.
Just the ability to operate silently gives me the opportunity to introduce the second news. The protagonist is still an old threat of the banking sector, the SpyEye malware. Like “GameOver” malware, SpyEye, has-been seen with a feature designed to keep victimsin the dark long after fraud has taken place.
What is the main capacity that has made remarkable SpyEye? The agent is known for its ability to inject additional fields in any web form, using the technique called HTML injection. Fields added are used to retrieve the client credentials and other sensitive information such as credit card numbers.
The interesting feature is that using the same technique you can trick the user showing artifacts information to conceal the fraud in place.
Researchers at the Trusteer company have discovered that the injection of HTML is used to provide incorrect values of the total amount of banking accounts to conceal the misappropriation of money. Diabolical, isn’t it?
But there’s more! The malware keeps a history of banking operations conducted by user providing to the unaware customer a situation of its bank account in which fraudulent transactions are absent.
What to expect from the future? Most advanced malware which will implement the main features of its predecessors. Probably, we will encounter, as it is happened for the “Tilded platform” in the cases of Stuxnet and Duqu, a real development kit with which these agents will be configured and prepared to offend specific objectives.
When using on line banking services, in particular via mobile devices, there are a number of simple rules of behavior that should be shared as: