Financial institutions are vulnerable to attacks. Most don’t advertise the fact, but with threat after zero-day threat emerging, it’s impossible to avoid the obvious. In a recent Washington Post article, Kaspersky Lab Managing Director Christopher B. Doggett describes how during an IT security penetration test, his team hacked a large, publicly traded financial company in less than 15 minutes. However, this isn’t the only attack vector. A new IBM study dives into the world of financial malware and uncovers the truth: It’s everywhere.

Effective Protection Against Financial Malware?

To deal with the malware problem, most financial institutions use a combination of authentication protocols, anomaly detection and device ID approaches to catch fraudsters in the act. The problem? These techniques are hit-or-miss. The Trusteer study points out that “today’s cybercriminals are aware of the fraud prevention technologies deployed by most financial institutions, and they design attacks to circumvent these controls.”

Authentication can be bypassed with social engineering tools, which supply malware creators with legitimate login information, while transaction detection and device ID solutions often lack accuracy and create thousands of false-positives that must be cleared by IT staff. At best, this means wasted resources are used to check legitimate transactions. At worst, this kind of overflow negatively affects the customer experience.

Perks of Being a Wallflower

To bypass bank security and obtain login credentials, cybercriminals rely on social engineering. Put simply, they need a way to convince users that downloading malicious attachments or infecting their own computer is a good idea. Doing so is actually quite simple. For example, fraudsters might create emails that appear to be from a user’s bank and include everything from actual logos to contact information. The email typically asks customers to confirm their identity as a way to avoid fraud, when, in fact, “confirming” ID precipitates this fraud. In effect, malware creators rely on human sociability as a way to effectively undermine common sense. The bottom line? Login credentials should never be given when replying to any email, no matter how legitimate it looks.

You’re Infected!

Cybercriminals also use a number of other methods to infect computers. For example, they may create emails with fake attachments that include a malware payload, or pay for advertising space on social media or popular websites, and then infect these ads with malicious JavaScript. Some create infection services or downloaders, which they sell to other malware users as a way to infect multiple machines. Finally, certain applications or Internet browsers contain vulnerabilities that let fraudsters introduce a malware payload that infects a machine without any user action. For example, a recent ZDNet article notes that supposedly secure Google Chrome variant Aviator was recently hacked by Google engineers.

Taking What’s Yours

After infecting victims, malware creators still need to grab information that matters. According to Trusteer, this happens in one of several ways. Perhaps the simplest method is taking screenshots of customers’ login screens and then emailing this information to a malware command-and-control server. Some malware relies on keylogging to obtain usernames and passwords, while other variants prefer to hijack session cookies and create legitimate-looking copies.

It is also possible to redirect browsers to supposedly secure websites by altering Domain Name System configurations. This lets fraudsters grab credentials from multiple users at once rather than infecting machines one at a time. More recent variants include financial malware targeting ICS/SCADA networks disguised as human machine interface device drivers and other files. Dark Reading notes that while ICS/SCADA networks are always on the alert for a new Stuxnet or similar Trojan, they are “soft targets” when it comes to financial fraud.

The Execution

The final step in the process is the execution, which falls under several broad categories. In account takeover attacks, cybercriminals use their own devices to access customers’ accounts and perform fraudulent transactions. These attacks are often short-lived since financial institutions are now on the lookout for the systematic movement of money in large volumes or to strange locations. It is also possible for malicious actors to use automated transaction systems to alter legitimate transactions on the fly.

These criminal acts are harder to detect because the original transaction was initiated by the user and changed in the middle of the approval process. In most cases, funds are diverted to mule accounts and then transferred again to put distance between fraudsters and their victims. Those with mule accounts often believe they are receiving payment after being recruited online for “legitimate” work such as mystery shopping or evaluating the service of money transfer companies.

Bank On It?

Ultimately, financial malware creates a disconnect between banks and consumers. Banks are held responsible for the safety of customer accounts, but in many cases, customers are tricked into giving up their information. Solving the problem requires a two-pronged effort. Banks must invest in multilayered protection that can track the entire fraud life cycle, while users must be careful to safeguard their credentials and report any suspicious activity they encounter online. Malware threats are on the rise, and the financial fraud life cycle is growing.

Breaking the bank has become common practice — but it isn’t an inevitability.]

More from Banking & Finance

How to Spot a Nefarious Cryptocurrency Platform

Do you ever wonder if your cryptocurrency platform cashes in ransomware payments? Maybe not, but it might be worth investigating. Bitcoin-associated ransomware continues to plague companies, government agencies and individuals with no signs of letting up. And if your platform gets sanctioned, you may instantly lose access to all your funds. What exchanges or platforms do criminals use to cash out or launder ransomware payments? And what implications does this have for people who use exchanges legitimately? Blacklisted Exchanges and Mixers…

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

Why Cybersecurity Risk Assessment Matters in the Banking Industry

When customers put money in a bank, they need to trust it will stay there. Because of the high stakes involved for the customer, such as financial loss, and how long it takes to resolve fraud and potential identity theft, customers are sensitive to the security of the bank as well as fraud prevention measures. Banks that experience high volumes of fraud are likely to lose customers and revenue. The key is to protect customers and their accounts before problems…

Cost of a Data Breach: Banking and Finance

The importance of cybersecurity has touched almost every industry. Beyond that, robust cybersecurity is table stakes for several sectors, particularly health care and the banking and finance industry. Not only is financial data at risk, but so is customer trust. In banking and finance, trust means everything. Yet, consumers are hesitant to share their confidential data. A recent McKinsey survey revealed that no industry achieved a trust rating of 50% for data protection. Here’s the most sobering stat: 87% of…