“Banking malware accounts for 41% of recorded cyber attacks” warns Action Fraud

In a recent report run by Action Fraud and the City of London Police, it has been found that banking malware now accounts for over 40% of recorded malware infections* in the UK. Banking malware is a type of software used by cyber criminals to target online bank accounts that allows them to obtain personal and financial details.

A computer or mobile device may become infected if it doesn’t have sufficient anti-virus protection, regular patches or software updates applied. Once a given machine is infected, a cyber criminal can remotely take control of the internal functions of the device. They can then begin to steal personal data and access online bank accounts, subsequently encrypting files and distributing malware to other computers.

When malware is present on a computer there’s normally a financial cost involved for the end user. This may involve having to buy anti-virus software products to protect the device or paying a ransom to regain valuable data and files.

For their part, businesses may experience a loss in revenue from a Distributed Denial of Service (DDoS) attack episode affecting a given company’s website.

Malware can be obtained from the Dark Web and may be downloaded either for free or purchased covertly by the cyber criminal. The price varies depending on the technical ability of the malware involved.

Computer users will unintentionally download malware by doing the following:

*Clicking on an infected file attachment in an e-mail

*Clicking on an infected website link

*Clicking on an infected link while present on a social media site

*Inserting an infected removal drive into the computer

*Downloading an infected file attachment on a text or via a mobile application

Four different methods

Most banking malware steals information by following four different methods:

*Cookie Grabbers: Cyber criminals steal information generated by the user while they’re using the Internet. This data may include banking passwords which then allow the criminal to access the user’s online bank account

*Virtual Network Computing: Cyber criminals remotely access the device and infect it with the malware (this commonly happens when a user is using a public Wi-Fi network)

*Spy Modules: These allow cyber criminals to observe web browser activities. The criminals are alerted when a user visits a specific website such as a banking site, which then allows them to make an attack

*Drive Scanner: Used by the criminals to search files and folders on the infected device and look for documents with passwords or other useful information

In a three-month period, the City of London Police was able to detect 280 different malware families, with banking malware accounting for 41% of all infections.

Ramnit is a type of banking malware that’s most popularly used by cyber criminals. According to Symantec, more than 3.2 million computers were infected globally by this type of malware over a five-year period (2010-2015).

In February last year, law enforcement and industry conducted an operation which led to a number of seizures of servers controlled by the Ramnit criminal group. It’s thought that this group is starting to re-emerge and pose a serious threat to all computer users.

Protection from banking malware

*Don’t click on links you receive in unsolicited e-mails or SMS messages. The links may lead to malicious websites and any attachments could be infected with malware

*Only install apps from official app stores, such as Google’s Play Store or Apple’s App Store. Jailbreaking, rooting or disabling any of the default security features on your mobile device may leave it more susceptible to malware infections at some point

*When logging in to your online banking account, be extremely cautious if you’re asked for details such as the three-digit (CVV) number on the back of your card, the long number on the front of the card, your card’s expiry date or the four-digit PIN for your card. If the online banking login page you’re on does ask for those details, then don’t log in until you’ve called your bank to verify that you’re logging in to a genuine web page

*Your bank will never ask you to transfer money out of your account and into another. Fraudsters will. If you receive messages, browser pop-ups or calls asking you to do this, don’t respond to them. Call your bank immediately

What to do if your computer has been infected

You can disinfect you computer for free by using specialist software from providers such as Microsoft and Symantec. The disinfection tools will identify whether a computer has been infected and, if so, disinfect it. The tool will cause no harm if used on computers that have not been infected.

If your computer has been affected you should change all of your passwords on banking, e-mail, social media and other potentially sensitive online accounts.

Chris Greany, the City of London Police’s Commander and National Co-ordinator for Economic Crime,  said: “We live in an age where computers and mobile devices dominate our lives, both during work and in our leisure time. Cyber criminals are increasingly using malware to access our financial details, and constantly adapting it such that they can try and get ahead of the security measures put in place by law enforcement and industry.”

Greany continued: “Both members of the public and business managers need to be aware of this and accept the fact that, while it’s safe to use online banking, they should follow our protection advice which will help them to avoid their online bank accounts being compromised.”

*According to a report collated by Action Fraud and the City of London Police for the period 1 September-31 November 2015 

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts