Author: Clayton Locke
The dangers of banking malware
Since the dawn of digital banking there has been malware; applications designed to defraud both the banks and their customers. These threats have steadily increased in an arms race between hackers and information security experts. The hackers now appear to have the lead with one of the most potentially destructive weapons in banking malware detected so far: The ZeuS Trojan.
According to online security company Trusteer, the ZeuS Trojan is now capable of hacking into customers’ secure online banking systems using their own versions of card verification screens, asking for details such as their credit card details and password, and then sending it back to a database that the Trojan maintains. Not only does this clever piece of malware mimic a system that is both well-known and trusted, the truly dangerous feature is that it is itself a product – and one that has become the market leader in the online fraud industry. For a price it can be purchased and downloaded and configured by a rapidly growing and organised group of online criminals.
Even after the ZeuS original source code was leaked in 2011, other customised versions have been created by cybercriminals, using the released code, to arm themselves. In 2013 ZeuS resurfaced in its most potent form yet, using counterfeit links, posted to Facebook pages.
When clicked on, this new weapon will spread through a computer, taking bank details and other vital information. Although not directly, this new infection could end up costing financial institutions millions in money returned to customers.
The incentive to engage in this activity is high – in 2010 one cybercrime ring alone cost banks in the US $70 million. With customised add ons to the malware, derived from its source code, costing up to US $10,000 – greed is driving the growth in this organised criminal activity.
However, banks are not being idle. Later this month Wall Street will have the majority of its major financial institutions take part in ‘Quantum Dawn 2’, a financial war game designed to simulate a full on cyber-attack, the challenge being to see how the banks react to an attack of such magnitude and whether they are capable of defusing or decelerating the situation that the simulation presents.
The cybercrime race is in its early stages. The banks continue to evolve their security measures as the cybercriminals make ever more sophisticated malware to hack into them. The original Trojan War may have lasted for 10 years but our second Trojan War is set to last much longer.