A bleak picture, but hope remains
As traditional white-collar criminals adapt and utilise cybercrime techniques, the lines between these two areas are starting to blur, writes Alisdair McLaughlin, Solutions Specialist at EclecticIQ.
However, businesses aren’t keeping up with these advanced adversaries, mainly due to organisations having departments that operate in silos. With information security units, cyber threat intelligence, counter fraud and general risk teams all operating independently, each is managing information and intelligence within their own domain.
Fraud investigation and intelligence teams have existed in financial services organisations for some time now however, the siloed approach between both teams is hampering efforts to keep cyber fraudsters at bay.
The threat of cyber fraudsters is bringing with it many challenges for those within financial services. In such a siloed environment, mobile banking fraud is just one of the problems that has emerged as a real and growing issue. This type of threat has evolved from actors targeting banking web pages – where victims would be socially engineered into downloading and installing malware that performs redirection or injection attacks on those web pages – to the mobile malware fraud that uses numerous attack techniques to plague victims today.
One example of this is what are seemingly genuine apps, available on official app stores. These apps act as malware droppers i.e. once downloaded the app installs malware onto a victim’s device. The next stop is upon the opening of the app by the victim. Once fired up, the malware harvests credentials and credit card details – information which is used by actors to steal money. This is causing a number of issues for businesses including financial losses, brand damage as well as extra regulatory pressure.
The Anubis banking malware is one example of this in practice. Aimed at stealing victims’ banking credentials, once downloaded the malware allows attackers to access contact lists and device location, record audio, send SMS messages and make calls. It can also tamper with the external storage capabilities allowing the malware to spread to additional victims through shared messages and fraudulent calls.
Having been distributed to 93 countries and having targeted the users of 377 different financial apps, the Anubis malware is causing issues for banks looking to combat and understand these types of malware.
Alongside malware threats, another challenge that businesses are facing is the use of money mules, middlemen who carry out illegal transactions on behalf of a criminal third-party. These mules aren’t always aware that they are engaging in criminal activities aimed at committing fraud.
Yet, in a fraudulent financial transaction, money mules are responsible for laundering the illicitly-obtained money, such as proceeds from phishing, malware or email scams. They then transfer the money using money orders or cryptocurrencies.
These mules (and the criminals behind them) are using technology and processes to enable fraudulent activity more rapidly. A lack of intelligence sharing, not only within departments and stakeholders, but within the financial services industry as a whole, means the effort involved in understanding fraudulent patterns of activity, identifying suspect transactions and mitigating them is high.
This is making it hard for financial services companies to keep mules away, and to deliver updates and results to appropriate stakeholders in a timely manner once an attack has happened, simply because they don’t have the tools to gather actionable intelligence.
The lack of technology to manage certain types of data, a lack of integration across fraud systems as well as siloed IT departments, means there is a lack of intelligence visibility across many enterprises. While this paints a bleak picture, there is hope.
Firstly, we’ll look at malware. In order to combat and understand malware, like Anubis, organisations need tools – such as those developed by ThreatFabric – to help proactively detect known and unknown threats in order to mitigate fraud and deflect risk.
To accompany this, by using a threat intelligence platform, businesses will receive structured intelligence to inform them of threats as well as tactical and strategic intelligence on banking malware, allowing action to be taken. Having the ability to track such malware will give organisations the ability to implement detection controls to deflect risk and cut fraud-related losses.
When it comes to money mules and mule accounts, organisations can use this technology to manually and automatically enter information on mules, allowing them to identify and track activity. By having the option to create TTP (tactics, techniques and procedures) entities within the platform which describe the actors, their behaviours and the victims, organisations have actionable data at their fingertips which can generate meaningful intelligence that provides valuable context to their investigation.
Banks and other organisations within the financial services sector should be ensuring they are implementing the correct tools to better enable IT teams to protect their assets, network and infrastructure. The technological investment into a threat intelligence platform and tools pales into insignificance in the wake of an attack and will reduce fraud losses as well as supporting a general intelligence and security strategy.