As banks move into the clouds, malicious attacks keep increasing. Arrow to Content

MP900386062Why are malicious attacks on banks increasing? Security professionals around the world are unified on the assessments that malicious attacks on banks are not just increasing but increasing exponentially. What’s going on? Are security attacks generally increasing? Have we just learned to detect attacks better? Or is there something genuinely singular going on?

The answer is ominous. Two related trends mean that targeted attacks on banks have not only increased at a terrifying rate but that such attacks will continue to spread and grow. The two trends that we are talking about are the lucrativeness of targeted attacks and the rapid fire spread of rootkits needed to launch malicious attacks.
It seems increasingly that 2011 was the tipping point for cyber crime. Cyber attacks grew 300-400% that year and saw a distinct branching out into two types of attacks. Mass attacks targeting hundreds of thousands of customers, and “spear phishing” attacks typically targeting a thousand people or so. While mass email attacks are of the standard variety type which just need an email address to launch, spear phishing attacks usually come from trusted sources, and use previously stolen information to seem authentic.

One study done a few years ago explained the economics of the two methods this way: “Say a mass attack sends about 1 million messages in a campaign, while a spear-phishing attack sends 1,000. Some 70 percent of the spear-phishing victims open their messages, while about 3 percent do so in the mass attacks; half of spear-phishing targets “click through” their messages, while the click-through rate for mass attacks is about 5 percent… A targeted attack would cost about $10,000 for a cybercriminal to pull off, versus a mass attack that costs the bad guy about $2,000. Mass-attack victims are worth about $2,000 a head, while targeted ones are valued at $80,000 each… The mass campaign nets eight victims, while the targeted one successfully dupes two, so in the end the targeted attack returns a $150,000 profit, versus $14,000 for the mass attack.”

Banks of course are a target because they store information that can be used to create spear phishing emails, and they have online banking that can allow stolen passwords to make withdrawals. How lucrative can this be? The recent “Gozi” Trojan story is highly instructive in this regard: Gozi first came on the scene in 2005 and largely targeted Europeans until 2010. Gozi was a sophisticated password stealing malware. In 2010 it evolved to be able to not only steal login data but other data straight from the bank that would have all information needed to quickly move funds. Gozi’s creator would steal the information and pass it to underground auction houses where cyber criminals would use the data to siphon money from the banking clients. Sums like USD 8000 to USD 200,000 started missing from US online banks as a result of Gozi. Gozi’s creator is now in jail but his total earnings from Gozi are expected to hit fifty million US dollars!

Another trend that dovetails into this alarming security situation making it much worse is the rootkit phenomena. Earlier hacking was done by hackers. Usually genius programmers like the creator of the Gozi virus who created the Trojan malware when he was eighteen would be behind hacking attacks. The barrier of entry for Cybercrime is no longer so high. Attack toolkits are increasingly now available to a black market eager to commit cybercrimes but without the programming skillsto do so. Recently Symantec noticed that 61% of observed web based threat activity directly happened because of rootkits. One of the most popular threat toolkit called Zeus is aimed solely at stealing bank account credentials. Just one gang of cyber criminals used Zeus to steal over USD 70 million in an eighteen month period! This level of payback has meant that rootkits are exploding in popularity.

New sophisticated rootkits not only evade detection from latest threats they can with a subscription based model give latest zero day exploit to their owners making the modern internet full of legions of sophisticated up to date rootkit wielders all aiming to steal your banking information. The average attack kit costs 900 US dolalrs but with options can go for upto 8000 dollars or more. That’s the only investment a criminal mind needs to come after a banking customer.

With such a lucrative underground economy for user information and targeted user attacks the preferred method of getting that information, and with unchecked rootkit proliferation malicious targeted attacks will only grow in number with banks squarely in the centre of such attacks.

As banks increasingly move towards cloud based solutions they need to keep pace with cloud based security postures in the arms race with hackers. More guidance can be found on www.cloudsecurityalliance.org 

– Habibullah Khan, General Secretary Cloud Security Alliance Pakistan www.cloudsecurityalliance.org

Page Dividing Line