CEBU, Philippines - As online scammers keep on developing ways on how to bypass security measures protecting financial data, a cyber-security company cautions the banking sector of a new developing cyber-threat.
Kaspersky Lab said the advent of online banking has likewise paved way to a new form of cybercrime --- the theft of payment information.
Kaspersky experts warned that banking Trojans are the most dangerous kind of specialized malware. Once installed on a victim’s computer, a Trojan rule, automatically collects all payment data, and sometimes even conducts financial transactions on the victim’s behalf.
Criminals use multi-targeted banking Trojans to attack customers of different banks and payment systems, as well as Trojans targeted to a specific bank’s customers.
Experts said that criminals may send out Trojans through phishing letters which lure a user into following a link or opening an attached file that turns out to be malicious. "For mass distribution of banking Trojans they also actively exploit vulnerabilities in Windows and popular applications."
After furtively penetrating the system, exploits load a Trojan onto an infected computer. In order to attack more efficiently, criminals use exploit packs - a set of various exploits for different vulnerabilities.
“At this stage, financial data is protected by antivirus solutions and special solutions like Safe Money, which protects users from banking Trojans by using an antivirus, secure browser processes and secure keyboard input, while the web authenticity of a payment or online banking system is confirmed against a check of its digital certificate and links,” said Nikolay Grebennikov, Chief Technology Officer at Kaspersky Lab.
Moreover, banking Trojans are able to bypass additional security layers such as two-factor authentication with one-time passwords (TAN codes).
In 2012 alone, Kaspersky Lab detected more than 3.5 million attempted ZeuS attacks on 896,000 computers in different countries.
Local banks on the other hand, are bracing for possible increase of fraud in the online banking system.
Prudencio Gesta, Cebu Bankers Club (CBC) past president said that although each bank has already have their own protection measures against possible online fraud, to be extra vigilant is necessary, in order to protect the banking public.
"Most banks have continued to update their firewalls or internal controls against any type of crimes," said Gesta. (FREEMAN)