Beware! Online banking malware a serious and growing threat

Trend Micro's Security Roundup Report says there's been a huge jump in unauthorised access to your personal data; familiarity with prevention tools a must

“Your account security seems to have been compromised. Contact the system administrator now.” Have you ever faced a similar situation?

According to Trend Micro’s Q2 2013 Security Roundup Report,  released recently, increased online banking threats and the availability of sophisticated, inexpensive malware toolkits are among the growing concerns. Once malware gains access to your computer, your personal data can easily be made available to the hacker.

...

The report warns users the increasing hazards of online banking and suggests online banking malware has seen a 29 per cent jump from the previous quarter—from 1,13,000 to 1,46,000 infections.

Online banking threats are spreading across the globe and are no longer concentrated in regions such as Europe and the Americas, the report suggests. Cybercriminals have not generated new threats; instead, they have opted to repackage old ones, it adds.

While more online banking threats were seen in different countries in the quarter ended June, especially in Brazil, South Korea and Japan, two per cent of Indians became victims of online banking malware, the report said. India topped the list of the top-10 spam-sending countries at 12.99 per cent, followed by Saudi Arabia (7.64 per cent), the US (5.81 per cent) and South Korea (4.43 per cent).

...

All this has highlighted the need for increased awareness of online banking security, as cybercriminals have come up with more diverse attacks that use various social engineering lures, single sign-on and multiprotocol services and blogging platforms.

“We found an online banking malware that modifies an infected computer’s hosts file to redirect a customer of certain banks to phishing sites. We also saw more Citadel variants (detected as ZBOT), targeting different financial service institutions. These malware not only target big banks, but also smaller ones, including those that exclusively cater to online banking customers. As predicted, cybercriminals carried out developments in malware distribution and refinement for existing tools,” said Dhanya Thakkar, managing director (India & the South Asian Association for Regional Cooperation), Trend Micro.

All this has highlighted the need for increased awareness of online banking security, as cybercriminals have come up with more diverse attacks that use various social engineering lures, single sign-on and multiprotocol services and blogging platforms.

“We found an online banking malware that modifies an infected computer’s hosts file to redirect a customer of certain banks to phishing sites. We also saw more Citadel variants (detected as ZBOT), targeting different financial service institutions. These malware not only target big banks, but also smaller ones, including those that exclusively cater to online banking customers. As predicted, cybercriminals carried out developments in malware distribution and refinement for existing tools,” said Dhanya Thakkar, managing director (India & the South Asian Association for Regional Cooperation), Trend Micro.

...

The findings also suggest Android was the target of most mobile threats; its rate of volume growth and plexity swelled at a much faster pace compared to personal computer malware. 

Attackers largely used emails, the most popular mode of business communication, to get into target networks.

 Based on the targeted attacks Trend Micro monitored in 2012, rich text format (.RTF) files were the most common ones used in targeted attacks, while Microsoft Excel files were a close second.

...

10 ways to safeguard yourself

• Always use trusted devices (home or office PC, personal mobile device) to log into your internet banking account. Banks send a one-time password to your registered mobile numbers and email IDs. Do not share your username and password
• Avoid using the same password across online accounts. Change your password every few months
• Regularly check your bank, credit and debit card statements, to ensure all the transactions are legitimate
• Do not respond to text messages (SMSes), automated voice messages and emails from unknown or blocked numbers from your mobile phone
• Do not download any software or application, unless you trust the source. Do not respond to unsolicited emails, text messages or phone calls requesting personal information
• Apply the latest security updates and patches to your software programmes and operating systems
• Never click on links or attachments associated with any unsolicited mail/website/link/pop-up that might seek information or intimate you on prize money, lottery, etc
• Scrutinise every app you download, regardless of the source
• Avoid using free, but unsecured Wi-Fi access
• If you have been a victim of cellular fraud, file a complaint with your mobile phone service provider and the law enforcement agency