Banking Trojans: The Biggest Threat to Financial Services Explained.
Banking trojans have been named the biggest threat to the state of financial institutions operating online, according to new research from Blueliv, and worse still- attacks are on the rise.
The news comes via Blueliv’s report focussed on the banking sector, ‘Follow the Money’, which you can access here. In that report, just under one-third (31%) of respondents said that banking trojans represented the biggest challenge to their operations and keeping clients safe using their services online.
What is a banking trojan? Well, it’s a feature that allows a hacker to redirect traffic from banking and financial websites to another website, ostensibly a website that the attacker has access to. When the software is executed, it copies itself onto the host computer, creating folders and setting Registry entries each time the system is started. Quite fittingly, it takes its name from the fable of the horse that was offered to the independent city of Troy by the Greeks, housing a select number of soldiers.
The report also mentions that mobile malware is the second-most pressing threat for online financial services, which is a “category also increasingly comprised of Trojans designed to access customer accounts,” according to Info Security Magazine.
“The bad news is that activity appears to be escalating in this area,” according to Phil Muncaster, “Blueliv’s report revealed the firm tracked a three-digit uptick in Trickbot (283%) and Dridex (130%) detections over Q2 and Q3 this year.”
These bots distribute banking trojans as well as other malware that targets financial services operating online, so judging by these numbers, the prevalence of banking trojans is set to increase in the foreseeable future.
Daniel Solis, Blueliv’s CEO says that “because they are such high-value targets for cyber-criminal activity, it is imperative that financial services organisations monitor what is happening both inside and outside their networks in real-time to create effective mitigation strategies before, during and after an attack.”
Blueliv’s research also indicates that a skills shortage in the IT security sector represents the biggest challenge to the state of internal security procedures at banks as they build out new programs to keep client data safe.
Info Security Magazine also writes that “recent data from (ISC)2 revealed that global skills shortages now exceed four million. In Europe, the crisis is particularly acute: shortages have soared 100% over the past year to reach 291,000. The poll also highlighted the challenges associated with high volumes of threats and alerts (26%) and poor visibility into threats (20%), which it is claimed are hampering baking cybersecurity teams as they struggle to combat attacks.”
Solis says that the skills shortage can be addressed in one form or another with more investment. “Security teams can be easily overwhelmed by the number of threat alerts they receive which can very quickly result in alert fatigue and desensitisation to real, preventable threats. Threat intelligence can address the cyber skills gap through continuous automated monitoring combined with human resources to provide context, helping FSIs develop highly-targeted threat detection, prevention and investigation capabilities,” he conciluded.