Around 10.8% of Internet users in South Africa were attacked at least once while browsing the Internet this year. A further 0.6% of local Internet users have banking malware on their computers.
This is according to Yury Namestnikov, head of Researcher at Kaspersky Lab Russia, who explains the main cyber attack vector when it comes to financial attacks is Web browsing, because when users browse the Internet on an infected Website, malware is able to instantly infect their computer or mobile phone.
Banks and financial institutions, he adds, hold records that are useful for conducting identity theft and fraud. These records have a long shelf life, and no financial system is safe from attacks.
"Financial attacks in SA are very high on the list of overall attacks. Phishing is one of the most popular methods used by criminals. However, the most sophisticated financial threats are the ones that don't consist of any form of communication, such as fake antivirus scanners or bogus disk defragmenters, designed to mislead users into thinking that their computer has serious problems that must be fixed by paying for a license of the software," explains Namestnikov.
Around 2% of Internet users in SA are hit by ransomware which encrypts files and documents on the computer and criminals request a ransom for the return of information, he points out.
"Mobile phones on the other hand, are mostly affected by software containing pop-up advertisements to steal data from users. As far as financial threats on mobile phones are concerned, cyber criminals are constantly working on software to replace genuine banking apps with counterfeit apps, in order to steal the users' account information," notes Namestnikov.
Many users look towards banks to ensure their mobile phones are secured. However it's still the users' responsibility to protect their devices because banks cannot see what is installed on a user's phone, he warns.
Kaspersky Lab's IT threat evolution Report for Q2, revealed financial malware is evolving through collaboration between malware creators, and has increased by 15.6% globally.
The report notes one of the reasons for the rise in malware is the collaboration between the authors of two leading banking Trojans: Gozi Trojan and Nymaim Trojan, both falling into the top 10 ranking of financial malware.
"Financial malware are still active and developing rapidly. New banking Trojans have significantly extended their functionality by adding new modules, such as ransomware. If criminals do not succeed in stealing users' personal data, they will encrypt it and demand a ransom. Another example is the Neurevt Trojan family. This malware was used not only to steal data in online banking systems, but also to send out spam," explains Denis Makrushin, security expert at Kaspersky Lab.
The 2016 Verizon Data Breach Investigations Report found that outside of the public sector and the entertainment industry, the financial industry racked up 1 368 breach incidents in 2015 - more than any other single industry in the report.
Bank security
While Banks spend an exorbitant amount of money to protect their systems, criminals equally spend a lot of money on hiring skilled syndicates who are able to bypass their systems and encrypt undetectable malware, says Namestnikov.
"Banks invest a lot of resources in security to protect their infrastructure but unfortunately they often don't invest the same in training their own staff about cyber security. Small banks don't even have a security department but the security teams fall under the IT department, and they often don't have adequate IT security training.
"As a form of beefing up their security, banks should also work on a network separating strategy where the office network is separated from the ATM network and their SWIFT service is also separated from their office network. If criminals gain access into the ATM network they are able to collect all the information they need in a number of days, to perform different types of scams such as card scams where they issue themselves bank cards," observes Namestnikov.
SA Banks should also formulate incident response teams which are structured to share incident information with other banks in order to keep up with the many financial cyber crimes and to alert banks who have not yet been victims. This information can also be shared at an international level to keep up with global cyber crime trends, he concludes.
Share