Of the thousands of new Trojans found by Kaspersky Lab's analysts every day, one-third target Internet banking.
This is according to Costin Raiu, chief security expert for Kaspersky Lab EEMEA, who urges banks to do more to protect their customers.
Speaking at the ITWeb Security Summit, in Midrand, on Tuesday, Raiu said: “Malware has grown exponentially over the past few years, generating a serious problem, as security companies out there cannot grow their number of analysts exponentially.”
While banks around the world are dealing with the economic crisis, Raiu said now was not the time for them to cut back on their security budgets, despite cash flow issues and depressing economic forecasts.
In addition, he noted, while security spend is reduced, online financial transactions are not lessening.
Reports reveal banks are cutting back on their physical security needs in these tough economic times and it concerns Raiu that online security is following suit. “IT security accounts for between 5% and 12% of total IT spend. As IT budgets are cut, security becomes a casualty along with everything else.”
He said the closure of global financial institutions has also exacerbated the problem and brought with it a new onslaught of phishing attacks. “Customers, who are already in doubt as to whether their funds held by one of these institutions will be paid back, are vulnerable. They are more likely to respond to a phishing mail stating their money will not be returned if, for example, they do not confirm their online details within the next 24 hours.”
This is just one of the ways cyber criminals are making money. They use malware to record passwords typed through a keyboard, phish for personal account details, and re-route online banking customers to fraudulent Web sites designed to collect login and password details.
“Trojans also make use of screenshots, capturing each mouse click on the virtual 'secure' keyboard, rendering these unsafe and useless.”
Raiu said the lack of transparency within banks about attacks they have fallen victim to compounds the problem. “Banks should be open with their customers about attacks, not only acknowledging them, but offering advice and tips to the public to minimise these threats.”
Insurers are increasingly unwilling to reimburse banks for cyber attacks, especially since some banks still have basic authentication systems. “A multifunctional authentication system is the best way to go, giving the maximum protection for banks and their customers. Banks need to do more for their customers."
Share