A new cybersecurity report shows that financial services firms saw a huge increase in credential leaks and credit card thefts as hackers switch back to old school tactics and go directly where the money is.
All the analyzed data shows that more than one-quarter of all malware attacks, form the start of 2019 and now, have targeted the financial services sector.
This is not a surprising fact because crypto coins have become less and less profitable and now hackers want money from another well-fed source.
The first quarter of 2019 a spike with 212% in compromised credit cards, 129% surge in credential leaks, and 102% growth in malicious financial mobile apps.
Researchers are also saying that banks and other financial services organizations were targeted in 26% of all malware attacks last year.
The biggest leak so far was in January 2019, when 2.2 billion usernames and passwords were exposed on the Dark Web in an incident named “Collections #1-5,”.
Even with the shutdown of Altenen, a major hub for buying and selling credit card data, things never settled down. Over its lifespan, it is estimated that Altenen sold more than 20,000 credit cards and laundered more than $31 million. As soon as the Altenen was shut down, copycats appeared almost instantly like Altenen.nz; the only good news here is that it is unlikely any of the substitutes will grow to reach the scale of the original. But even so, this year where found 9,708 instances of exposed credit card data, that represent a 212% increase year-over-year if we make a balance.
Before selling a credit card data hackers first use the compromised credit card numbers to make small purchases; by doing this they can evade detection while generating nearly 10 times more “free money” than what the card is worth on the Dark Web. Credit card companies usually reimburse people affected by card fraud; as a result, so hackers see potentially big gains and little risk in this kind of practice.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
Credential theft represents a pervasive and dangerous threat to financial services. In 2018 were registered more than 43,000 breaches across the world that involved the use of customer credentials stolen from botnet-infected clients. Credential theft represents a rapidly growing cyber threat to companies networks, especially if hackers gain access to the username and password of a privileged employee. Just imagine if they have this level of access, they literally don’t need any malware to achieve their goals.
The same report also shows a 102% growth in the frequency of malicious mobile applications since early 2018. More than 1 in 3 consumers are affected by fake mobile apps, which vary from fraudulent banking apps that mimic apps from major companies to data-stealing apps or spyware.
Cybersecurity experts explain that this kind of growth represents a big risk because these apps never stop from growing as consumers become more comfortable with mobile banking.
Such malicious apps mainly target financial firms by using a range of tactics, the most common of which are malware: Adload, Atrpas, and Emotet (banking Trojans); except them there are also ransomware, ATM malware and card skimmers, and vulnerabilities in SS7, which hackers exploit to intercept text messages that are later used to authorize payments from bank accounts.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.