South Africa is well known for its concentration of financial resources and any region that transacts using the English language or deemed as affluent is always high on the target list for the adversaries. Banking malware targets user devices to steal financial information like credit card details and bank account passwords. The criminals then use this stolen information to transfer money from the compromised accounts.
The most common banking malware in South Africa is Zeus (Windows) and Carberp (Windows) which have long been popular malware for Windows computers and widely available public source code has enabled criminals to develop many variants of these. Zeus Gameover, the latest variant of Zeus has hit hard in many countries. However, Zeus Gameover was taken down by the FBI and Microsoft in June 2014.
The financial sector is one the most targeted of all vertical sectors – the prize is simple – lucrative financial gain. The recent Verizon DBIR 2015 Report cites financial services as the top five targeted verticals, which is down from previous years and other sectors such as healthcare have topped the list. The most common threats to this sector are crimeware, web application attacks, payment card skimmers and insider misuse.
Other verticals are targeted for valuable intellectual property or custodial data such as personal information. One of the big differences is that attacks to steal intellectual property tend to be nation-state sponsored as they are targeted, well-funded, well-resourced and persistent focusing on the defence sector, pharmaceuticals or any organisation that has high-value digital assets. Organised crime gangs tend to be the perpetrators of financial services attacks.
Banks typically invest heavily in Cyber Security tools and resources to keep the bank and their customers secure. Several major trends are disrupting how banks practice information security and protect their customers:
First, the adoption of cloud-based IT infrastructures and the pervasive use of mobile devices and mobile applications means that security departments are being asked to secure what they don’t own, manage, or control and your customers are expecting more ways for you to deliver your products and services. Banks are rapidly embracing various digital channels, especially mobile as a means to better attract and retain customers, improve the customer experience, and provide cross channel engagement using the unique features of modern devices.
We’re also in the midst of a transformation of how they conduct business. Leading financial organisations are seeking to take advantage of these technology advances – building new applications that are delivered through these new access models. They are interacting with a much more diverse supply chain, and employing a much more extended workforce and customer base. At the same time, these employee, supplier and customer relationships are increasingly more temporary – assembled as needed and frequently dissolved when no longer required. All of these changes place more strain on their ability to adequately secure the interactions between people and information.
For example, the mobile device acts as a vehicle for an effective, functional digital wallet, which is proving to be a disruptive technology in the payment services industry, enabling both new methods of instant funds transfer payments and direct payments between parties connected via a social media based relationship.
Finally, as the strategic value and complexity of the digital channel grows, so do the opportunities for cyber-crime and fraud. In response, the threat landscape and attacker tactics have fundamentally changed, resulting in adversaries that are more formidable than ever before, and who can’t be stopped effectively using today’s tools and methods.
For more information contact EMC South Africa, +27 (0)11 581 0033, sonelia.dupreez@emc.com, www.EMC.com
© Technews Publishing (Pty) Ltd. | All Rights Reserved.