As new technologies progressed and developed, they found good uses, but they also found inappropriate uses. Gradually, cybercrime gangs around the world are looking for more new ways to reach and attack users, however Also for large companies, owners and protectors of miles of data and personal information of their customers.
In particular, the banking sector has been a direct target of malware as have consumers. Inherent weaknesses in digital connectivity of banking transactions and virtual account management This has made this type of cyber attack more attractive and difficult to intercept. As society becomes increasingly dependent on technology to manage financial issues, The importance of cybersecurity in the banking world has become essential.
financial institutions They must implement strong measures To protect its architecture and systems, but also customer trust, working with specialized cybersecurity teams and adopting advanced technologies in order Prevention and detection of threats.
One of the main attack methods, which has maintained its popularity in recent years and continues to gain more ground, is the attack method Social engineering And Users continue to be one of the most dangerous vectors of disease. Customers often fall victim to banking Trojans, which are spread via email. These programs usually alert the user to supposed problems with their bank account, in order to motivate them to click on malicious links.
According to Fabio Assolini, Director of Kaspersky’s Research and Analysis Team for Latin America: Attackers can also use legitimate software installers to add malware and distribute it through Google ads or download sites. “All of these messages have a few things in common and are trying to wake up danger: charging your account, a card or account that’s going to be blocked, and always trying to alert you about something,” the executive says.
The term itself is well known, but in brief it refers to these Strategies used by cybercriminals to scam users. However, although they may (sometimes) seem outdated, Assolini says, “they still work, and even though they are old technology, criminals are adapting them to other forms.”
Before, it was social engineering emails – such as very frequent ones posing as banking companies To steal user information– They were more random. “But criminals today filter messages, for example, and only send them to customers who already have an account with that bank. How do they know that? How can they know that?” Due to many cases of data leakage.” Assolini specifies.
This reveals not only the risks to customers, but also what could ultimately constitute a credibility crisis on the part of organizations.
“In Latin America we have already seen fake emails from a specific bank with the full name, identity, agency account number and all personal data that only that bank has,” says Assolini about the major hack of data banks belonging to an important institution. In LATAM.
For this reason, changes have been promoted to avoid malware directed at users, such as the simple fact of not including links in emails. But criminal strategies now include another, more traditional channel.
“Today we are discussing how to abandon the use of SMS, because it is no longer a secure way to send communications to customers,” says Assolini. In reference to the short numbers that companies employ to direct messages to their users, but cyber attackers saw that they could employ them as well.
Regarding this particular case, the Kaspersky CEO highlights how hackers have become more sophisticated in their “access” to users. They rent these SMS services to send malicious messages, using the same infrastructure used by banking institutions. This media “crisis” could lead to a potential transition from the era of texting to push notifications on devices.
the problem? Many Android users do not have updated devices that do not allow these forms of connection.
Fabio Assolini comments on this Attacks in Latin America Diverse and evolved. In addition to the violations to which customers are exposed, it mentions the presence of… Banking Trojans or malware installed in ATM machines or POS attacks on POS modules.
Although he doesn’t give more details, he says that these point-of-sale attacks, in which “there is a Windows computer connected to the infected payment point terminal,” could lead to massive card cloning in the short term.
next to, There is a lead in the region by Brazilian cybercriminals, who have been developing banking Trojans for decades. The country was one of the first to adopt digital banking, taking its first steps in 2000. With years of experience, they are expanding their attacks to other countries. “Brazil is already too small for them and they need to expand: their attacks and initial target are the closest neighbors or countries,” he points out.
Most notably, for example, Grandoreiro, a group that attacks 900 banks in forty countries. Groups of this origin migrate to other regions, inspired by well-known agents of the past, e.g to spy And Zeus, coming from Eastern Europe. Both were among the first to develop malware for ATMs and payment systems.
“It is important that banking today modernizes itself with regard to fraud: it is not about computers, but also about phones. “Brazil is leading the development of new technologies for bank robbery, card cloning and also ATM infection,” highlights Assolini, who also mentions how The importance of monitoring organizations, because the end user is no longer the main target or main target.The greatest attraction.
“One theft after another gives you a lot of work, so now they’re thinking about attacking giant companies that can pay multi-million dollar ransoms,” he says.
“Beeraholic. Friend of animals everywhere. Evil web scholar. Zombie maven.”