State of the Art. Evolution. That is the key to define the current situation about online banking fraud. As specialist, we are aware that in the vast majority of case, the cybersecurity discipline acts in a reactive way againts the threats of cybercriminals. A very typical way of acting in the banking sector.
Let's give a simple and very typical example, a cybercriminal desing a cybercriminal designs a phishing campaign to steal online banking credentials.
Usually, after the detection of online fraud, an approach is made to close the portal where the malicious files reside, to use blacklists published by antivirus manufacturers, modify the rules and configurations, warn the user of which has been infected, etc.
Each company develops its own techniques with tools and processes to face these types of situations. Despite all the efforts, online banking fraud continues to increase:
- More and more banks are using this type of platform to reach their customer. The increase is due to the speed and ease to carry out frequent operations like transfers, know the balance, etc.
- The cybercrime sector has become a very lucrative sector, reaching to coin the name "crime-as-a-service". A situation that allows each cyber criminal to specialize in each process of the criminal chain, such as the development of complex techniques to infect a user and rob him of his bank credentials. The more specialized the cybercriminal, the more elaborate and innovative their techniques will be.
- Bank fraud provides quick returns with a low level of risk, since criminal cyber identification is complex and time consuming. For criminals, online banking represents a great business opportunity.
- New cybercrime patterns appear that allow you to circumvent with relative ease at any time during the session of the user. For example, Remote Access Trojans (RAT), Account Take Over, bots, Man-in-the-Browser (MitB), etc.
- Finally, users who demand the services of online banking often lack sufficient security measures to combat these patterns.
Today, the main challenge facing banks is to be able to acquire a thorough knowledge of the new techniques, tactics and procedures (TTP) of cybercriminals to quickly generate the new threats.
In buguroo we consider that the techniques and tactics of online banking fraud are currently organized into three categories:
Threats Based on Imitation
Imitation threats, most commonly known as phishing and their variances (Vishing, SMishing, etc.), are the oldest and through the use of sophisticated social engineering techniques redirect users to sites that are copies of legitimate bank sites.
These fake sites run on different infrastructures from legitimate ones and eventually try to get sensitive user information. Some phishing and ransomware attacks also affect legitimate banking mobile apps (fake apps).
Infection and Injection Threats
The most dangerous and recent threats are dynamic infections and injections, which actually change legitimate websites to deceive the user. Once the user’s machine is infected by malware, fraudsters update the malware remotely and dynamically add new features or bank sites for which the malware can inject code.
This way, fraudsters through the use of dynamically generated Command & Control Servers, can easily update their botnets increasing the list of potential banks to attack and code injections by using latest toolkits delivered in the Black Market, therefore maximizing their chance to commit fraud with low exposure.
Automatic Remote-Control Threats
Automated Remote Control threats take control of an online banking session after the user has been authenticated with an authorized device.
Fraudsters often use commercial software for remote control or malware specifically designed for this purpose. These attacks are especially dangerous because they combine multiple techniques, such as blocking sessions with a web injection and manipulating account balances in the background with a RAT.
Fraudsters can purchase services from botnet operators that monitor account balances and create automatic mechanisms to take manual control over user accounts.
Besides all these techniques, there are always situations where fraudsters or mafias directly bribe or even blackmail internal bank employees as to get banking sensitive client information. Actualmente, los retos para prevenir el fraude de banca online serían los siguientes:
- Lack of Visibility to Improve Protection
- Current Market Solutions Rarely Detect Emerging Threats
- Ensuring Protection with no impact to User Experience
- Banks Have a Huge Attack Surface
- False Positives are an Extended Problem
How to face the chagenller?
bugFraud is a next-generation fraud prevention solution for mobile and web applications that helps banks protect online users. When a user accesses his online account, buguroo bugFraud profiles four layers of data while maintaining data privacy compliance:
- Biometry: identifies the user’s biometric behaviour and cognitive analytics to uniquely profile each human behind a device
- Web contents: checks the information a user displays to detect if it’s being manipulated by third-party attackers, without false positives or negatives
- Environment: profiles the user’s context information such as devices, network, and geo-location and crosses it with threat intelligence data to identify anomalies in the user’s environment
- Omni-channel: correlates data from multiple inputs, such as web browsers, mobile devices, and application servers to make sure solution is not bypassed by attackers
bugFraud then process and analyses all these indicators in order to make sure it detects new emerging threats eventually covering all 3 types of threats mention earlier (even those frauds based on blackmailing or bribing internal banking employees) and provide this information to the bank in real time.