State of the Art. Evolution. That is the key to define the current situation about online banking fraud. As specialist, we are aware that in the vast majority of case, the cybersecurity discipline acts in a reactive way againts the threats of cybercriminals. A very typical way of acting in the banking sector.
Let's give a simple and very typical example, a cybercriminal desing a cybercriminal designs a phishing campaign to steal online banking credentials.
Usually, after the detection of online fraud, an approach is made to close the portal where the malicious files reside, to use blacklists published by antivirus manufacturers, modify the rules and configurations, warn the user of which has been infected, etc.
Each company develops its own techniques with tools and processes to face these types of situations. Despite all the efforts, online banking fraud continues to increase:
Today, the main challenge facing banks is to be able to acquire a thorough knowledge of the new techniques, tactics and procedures (TTP) of cybercriminals to quickly generate the new threats.
In buguroo we consider that the techniques and tactics of online banking fraud are currently organized into three categories:
Imitation threats, most commonly known as phishing and their variances (Vishing, SMishing, etc.), are the oldest and through the use of sophisticated social engineering techniques redirect users to sites that are copies of legitimate bank sites.
These fake sites run on different infrastructures from legitimate ones and eventually try to get sensitive user information. Some phishing and ransomware attacks also affect legitimate banking mobile apps (fake apps).
The most dangerous and recent threats are dynamic infections and injections, which actually change legitimate websites to deceive the user. Once the user’s machine is infected by malware, fraudsters update the malware remotely and dynamically add new features or bank sites for which the malware can inject code.
This way, fraudsters through the use of dynamically generated Command & Control Servers, can easily update their botnets increasing the list of potential banks to attack and code injections by using latest toolkits delivered in the Black Market, therefore maximizing their chance to commit fraud with low exposure.
Automated Remote Control threats take control of an online banking session after the user has been authenticated with an authorized device.
Fraudsters often use commercial software for remote control or malware specifically designed for this purpose. These attacks are especially dangerous because they combine multiple techniques, such as blocking sessions with a web injection and manipulating account balances in the background with a RAT.
Fraudsters can purchase services from botnet operators that monitor account balances and create automatic mechanisms to take manual control over user accounts.
Besides all these techniques, there are always situations where fraudsters or mafias directly bribe or even blackmail internal bank employees as to get banking sensitive client information. Actualmente, los retos para prevenir el fraude de banca online serían los siguientes:
bugFraud is a next-generation fraud prevention solution for mobile and web applications that helps banks protect online users. When a user accesses his online account, buguroo bugFraud profiles four layers of data while maintaining data privacy compliance:
bugFraud then process and analyses all these indicators in order to make sure it detects new emerging threats eventually covering all 3 types of threats mention earlier (even those frauds based on blackmailing or bribing internal banking employees) and provide this information to the bank in real time.