Hackers Exploiting SS7 Protocol & Inject ATM Malware to Attack Banks and Financial Sectors

by chebbi abir

The Banking and Financial sectors were hit with a constant stream of cyber attacks when compared to any of the other industries. 25.7 percent of all malware attacks last year focused on Banks and Financial Services Organizations.

According to Intsights Q1 2019 report, the credentials leak doubled to any of the quarters of 2018. The spike is because of the collections leaked data exposed online, around Massive 2.2 Billion Usernames and Passwords exposed in Hacker Forums.

Credit card leakage increased by more than 212% and 102% year-over-year increase in malicious applications. As the users feel more comfortable with mobile banking the risk of malicious applications grows in parallel.

IntSights observed a huge fluctuation in the area of financial assets over the black market. The percentage of leaked documents remains stable last year, but in Q1 of 2019, it increases by 23 percentage.

Top Attack Types

Hackers exploit the vulnerabilities within SS7 telecommunication protocol to intercept messages that authorize payments from accounts.

A new research details that sophisticated hackers are now taping the Phone network by exploiting the SS7 protocol to steal money from the bank accounts by intercepting the messages.

Banks and Financial sectors are the prime targets, trojans are common among all, some of the well-known trojans are Adload, ATRPAS, and Emotet.

Cybercriminals inject ATM Malware such as FASTCash and ATMJackPot in switch servers to transmit a fake message to approve fraudulent withdrawal requests.

Ransomware yet another trunk business for cybercriminals, they infect the banking systems and hold banks as a hostage until they pay up.

Next serious threat is the Mobile Banking Attacks, attackers deliver Fake banking apps and Banking Trojans to ex-filtrate login credentials and to steal money from the user’s account.

According to the report, the finance sector also appears the most on DDoS target lists found on the dark web. In some cases insider threats allow attackers to determine the loophole without triggering an alert.

Phishing-as-a-Service allows anyone without technical knowledge can run campaigns and exfiltrate the sensitive login credentials.

The report shows that the threat actors have most frequently targeted banks and financial institutions in developing regions of the world.

“Our research shows that financial organizations based in Latin America, Africa, and South Asia – primarily India and Pakistan – are particularly susceptible to attacks because many of them lack the same comprehensive security systems that are common at large corporations based in more developed countries throughout North America, Western Europe, and parts of Asia, like Singapore and Japan.”

To read the original article:



Interdit de copier  ce contenu