Financial institution 300% more vulnerable to hackers, data theft
Websense has announced the release of the Websense Security Lab 2015 Financial Services Drill-Down Report. The report examines the present state of cyber threats and data-stealing attacks against financial services institutions.
The report said that banking/financial sector – which includes the capital and equity markets – are becoming more prone to cyber attacks and data theft. It stated that the financial Services institution encounter security incidents 300 per cent more frequently than other industries.
The report analysed the total number of security incidents across all industries, the volume of incidents within the finance sector and their installation base to ascertain that on an average, financial services businesses are attacked 300 per cent more than other industries.
The report said that that hackers are spending a huge amount of energy targeting the finance sector with a disproportionate amount of reconnaissance and lures being devised in search of the big payload.
When analyzing the top threats facing this industry, researchers noted that most had some data and credential-stealing elements. By volume, the top threats seen in the finance sector include:Rerdom (30%), Vawtrack (13%), SearchProtect (13%) and BrowseFox (4%).
The Geodo malware, with its own credential-stealing email worm, is seen 400 per cent more often in the finance sector than other industries. Geodo is a data stealing trojan that swipes everything from system information, credentials and much more.
Rerdom is affiliated with the most advanced versions of the Asprox family of malware. Asprox is responsible for a huge amount of attacks against every industry, with overall usage rates surging since June 2014.
Vawtrak (also known as Neverquest) is a very malicious banking trojan, which is used in attempts to steal a wide range of victims’ credentials. It was created for gathering personal information and stealing it without leaving traces. This banking trojan can easily take over passwords, digital certificates, browser history and cookies.
While it may seem an antiquated methodology, the application of typosquatting has evolved into successful fraudulent incidents generating millions of dollars in financial losses and operational overhead.