A survey conducted among company representatives to find out their attitudes towards information security, including financial companies’ policies towards protection from online fraud, about half of banks and payment systems prefer to handle cyber incidents when they happen, rather than invest into tools with which to prevent them.
The survey was conducted by Kaspersky Lab, in cooperation with B2B International. More than 5000 company representatives, including 131 banks and payment services, from 26 countries were surveyed.
During the survey, 48% of financial organisations said they take measures to protect their clients from online fraud, aiming at mitigating the consequences rather than preventing incidents entirely.
It should be a concern to companies and individual that 29% of companies believe it is cheaper and more effective to address cases of fraud as they occur, rather than to attempt to prevent them.
According to the responses given by the surveyed bank representatives and payment service operators, whenever a cyber-fraud incident involving a client’s account occurs, only 41% of organisations necessarily take measures to prevent such an incident from re-occurring in the future.
36% of companies conduct an analysis of the vulnerability exploited in the attack, and 38% compensate the losses. The most popular policy among companies is to try to find out who was behind the attack: two thirds (66%) of financial organisations do this.
Ross Hogan, global head, fraud prevention division at Kaspersky Lab says that relying solely on mitigating the negative consequences of fraud is similar to trying to treat the symptoms of an illness rather than its root cause.
The symptoms will recur, and the illness will progress. In this respect, Kaspersky Lab recommends that you do not forget how important prevention is. Many of the world’s leading banks have acknowledged this and have implemented “root cause fraud prevention”, but alarmingly many still rely on “reactive fraud detection”.
Experts recommend that banks and payment services use comprehensive online fraud protection methods to protect the bank’s clients at several levels.
One such method is a fraud prevention platform which includes threat control tools installed on client devices, as well as the server component located within the bank’s information infrastructure. Through the special code imbedded into the bank’s web-page, this component can remotely detect a client device infection.
Each year, cybercriminals invent more and more sophisticated methods of attack, and if the banks do not have preventive measures in place, it enables further growth in the numbers of financial cybercrime and increased losses, according to Hogan.
A recent example is the discovery of Blue Termite – a cyber espionage campaign that has been targeting hundreds of organisations in Japan for at least two years.
The attackers hunt for confidential information and utilise a zero-day Flash player exploit and a sophisticated backdoor, which is customised for each victim.
In October 2014, Kaspersky Lab researchers encountered a never before seen malware sample, which stood out from others because of its complexity.
Further analysis has shown that this sample is only a small part of a large and sophisticated cyber espionage campaign. The list of targeted industries includes governmental organisations, heavy industries, financial, chemical, satellite, media, educational organisations, medical, the food industry and others.
To infect their victims, Blue Termite operators utilise several techniques. Before July 2015, they mostly used spear-phishing emails – sending malicious software as an attachment to an email message with content, which would be likely to attract a victim.
However in July the operators changed their tactics and have started to spread the malware via a zero-day Flash exploit. The attackers have compromised several Japanese websites so that visitors of the sites would automatically download an exploit once they are on the website and become infected. This is referred to as a drive-by-downloads technique.
After a successful infection, a sophisticated backdoor is deployed on a targeted machine. The backdoor is capable of stealing passwords, downloading and executing additional payload, retrieving files etc.
One of the most interesting things about the malware used by the Blue Termite actor is that each victim is supplied with a unique malware sample that is made in a way that it could only be launched on a specific PC, targeted by the Blue Termite actor.
According to Kaspersky Lab researchers, this has been done in order to make it difficult for security researchers to analyse the malware and detect it.