Banks and other financial institutions will always be a favorite target for cybercriminals. The large quantities of financial information contained on their servers will continue to entice hackers to attempt to crack their defenses. More recently, banks have not only had to worry about thieves out for financial gain but also cybercriminals backed by rival nations who are looking to disrupt the operations of a critical industry.
NBC News reported that websites belonging to major U.S. banks had recently experienced a total downtime of nearly 250 hours during a six week period. According to unnamed national security officials, the sustained attack was expected to have been launched by members of a foreign government.
Customized weapons to attack banks
Hackers are even custom building malware to specifically target the defenses and vulnerabilities of financial networks. Cybersecurity professionals recently identified alterations made to two popular malware programs in recent months. Known as Tinba and Tilon, these executable programs have been used by cybercriminals to access online banking sessions. Hackers have been able to initiate fraudulent financial transactions as well as alter an account holder's balance and transaction history. The modified versions of these programs can now display a fake bank login page. When users enter their login information, the program steals the information and uses it to gain access to their account.
Financial centers in the U.K. have recently been targeted by banking-specific malware as well. Similar to Tinba and Tilon, the Ramnit program uses an HTML injection method to create a fake bank account login screen. The malware can even localize the page to display different languages for victims in various countries. Account holders who are fooled by the program's fake credentials have had illegal money transfers made from their accounts to another.
The need for stronger defenses
Malware attacks against banks have become so pervasive that the American government has urged financial centers to establish robust security measures to protect account information. An official with the U.S. Treasury Department recently requested that, beyond bolstering their defenses, banks accumulate information on past incidents to help the government develop stronger cybersecurity protocols.
Hackers will continue to target banks and their customers in order to gain access to sensitive and lucrative financial information. To keep those records out of the hands of cybercriminals, both enterprises and account holders should take steps to prevent hacker access. Application control tools can block malware from infecting a user's computer by only allowing selected programs to run. Additionally, when accessing sensitive information, account holders can use system restore software to revert the settings of a machine back to earlier configurations, effectively erasing any record of the session.