Compromised payment card information or online banking credentials are often sold to third parties in underground black markets at a fraction of its face value.
The banking and financial services sector is one of the most important targets for cybercriminals. Banks and financial institutions safeguard incredibly sensitive data of users and employees alike, and data breaches can be costly both in terms of leaked data and financial penalties incurred. Cybercriminals constantly develop new ways to infiltrate even the most extensive security systems.
Researchers at IntSights found a Russian-speaking criminal auctioning a database of bank account details of 20,400 US bank customers at a starting price of US$10,000 and a “buy now” price of US$20,000.
The report also highlights why banks are vulnerable to second-hand risks and fraud resulting from attacks on merchants in other industries.
In recent years cyber criminals have also been targeting bank networks themselves in order to enable fraud on a scale much larger than the fraudulent use of individual payment cards or online banking credentials. The goal of these attacks is to breach bank networks and move laterally in order to gain access to systems that when compromised can enable larger-scale fraud involving SWIFT terminals or servers that support ATMs, for example.
The Lazarus Group of North Korea, which engages in many different forms of cybercrime to raise revenue for the financially isolated North Korean government, was a pioneer of this more ambitious approach in its fraudulent use of compromised SWIFT access. Some of the more sophisticated Russian-speaking criminals have followed suit and targeted different internal banking systems in order to enable large-scale fraud in other ways. Breaching organizations as security-centric as banks is often difficult, so some actors have resorted to targeting bank partners, such as insurance companies, in order to move laterally into bank networks.
Other key findings include:
- Proliferation of mobile banking Trojans that seek to compromise online banking credentials, where some now have the ability to bypass 2FA
- Attacks on bank networks such as SWIFT terminals, ATM servers, and card processing systems has become one of the most significant threat to the industry
- The North Korean Lazarus Group attack on the Bank of Bangladesh and other developing countries such as Vietnam via the SWIFT interbank payment network had enabled them to secure large fraudulent transactions