Hackers Level Up Their Game in Finance Sector With New Malware Updates

What happened recently?

• The US Financial Industry Regulatory Authority (FINRA) issued a cybersecurity alert warning member organizations of an ongoing phishing campaign.
• The campaign was aimed at stealing Microsoft Office or SharePoint login credentials from investment brokers.
• Attackers impersonated FINRA officials in the fake emails containing a malicious attachment.
• In the wake of such phishing campaigns, the regulator has advised financial firms to verify the legitimacy of emails before responding to them.

What does the research say?

• A recent report highlighted that financial and insurance services experienced 5 percent of malware infections globally from April 4 - May 4, 2020; almost 330 thousand cases in the sector.
• In yet another report, researchers claimed 48% rise in threat activity in 2019 against financial institutions, as compared to the previous year.

Notorious malware targeting the finance sector

• EVILNUM: The malware has received at least seven updates since the last year. The malware enables attackers to upload and download files, obtain cookies, converting strings of data into bytes, run arbitrary commands, and more. Palo Alto had detected its presence in a Cardinal RAT campaign targeting Israel’s financial technology.
• Zeus Sphinx: The banking Trojan, also referred to as Zloader or Terdot, is designed to capture banking credentials including account usernames and passwords for online services. With the recent update, it has undergone modification affecting its delivery and deployment on newly infected devices, with a continued focus on the current pandemic, told the IBM X-Force. 
• EventBot: This android malware acts as an infostealer, a keylogger, and spyware. It serves a mobile banking Trojan that exfiltrates financial data and has SMSs intercepting capabilities to bypass two-factor authentication (2FA).

Experts find a new way to detect malware

• It works by first turning the rogue codes into greyscale images and then apply deep learning mechanism to look for the suspicious pattern.
• The whole process for STAMINA comprises of four steps: preprocessing (image conversion), transfer learning, evaluation, and interpretation. 
• In the first two steps, it converts one-dimensional malware bits into two-dimensional greyscale images and then uses transfer learning to find pattern for a specific type of malicious code. 
• In the next two phases, the researchers observe the accuracy of their findings (including false-positive rate, precision, recall, and more), and evaluate the outcome for the right interpretation of the malicious code.
• This approach is efficient only when applied to small-size applications, the research team revealed.

Closing thoughts