A broad range of cyberthreats is always facing the global finance industry. Lately, cyber adversaries were spotted enhancing malware capabilities to target the sector, presumably in an attempt to maximize profit during the pandemic.
What happened recently?
- The US Financial Industry Regulatory Authority (FINRA) issued a cybersecurity alert warning member organizations of an ongoing phishing campaign.
- The campaign was aimed at stealing Microsoft Office or SharePoint login credentials from investment brokers.
- Attackers impersonated FINRA officials in the fake emails containing a malicious attachment.
- In the wake of such phishing campaigns, the regulator has advised financial firms to verify the legitimacy of emails before responding to them.
Morevoer, it is worth paying attention to the broader trend of cyberthreats targeting the finance sector.
What does the research say?
From trading in coins to exchanging cryptocurrencies, the adoption of digital technologies and business models in the finance sector is marvellous. However, such advancements in the sector have consequently expanded its attack surface area.
- A recent report highlighted that financial and insurance services experienced 5 percent of malware infections globally from April 4 - May 4, 2020; almost 330 thousand cases in the sector.
- In yet another report, researchers claimed 48% rise in threat activity in 2019 against financial institutions, as compared to the previous year.
What’s more worrying is the availability of easy-to-use phishing kits; it has aided cybercriminals to easily spin up campaigns. In most of the cases, hackers have equipped malware with modern evasion and spreading techniques.
Notorious malware targeting the finance sector
Hackers behind a series of targeted financial attacks have been updating malware with advanced code obfuscation and encryption, in every new version. Here are some malware that received fresh updates:
- EVILNUM: The malware has received at least seven updates since the last year. The malware enables attackers to upload and download files, obtain cookies, converting strings of data into bytes, run arbitrary commands, and more. Palo Alto had detected its presence in a Cardinal RAT campaign targeting Israel’s financial technology.
- Zeus Sphinx: The banking Trojan, also referred to as Zloader or Terdot, is designed to capture banking credentials including account usernames and passwords for online services. With the recent update, it has undergone modification affecting its delivery and deployment on newly infected devices, with a continued focus on the current pandemic, told the IBM X-Force.
- EventBot: This android malware acts as an infostealer, a keylogger, and spyware. It serves a mobile banking Trojan that exfiltrates financial data and has SMSs intercepting capabilities to bypass two-factor authentication (2FA).
Experts find a new way to detect malware
Recently, Microsoft and Intel jointly presented a new approach called STAtic Malware-as-Image Network Analysis (STAMINA) to improve malware analysis.
- It works by first turning the rogue codes into greyscale images and then apply deep learning mechanism to look for the suspicious pattern.
- The whole process for STAMINA comprises of four steps: preprocessing (image conversion), transfer learning, evaluation, and interpretation.
- In the first two steps, it converts one-dimensional malware bits into two-dimensional greyscale images and then uses transfer learning to find pattern for a specific type of malicious code.
- In the next two phases, the researchers observe the accuracy of their findings (including false-positive rate, precision, recall, and more), and evaluate the outcome for the right interpretation of the malicious code.
- This approach is efficient only when applied to small-size applications, the research team revealed.
Organizations in the finance sector need to prioritize their cyber defense operations to tackle the growing number of cyberthreats. Meanwhile, the continued research in malware analysis will provide new avenues for organizations to implement effective security measures against advanced threats.