New Report Shows Mobile Banking Cyberattacks on the Rise

Posted: 21 January 2020 3:52 pm
News

Security padlock and circle in network space.

A report from Check Point Research shows that weaknesses in our mobile device usage and with online merchants are endangering our personal data.

It all starts simply enough. You download an app that you believe is for your bank. You didn’t pay attention to the website where you downloaded it from, but it all looked legit. The app — during installation — asked for access to your Accessibility Services. Imagining that this is harmless, you grant it. For months, nothing happens; everything works as it should.

One day, though, you find yourself locked out of your account for some reason. When you call the bank, you find that the funds in your account are gone. You have become the latest victim of a malware attack. Per a new report from Check Point Research, you are not alone.

According to the cybersecurity firm, cyberattacks on mobile banking increased by 50% in the first half of 2019, year-to-year. “Surprisingly, mobile banking malware requires little technical knowledge to develop, and even less to operate,” Maya Horowitz, director of Threat Intelligence & Research for Check Point Research, said per the firm’s 2020 Cyber Security Report.

“The malware searches for a banking app on the infected device and creates a fake overlay page once the user opens it. The user will then enter the user’s credentials, sending it directly to the attacker’s server.”

An Attack on Our Devices

As we increasingly rely on mobile devices, the opportunity for hackers to steal our personal information rises. The more complex the connection security, the harder it will be for devices to connect to Wi-Fi or public data networks. As such, developers must take a balanced approach to entry security where the connection between the device and the network is strong enough to protect both while being permutable enough to allow the device to connect in the first place.

It is in this compromise that hackers can and do steal personal data. A smartphone, for example, that is set to automatically connect to open public Wi-Fi connections may inadvertently stumble onto a hacker’s hotspot. Without realizing it, a smartphone user may be transmitting all of his/her personal data and credentials through someone’s personal device, where it is filtered, copied, and stored for use later.

This, however, is not simply a consumer problem. Magecart attacks have risen sharply in 2019, year-to-year. Magecart is a group of hackers that targets online shopping carts, typically by injecting bad Javascript into the cart’s software. The groups typically do this by getting ahold of the shopping cart software source — which is typically Magento, an open-source (free) platform — and publishing an “improvement” on GitHub. The groups can also use a code injector to redirect the shopping cart to a third party website that hosts the malware.

Escalation

As finding the infected code would require a line-by-line analysis of the code stack, and as code injectors are used for legitimate reasons, as with Google for analytics, Magecart has become a hard-to-contain menace. Magecart has been accused of skimming credit card data from MyPillow.com, Amerisleep.com, UK Ticketmaster, British Airways, NewEgg, Topps, Forbes, and hundreds of college bookstores.

This reflects a new attitude of escalation among hackers. Increasingly, hacking groups are working together to beat encryptions and other network protections. This is reflected in the rise of ransomware in 2019. Many of these attacks used collaborated software, such as Emotel. These attacks also are typically a collaboration regarding man-hours and actual work done.

“Rather than immediately deploy a ransomware, offenders often spend weeks exploring the compromised network to locate high-value assets as well as backups, thus maximizing their damage,” Check Point researchers explain. “Ironically, companies that try to protect their data by using cloud services occasionally find that their service provider itself has been targeted.”

The road forward for cybersecurity, per the report, is to take a holistic approach. It may be necessary to install nano security devices on mobile devices, which independently serve as a firewall. It may also be necessary to extensively build out our cybersecurity infrastructure to include artificial intelligence, cloud computing, and other innovations. Most important, though, we must develop a proactive attitude toward security.

“We don’t yet have the benefit of hindsight to show exactly what security threats we will face in 2020,” the report concludes. “Today’s hyper-connected world creates more opportunities for cybercriminals, and every IT environment is a potential target: on-premise networks, cloud, mobile, and IoT devices. But forewarned is forearmed. By using advanced threat intelligence to power unified security architectures, businesses of all sizes can automatically protect themselves from future attacks.”

Ask an Expert

You are about to post a question on finder.com:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder.com provides guides and information on a range of products and services. Because our content is not financial advice, we suggest talking with a professional before you make any decision.

By submitting your comment or question, you agree to our Privacy and Cookies Policy and finder.com Terms of Use.

Questions and responses on finder.com are not provided, paid for or otherwise endorsed by any bank or brand. These banks and brands are not responsible for ensuring that comments are answered or accurate.
Go to site