Financial fraud has always been in the news, starting with bogus cheques decades back to ATM skimming in recent years and the ever rising threat from malware and trojans within the past three years. It was in 2016 that digital banking fraud news hit headlines across the world. The presence of high-profile victims coupled with massive financial rewards and the whiff of state-sponsored financial crime made everyone sit up and take notice.
Increase in mobile banking and associated malware, trojans and use of free self-service valid SSL certificates were all responsible for this jump. Fast-forward to 2017, and phishing was in pole position for top malware with financial phishing increasing from 47.5% to almost 54% of all phishing detections.
So bad has the scrounge of malware for financial fraud been that financial regulators in the UK, Bank of England and the Financial Conduct Authority, asked businesses and financial organisations to plan ahead.
“ Boards and senior management should assume that individual systems and processes that support business services will be disrupted, and increase the focus on back-up plans, responses and recovery options,”
the Bank of England and the Financial Conduct Authority asked of financial organisations.
In April, it took authorities in five countries including the Netherlands, Serbia, Croatia and Canada, with support from Police Scotland and Europol to finally bring the crimefest to an end.
In their 2017 Payment Threats and Fraud Trends Report, the European Payments Council said that the organisation and sophistication of recent cyberattacks have shown a greater degree of professionalism of cybercriminals.
Key trends in banking and financial fraud for 2018/19 will be:
- Social engineering and phishing attacks will continue to rise and be the weapon of choice for fraudsters.
- DDoS (denial of service attacks) will remain a key concern for financial organisations.
- Ransomware and malware continue to be a viable source of income for malicious actors.
- Advanced persistent threats e.g: targeted malicious attacks aimed to a specific individual, company, system or software, based on some specific knowledge regarding the target.
- More and more, mobile devices are becoming an attractive target for cyber criminals, along with IoT devices.
- Adoption of cloud, while a boon for work productivity has led to newer headaches for organisations as data is now stored in silos that they cannot make water-tight.
- The rise of “cybercrime-as-a-service” is also causing huge challenges in view of the automation level achieved.
- Multi-vector attacks are on the rise and have been targeting a number of financial institutions over the past year.
- There is a continuation of botnets and because of the high volume of infected consumer devices (e.g. PCs, mobile devices, etc.) severe threats remain.