Hackers targeting Indian banks with new tools

As quoted in media....

"Swati Bharadwaj-Chand, TNN | Jun 26, 2012, 07.41PM IST

After targeting financial institutions in Europe, hackers are now increasingly targeting Indian financial institutions with the latest variants of malware like SpyEye and Zeus.
HYDERABAD: After targeting financial institutions in Europe, hackers are now increasingly targeting Indian financial institutions with the latest variants of malware like SpyEye and Zeus to siphon larger amounts of money from bank accounts, Japanese security company Trend Micro has cautioned.

After targeting countries like Germany, Italy and United Kingdom, cyber criminals are now targeting Indian cities, with the highest number of phishing strikes being reported in cities like Hyderabad, Nashik, New Delhi and Bangalore and even Thanjavur, said Trend Micro, which has many banks as customers.

With a whopping 187 per cent rise in phishing attacks being reported on various Indian brands in May this year over the previous month, the Japanese global cloud security company pointed out that significantly, all phishing attacks on Indian brands in May targeted the banking sector, with one in every four using an '.in' domain and the top cyber threats created specifically to target bank balances.

"The new software allows the criminal to siphon money out while he sleeps. It could significantly increase the number of hacked accounts and the speed with which they are drained," said Trend Micro's country manager (India and SAARC) Amit Nath.

"The new code has the potential to dramatically escalate the amount being stolen from accounts and a years-old arms race between the banks and criminal groups. This has tremendous implications especially as masses are moving towards banking by phone. This attack toolkit ushers in a new era of bank heists," he added.

According to a Trend Micro report on 'Automating online banking fraud-- automatic transfer system: the latest cybercrime toolkit feature', two of the most pervasive and dangerous types of software for stealing money from bank accounts - SpyEye and Zeus - have been improved and enabled to transfer money out automatically, without a hacker's supervision and have already stolen hefty amount at a time from a single account and are in the early stages of deployment.

The programs have already used a technique called "web injection" to generate new entry fields when victims log on to any number of banks or other sensitive websites, said Trend Micro, pointing out how instead of seeing a bank ask for an account number and password for instance, a victimized user sees requests for both of those and an ATM card number. Everything typed in then gets whisked off to the hacker, who later signs in and transfers money to an accomplice's account.

For the past year or more, some variants have also captured one-time passwords sent from the banks by text messages to client cell phones as an added security measure. But in those cases, a hacker had to be online within 30 or 60 seconds in order to use the one-time password, the report pointed out. "

Other Services of Interest

  • Celebrating 1 Year of GDPR - Webinars from Riskpro

    GDPR turns ONE on 25 May 2019. On this Anniversary, lets explore what the last 12 months meant for global companies as it relates to Data Protection and Privacy. Riskpro India has organised 6 GDPR...
  • Procurement Fraud - Riskpro can help

    If you suspect procurement fraud, do contact Riskpro India and we can help to unearth the suspicious activity. Following are some of the ways in which we can help. 1. Review of onboarding...
  • GDPR - Data Privacy Trainings - Six Webinar on GDPR Anniversary - Riskpro

    GDPR turns ONE on 25 May 2019. On this Anniversary, lets explore what the last 12 months meant for global companies as it relates to Data Protection and Privacy. Riskpro India has organised 6 GDPR...
  • HIPAA Awareness Training (Mandatory) - Riskpro India

    EVENT OVERVIEW: HIPAA stands for the Health Insurance Portability and Accountability Act and is a US regulation that deals with security measures for protecting patient’s medical records. Employees...
  • SEBI's Insider Trading Amendment - Free Webinar by Riskpro India

    Another important compliance topic that kicks off today. SEBI Amendment to Insider Trading Regulations. Join us for an hour to learn the important changes and how to deal with these. Register -...
  • Sox Training

    Our sox training covers the following points. 1. What is SOX? 2. The Act and its Sponsorors. 3. The background for bringing in this act. 4. Major Sections in the Act 5. Section 404 overview 6...
  • GDPR Countdown

    Riskpro is working hard so that clients can GDPR deadline as the clock ticks away.
  • EU-US Privacy Shield for Data Transfers

    Come GDPR (General Data Protection Act) and EU-US PRivacy shield will assume more importance. Privacy Shield Overview The Privacy Shield program, which is administered by the International Trade...
  • Reduce your GDPR implementation Costs - Hire GDPR Experts in India

    Reduce cost for GDPR Compliance - Remote Consulting from India GDPR readiness assessment and implementation can be costly. And time is short. Instead of paying premium fees to local GDPR consultants...
  • Go to top