Cyber Attacks on Financial Institutions and Apps

Yet another bank has fallen victim to a series of cyber attacks. This time Russia’s Central Bank has reported losing a total 1.37 billion ruble (US$22 million) to 20 major cyber attacks since May last year.
Along with ATM theft, many of the attacks were from phishing websites, fake SMS, and email messages claiming to be from FinCeRT, the centre that was established last year in order to deal with cyber-attacks in Russia’s financial sector.

In fact, there seems to be an overall increase in cyber-attacks on financial institutions. The latest cyber threat to hit Australian banks is a large-scale malware hijacking threat that is capable of taking over Android phones and gaining access to users’ bank login details.

Digital protection agency ESET claims that banking apps vulnerable to this new cyber malware include Westpac, Commonwealth Bank, St. George, National Australia Bank, Bankwest and ANZ. Essentially, the malware locks down the victim’s phone when they open their banking app and redirects them to a fake login screen overlaid on top of the genuine app. The fake app cannot be removed until the login details have been entered, by which time the hackers have access to the victim’s bank account and can transfer money out of the account using their own devices. The malware is so sophisticated that it has a self-defence mechanism which stops it from being uninstalled and grants the hacker administrator rights, allowing them to hijack everything on the phone.

“This is a significant attack on the banking sector in Australia and New Zealand and shouldn’t be taken lightly” said Nick FitzGerald, Senior Research Fellow at ESET.

“While 20 banking apps have been targeted so far, there’s a high possibility the e-criminals involved will further develop this malware to attack more banking apps in the future. Mobile malware is becoming more common and complex. Smartphone and tablet users should be aware of the ramifications of entering personal information into potentially fake login screens.”

Let this be a warning to those of you taking part in the latest craze of Pokemon Go! Be careful when downloading apps from the web and make sure you don’t login to any app that cannot be removed from your screen.

If you are in Business and use your smartphone or laptop and get attacked then you could be covered by our cyber insurance products which offer first party and third party liability cover. Give us a call for more information on our cyber insurance products, or for a quick quote fill out our cyber insurance form.