Online Attacks Increase at Financial Institutions

It’s going to be a long hot summer for many U.S. financial institutions when it comes to online attacks. The RSA’s Anti-Fraud Command Center issued its monthly online fraud intelligence report for May, and the statistics point to attacks on U.S. nationwide banks account for 33 percent of all attacks on US financial institutions – that’s more than double since April. At the same time, attacks on U.S. credit unions increased to 39% of all U.S. attacks, up 11 percent since April. Even worse, the same institutions experienced more repeat attacks than in April. Read the full report here: RSA Phishing Report.

According to Jens Hinrichsen, Product Marketing Manager in RSA’s Consumer Solutions Group, the level of sophistication of the attacks occurring at regional and smaller institutions is increasing. “Phishing, even with the increasing use of crimeware on infected websites, is not going away,” Hinrichsen explained. “It is relatively inexpensive, even for a beginner in phishing to set up shop. A couple hundred dollars gets you a very capable phishing kit.”

For the last year RSA’s Anti Fraud Command Center has seen attacks moving progressively downward, particular targets are the federal credit unions, and smaller, regional institutions. “Remember, phishers don’t care who they target, they look for the easiest cash of any kind,” Hinrichsen said.

The fraudsters, said Hinrichsen, are accomplishing their collection of information through spear phishing. “They’re cracking into databases, and getting a name, an email address, and part of account number, like say a VISA card from an institution, anything in order to lend themselves a cre

dible cover story for the spear phishing email they send to the person.”

These are sophisticated attacks, he noted. “They’re also going into other entities, not just federal credit unions and other smaller, regional financial institutions, but also targeting and moving into other business sectors as well, including e-retailers and government entities.” He noted that the Internal Revenue Service was one of the first government agencies to be attacked. “We’re seeing it going to state level department of motor vehicle agencies. At the end of the day, where ever there is a valuable credential, the fraudsters will go after it.”

And while there may be all sorts of additional information a fraudster needs in order to cash out on the identity, these attacks are still collecting information. Hinrichsen noted that the use of crimeware, like the Man-in-The-Middle phishing kit that RSA researchers first discovered in January continues to be used, “there is greater use of multi redirectors in phishing attempts. These are harder to detect and shut down, if one head of the ‘Hydra’ (phishing attack) is cut off, that attack is redirected and continues from other IP addresses linked to the phishing attack.”

Hinrichsen also said that RSA has seen greater use of forged digital certificates in phishing attacks. “It depends on what research you’re reading, consumers aren’t always know to look for the locks, but for the percent of internet users who do look for the lock, the attack is given that much more credibility,” he explained.

“We’re seeing more use of the ‘Man-in-the-Middle’ phishing attacks,” Hinrichsen said. “This is basically the same type of phishing attack of old, but now instead of using static attack pages, the phishers are replacing those with the real website pages from the institution. The phisher just sits in between the account holder and the institution and captures the information,” he added. If the account holder becomes suspicious for any reason and types in the wrong user name and password, “they’re going to get the same error message that their institution’s online website would give them, because it’s the actual website they’re on, not a spoofed version.”

Hinrichsen said they are also seeing not just phishing attacks happening, “but fraudsters are also launching distributed denial of service attacks against the financial institution in order to stop the institution from taking action against the phishing attack.” He said that about two dozen new financial institutions were targeted by online attacks in May.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network