Cyber attackers are not just more sophisticated and more persistent than ever before. They also are greedier, says IBM Security's Limor Kessem, who shares insight on the latest fraud threats to UK banking institutions.
Kessem, a globally-respected cybersecurity evangelist for IBM Security, details how this greediness manifests in the latest attacks.
"There's an intense focus on the highest-value accounts at the banks [being targeted]," Kessem says. "Hefty bank accounts are so interesting now to cyber criminals that they monitor them in their botnet control panels. They literally can pull balances from the accounts directly to their dashboards, and then they filter out the top targets, and then apply a more advanced attack scenario against those accounts."
And it's not only high-value customers, but also high-profile bank executives who are being targeted, Kessem says.
Banking Trojans such as Dridex and web injections created by the Neverquest development team are predominant, and at their peak these exploits can attain up to 5,000 infections per day in the UK alone.
How are attackers reaching their victims? Through multiple vectors, which include website redirection attacks, ransomware and social engineering - the latter of which fuels many of the most successful fraud schemes.
"The human factor is becoming increasingly important everywhere," Kessem says, discussing how institutions can improve their defenses. "Educate your top customers; make sure that businesses are very well aware of the risks, and recommend new processes that will make it much harder for criminals to trick employees with something like business email compromise."
In an interview about top fraud threats to UK banking institutions, Kessem discusses:
- The raw impact of malware-fueled fraud schemes;
- Specific observations of redirection attacks, ransomware and other schemes;
- What institutions can do to improve detection and response.
Kessem is one of the top cyber intelligence experts at IBM Security. She is a seasoned speaker and a regular blogger on the cutting-edge IBM Security Intelligence blog. She comes to IBM from organizations such as RSA Security's research labs. She also served as the Marketing Director of Big Data analytics startup ThetaRay, where she created the company's cybersecurity thought leadership. She covers the full spectrum of digital crime trends affecting consumers, corporations and the financial industry as a whole.