Attack on Banks: Tactics and Techniques used to target Financial Organization

November 28, 2019
attack on banks smshing malware simjacking injection

It has been said before that financial institution is losing an astounding amount yearly from cyberattacks. Monetizing attack on banks and financial institutions are no longer concentrated by cybercriminals; instead they shifted attention to employees from large business organizations. Workers occupying positions under financial departments, accountants and bank are realized that they can steal money not only by compromising bank account.


Attacker’s schematics

SIM Jacking is not new to threat landscape as threat actors typically start by social engineering their way into getting an employee at a cell phone carrier company to port over a phone number to another SIM card. Essentially, they bribe these employees with cryptocurrency or payment systems  to have them swap cell service from a victim’s device’s SIM card over to a SIM card in the attacker’s possession. From there, they can take over their victims’ email, social media and event financial accounts, extorting cryptocurrency for returned control.

FakeSpy campaign has been active since 2017 and has recently started targeting South Korean users. This bank Trojan can steal text messages, contacts, account information and call records. It is also capable of muting and resetting a device, harvesting the infected device’s information and updating its own configuration.

Browser injection is perhaps the oldest and most dangerous attacks aimed at web applications. This Bank attack can lead to data theft, data loss, loss of data integrity, denial of service, as well as full system compromise. The primary reason for injection vulnerabilities is usually insufficient user input validation.

Attack on infrastructure may also be the most damaging as attackers target network infrastructures. Unfortunately, many banking system components, such as internal banking systems or point-of-sale (PoS) interfaces, are often left exposed on the internet, making them more likely to be targeted by opportunistic attackers.

Bank servicing social engineering may have been employed for this attack though most popular and less effort to undertake attackers can learn more about the organization’s actual employees, possibly including their positions and topics of interest. Appearing to be legitimate helps the weaponized documents they send to these employees slip past suspicion. These will also their pathway in gathering employee information is to compromise companies servicing these organizations, such as third-party vendors servicing ATM equipment, or hacking into topical forums or distribution mailing lists.


Thinking far ahead

Prioritize the most business-critical parts of the network and use network segmentation as a strategy. When done correctly, network segmentation, achieved through the creation of network zones, limits the ability for a hacker to move laterally across a compromised network.

About the author

Leave a Reply