UK Finance's 2023 Fraud Report highlighted that £148.3M was lost in the online and mobile banking fraud, which occurs when a fraudster gains access to a customer’s bank account through online or mobile banking using compromised personal details and passwords to make unauthorised transfers of money.
A growing instrument used by cybercriminals to perpetrate fraud is mobile banking malware, which has been employed since the earliest days of the internet to compromise users and their data to make money.
This article aims to quickly highlight the key capabilities required to deal with today’s malware threats and help you understand what to do to keep your online banking customers safe.
The article is part of our Malware Mitigation series, which eviscerates the topic of malware detection to avoid online fraud both in corporate and retail banking.
What are the banking malware challenges today?
There are numerous types of banking malware, with viruses, spyware and keyloggers being examples of malware that can be used to steal data, while BOTs, rootkits and ransomware are examples of malware used to automatically monetise this stolen data.
These threats are constantly changing as cyber criminals adapt malware to stay ahead of banks’ defences.
Such is the nature of this problem, the Revised Payment Service Directive (PSD2) mandated that service providers evaluate transaction requests for signs of malware infection to ensure the risk from malware was minimised.
Traditionally, new malware is identified only after it has struck. Investigators carefully examine traces and patterns, deciphering their signature after the attack to fortify defences for future encounters.
However, in today’s landscape, new malware variants arise and propagate swiftly on a vast scale, making this conventional approach vulnerable to significant losses and severe reputational harm.
Banks and financial institutions must mitigate the perils posed by new malware variants by adopting proactive threat detection systems.
Banking malware detection: what banks need to do
So, how can banks successfully defend against changing malware threats?
It starts by rapidly identifying suspicious sessions. Banks must be able to identify anomalies observed in their banking traffic and suspicious/infected sessions must be found quickly. It’s important to know what to expect from each user so that any deviations from normal behaviour can be spotted quickly. Cases where abnormalities exist should be flagged and analysed.
Upon identification, banks need to accurately analyse all the risk indicators in the detail of each session, correlating indicators with parallel sessions so that it’s easy for the technology and analysts to ‘connect the dots’.This is key to understanding the scenario with precision and, consequently, making the most appropriate decision in accordance with the organisation’s policies (e.g. suspend instant payment, do SCA, contact user, etc.).
Lastly, this ID and decision process needs to be automated to respond at scale every time the identified scenario reoccurs. Proactive logic must recognise advanced threat patterns, making it possible to put in place a complete detection & response system that works automatically in real time. This is the paradigm that allowed our Threat Intelligence Team to identify advanced malware families, like TeaBot and SharkBot, and to design the best mitigation strategies for our clients.
The balance between security and customer satisfaction
In today’s environment, where rapid detection and response is just as important as providing the best customer experience, it’s critical that banks have the agility to continue a transaction that initially looked suspicious rather than being heavy-handed and blocking it.
Remembering that not every initial suspicious start to a process ends with a smoking gun.
If you want to know more about automating protection from advanced malware threats, you can get in touch here.
In the meantime, make sure to stay up to date with all our Malware Mitigation series content by subscribing to our newsletter.