Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:58 AM
Connect Directly

Kaspersky: Mobile & Bitcoin Attacks Increase, Online Threats Down

Kaspersky Lab's third quarter threat report found that online banking attacks fell last quarter, but mobile banking and Bitcoins are being targeted more.

Fraudsters have focused heavily on online banking as a target for malware attacks over the last several years, but as more online activities move to mobile, industry experts have suspected that fraudsters would follow that traffic and aim more attacks at mobile. Kaspersky Lab’s "IT Threat Evolution" report for last quarter indicates that fraudsters are starting to focus more on mobile. The cyber security solutions provider detected 7,010 mobile banking Trojans in the third quarter of this year -- a record number, and more than three times as many mobile Trojans as detected the previous quarter.

Meanwhile online banking malware threats fell considerably, as Kaspersky Lab blocked 696,977 of those threats, a 24% decrease from the previous quarter. But the reason for the increase in mobile banking threats may surprise some, as the hike in mobile attacks may not be because of the movement of online traffic to mobile, Roel Schouwenberg, principal security researcher at Kaspersky Lab, says.

“It’s not at the point where we can correlate the drop in online threats to the increase in mobile ones. We’ve seen in the past where we’ve had temporary drops in online banking Trojans, so it’s too early to tell if this is a more permanent trend.”

Rather it’s the increasing use of mobile to help secure the online channel that is drawing the attention of criminals and hackers. “Financial services and Internet companies are pushing two-factor authentication, where an authentication code is texted to the user. That makes the mobile devices more attractive from the fraudsters’ point of view.”

As two-factor authentication becomes mainstream, more fraudsters will look to put malware on mobile phones to intercept those authentication codes, making two-factor authentication less effective, Schouwenberg predicts. “Two-factor authentication is effective in lessening the impact of a large data breach. But a big data breach is very different than protecting an individual against malware. [Two-factor authentication] won’t help if you get malware on your Android device.” He also predicts that fraudsters would focus more on mobile as mobile payments adoption begins to go up.

Although online baking Trojan attacks fell last quarter, one type of online fraud that went up was the attempt to steal Bitcoins, according to Kaspersky’s report. Bitcoin wallet theft accounted for 15% of all online attacks aimed at stealing money last quarter, up from 8% the previous quarter. While best practices are emerging for storing Bitcoins -- like keeping them a cold wallet offline -- are emerging, the report’s findings indicate that those are not always being followed.

[For more on Bitcoin attacks: How Fraud Attacks on Bitcoins Are Changing.]

“There will always be a percentage of people who are going to be careless … but the thing is that it’s very easy for hackers to go after the standard locations where a Bitcoin wallet is stored [on a hard drive]. So for attackers, going after Bitcoin wallets is a worthwhile activity as it’s very little effort.”

Fraudsters are also acquiring Bitcoins by infecting other people’s computers with Bitcoin mining software, so those computers start mining Bitcoins for the attacker’s profit. Such attacks accounted for 11% of all e-money theft attempts detected by Kaspersky last quarter. Such attacks require a great deal of work though for fraudsters, Schouwenberg shared, as a large number of computers need to be infected for the attacker to mine many Bitcoins.

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.