Online Attacks Increase at Financial Institutions
Itâ€™s going to be a long hot summer for many U.S. financial institutions when it comes to online attacks. The RSAâ€™s Anti-Fraud Command Center issued its monthly online fraud intelligence report for May, and the statistics point to attacks on U.S. nationwide banks account for 33 percent of all attacks on US financial institutions â€“ thatâ€™s more than double since April. At the same time, attacks on U.S. credit unions increased to 39% of all U.S. attacks, up 11 percent since April. Even worse, the same institutions experienced more repeat attacks than in April. Read the full report here: RSA Phishing Report.
According to Jens Hinrichsen, Product Marketing Manager in RSAâ€™s Consumer Solutions Group, the level of sophistication of the attacks occurring at regional and smaller institutions is increasing. â€œPhishing, even with the increasing use of crimeware on infected websites, is not going away,â€ Hinrichsen explained. â€œIt is relatively inexpensive, even for a beginner in phishing to set up shop. A couple hundred dollars gets you a very capable phishing kit.â€
For the last year RSAâ€™s Anti Fraud Command Center has seen attacks moving progressively downward, particular targets are the federal credit unions, and smaller, regional institutions. â€œRemember, phishers donâ€™t care who they target, they look for the easiest cash of any kind,â€ Hinrichsen said.
The fraudsters, said Hinrichsen, are accomplishing their collection of information through spear phishing. â€œTheyâ€™re cracking into databases, and getting a name, an email address, and part of account number, like say a VISA card from an institution, anything in order to lend themselves a cre
dible cover story for the spear phishing email they send to the person.â€
These are sophisticated attacks, he noted. â€œTheyâ€™re also going into other entities, not just federal credit unions and other smaller, regional financial institutions, but also targeting and moving into other business sectors as well, including e-retailers and government entities.â€ He noted that the Internal Revenue Service was one of the first government agencies to be attacked. â€œWeâ€™re seeing it going to state level department of motor vehicle agencies. At the end of the day, where ever there is a valuable credential, the fraudsters will go after it.â€
And while there may be all sorts of additional information a fraudster needs in order to cash out on the identity, these attacks are still collecting information. Hinrichsen noted that the use of crimeware, like the Man-in-The-Middle phishing kit that RSA researchers first discovered in January continues to be used, â€œthere is greater use of multi redirectors in phishing attempts. These are harder to detect and shut down, if one head of the â€˜Hydraâ€™ (phishing attack) is cut off, that attack is redirected and continues from other IP addresses linked to the phishing attack.â€
Hinrichsen also said that RSA has seen greater use of forged digital certificates in phishing attacks. â€œIt depends on what research youâ€™re reading, consumers arenâ€™t always know to look for the locks, but for the percent of internet users who do look for the lock, the attack is given that much more credibility,â€ he explained.
â€œWeâ€™re seeing more use of the â€˜Man-in-the-Middleâ€™ phishing attacks,â€ Hinrichsen said. â€œThis is basically the same type of phishing attack of old, but now instead of using static attack pages, the phishers are replacing those with the real website pages from the institution. The phisher just sits in between the account holder and the institution and captures the information,â€ he added. If the account holder becomes suspicious for any reason and types in the wrong user name and password, â€œtheyâ€™re going to get the same error message that their institutionâ€™s online website would give them, because itâ€™s the actual website theyâ€™re on, not a spoofed version.â€
Hinrichsen said they are also seeing not just phishing attacks happening, â€œbut fraudsters are also launching distributed denial of service attacks against the financial institution in order to stop the institution from taking action against the phishing attack.â€ He said that about two dozen new financial institutions were targeted by online attacks in May.