More Malware in 2010, More Bank Fraud?
I saw two interesting articles today, and while on the surface they appear to cover two different topics, I think one is directly related to the other.
The first article, from Threat Post, talks about fraud becoming an increasing problem for banks and financial institutions. In the article, Paul Roberts says:
Hard numbers are difficult to come by, but some experts have estimated online banking fraud – including phishing and account takeover – to be a $1 billion a year business. The 2010 Faces of Fraud Survey polled 230 small and mid sized banks about their experiences with fraud in the past calendar year. It found that phishing – a relatively new form of fraud – is now the third most common type of fraud experienced by the banks surveyed, with 48% of those surveyed reporting incidents of phishing attacks in 2010.
The second article, from eWeek, reports that Panda Security found that one third of all existing malware classified by the company was created in 2010. That's a lot of malware. The story quoted Panda Security researcher, Sean-Paul Correll:
Banking Trojans will continue to be the dominant malware in 2011's threat landscape and this will widely be fueled by the many crimeware kits available on the black market. We're also observing some collaboration between criminals [such as with] SpyEye and Zeus, which could very well mean that the sophistication and attack scope can be changed drastically in a short amount of time.
This is why I think the two issues are directly related. I'm not surprised by the findings in either story. Last year, I wrote frequently about the evils of Zeus, which is only one of an increasing number of malware aimed at pilfering bank accounts.
Every year since 2003, new threats grew by at least 100 percent annually. But last year, the increase was roughly 50 percent.
That's a positive spin. But it may not mean much for the banking world because, Roberts writes:
Banks also appeared to be lagging on efforts to fight sophisticated, cross channel fraud in which criminal groups combine remote phishing attacks with identity theft, account takeover, check fraud, credit card fraud, ATM skimming and other types of illegal activity to raid customers accounts.