You read about it in the news all the time these days: “Zeus Banking Trojan steals $1 million from U.K bank accounts”or “SpyEye: New PC virus steals your money!”
More and more people are doing their banking online and criminals go where the money is. It is clear that malware designed to steal money from online banks has become a real and actual threat.
Creating banking trojans, unfortunately, is now pretty easy. There are ready made toolkits that criminals without the technical know-how can buy in order to create their own variant. A few clicks and the criminal has created his own personal piece of nastiness, designed to steal money from specific banks or accounts. Malware-as-a-service as our own Mikko Hyppönen put it.
So what exactly is a Banking Trojan? As with any other Trojan, it is a program that has been installed to your computer one way or another without you knowing its real purpose. Once there, it simply waits quietly in the background until you access your online bank. It will then start recording the information that you enter and send it back to criminals. It can now do automatic transactions in the background or alter the information that you see in order to buy time for the attacker to use your bank credentials for fraudulent transactions. Once the criminal has gotten your bank details there is no knowing what he or she can do.
So how to you protect yourself?
Here are 4 ways to make sure that when you bank on your PC, it’s as safe as it can possibly be.
1. Keep your operating system updated.
Think of your operating system as the walls around your house that keeps developing holes. Luckily, the maker of the wall will keep patching the holes. All you have to do is update your system software. You can do this on your Windows PC by going to windowsupdate.microsoft.com. On your Mac, you can go to the Apple menu and selecting “Software Update.”
2. Keep your software updated.
The programs on your PC also develop vulnerabilities that need to be patched or you may allow criminals a foothold into your life. You can update each application individually or you can use our free Health Check, which checks all of your major applications and your operating system to make sure they’re patched and protected.
3. Don’t click on links in emails from your bank.
It’s a good idea not to click on links in an email unless you specifically asked for it, such as a password refresh. A common practices is to spoof a bank’s look and send a scam email to thousands of recipients hoping to find a few that use the bank. You can avoid this by going to your bank’s site directly and calling them if you have a question.
4. Use Internet Security that has banking protection.
F-Secure’s Banking Protection automatically detects when you’re visiting an online bank. It notifies you that additional Banking Protection is enabled and adds an extra layer of security by only allowing access to banks or trusted sites that are necessary to do online banking. All other new connections will be prevented. In other words, there is no possibility for the attacker to get your bank details. Once you’re finished with your online banking, you simply end the Banking Protection mode and everything is back to normal. Sort of like unbuckling your safety belt when you’ve reached your destination. And no extra apps, plug-ins, or special browsers are required.
Banking Protection is a part of F-Secure Internet Security 2013 and works together with all the other security layers. All existing users of F-Secure Internet Security 2013 will receive Banking Protection as an automatic update in the first quarter of 2013, and those who do not want to wait can download the update now.
We hope you enjoy the protection!
Image credit: MoneyBlogNewz
This is the first in a series of posts about Cyber Defense that happened to real people in real life, costing very real money. A rainy, early spring day was slowly getting underway at a local council office in a small town in Western Poland. It was a morning like any other. Nobody there expected that this unremarkable day would see a series of events that would soon affect the entire community... Joanna Kaczmarek, a Senior Specialist in the council’s Accounting Department, rushed into her office a little late, but in a good mood nonetheless. Before getting down to work, she brewed herself a cup of coffee and played some music on her computer. Several days earlier, she had finally installed a music app on her PC so she could listen to her favourite tunes while she worked. This had taken some effort though, as she had needed administrator’s access to her computer. It took a lot of pleading and cajoling, but after a week the IT guy finally gave in. Joanna had no idea that she was opening a dangerous gap in the council’s IT system. That morning, Joanna launched, as she had countless times before, a government issued budget management application. With a few clicks, she made a transfer order for nearly twenty thousand zloty. The recipient of the money was a company that had won the contract for the renovation of a main road in the town. The whole operation took seconds. Two days later, the owner of the company phoned Joanna, asking about the advance he was supposed have received. “I can’t get the work started without that money”, he complained in an annoyed voice. Joanna was a little surprised and contacted the bank. The bank confirmed the operation, saying that there was nothing suspicious about it. Joanna, together with the Head of the IT Department, carefully ran back over the events of the day of the transfer. They found nothing out of the ordinary, so started checking what was happening on Joanna’s computer around the time before the transfer date. They soon found something: nearly a week prior to the date of the missing transfer, Joanna had received an email from the developer of the budget management software. For Joanna, the message hadn’t raised any red flags; the email contained a reminder about a software update and looked very legitimate. It contained the developer’s contact data, logo and telephone number. Everything was in order… Everything except for a change of one letter in the sender’s address. Joanna hadn’t noticed – a “t” and an “f” look so alike when you read quickly, don’t they? Unaware of the consequences, Joanna followed the link that was to take her to the update website. With just one click of her mouse she started a snowball of events that ultimately affected each and every resident of the town. Instead of the “update”, she downloaded dangerous spyware onto her computer. In this way, the cybercriminals who orchestrated the attack learnt that the woman was a Senior Specialist in the Accounting Department and was responsible for transferring money, including EU funds. The thieves lured Joanna into a digital trap, tricking her into installing software that replaced bank account numbers “on the fly”. As she was processing the transaction, the hackers replaced the recipient’s account details with their own, effectively stealing the money. Joanna would have been unable to install the fake update if she hadn’t obtained the administrator’s rights she’d needed for her music app. All she had wanted was to listen to some music while she worked. If only she had known what the consequences would be... After the attack was discovered, the Police launched an investigation. Joanna was just one of many victims. Investigators discovered that the malware infection was likely to have targeted computers used by local government workers in hundreds of municipalities across Poland. Law enforcement authorities haven’t officially disclosed how much money was stolen, but given the fact that losses may have been underreported, the estimated figures are in the millions of zlotys. On the top of that, Joanna’s town had to wait months for the completion of the roadwork. This was one of the largest mass cyber-attacks against local government in Poland. It certainly won’t be the last one... For small and medium sized enterprises, the average financial loss as the result of a cyber security incident is on average 380 000€. The risk and the lost is real. Don’t be an easy target. We help businesses avoid becoming an easy victim to cyber attacks by offering best in class end-point protection and security management solutions trusted by millions.
F-Secure Labs reported this week on a new WhatsApp scam that’s successfully spammed over 22,000 people. Spam seems to be as old as the Internet itself, and is both a proven nuisance AND a lucrative source of revenue for spammers. Most people don’t see what goes on behind the scenes, but spammers often employ very sophisticated schemes that can expose web surfers to more than just ads for Viagara or other “magic beans”. Spam typically tries to drive Internet traffic by tricking people into clicking certain websites, where scammers can bombard unsuspecting web surfers with various types of advertising. Profit motives are what keep spammers working hard to circumvent spam blocks, white lists, and other protective measures that people use to try and fight back – and it can pay off. Numerous spammers have been indicted and suspected of generating hundreds of thousands of dollars in revenue from their spam campaigns, with one study projecting that spammers could generate in excess of 3.5 million dollars annually. While most spam circulates via e-mail, the popularity of services like WhatsApp is giving spammers new resources to exploit people, and new ways to make money. Here’s a few ways spammers and cyber criminals are using WhatsApp to make money off users: Following Malicious Links: One way that cyber criminals use WhatsApp to scam people is to trick them into following malicious links. For example, a recent scam sent SMS messages to WhatsApp users telling them to follow a link to update the app. But the message was not from WhatsApp, and the link didn’t provide them with any kind of update. It signed them up for an additional service, and added a hefty surcharge to victims' phone bills. Sending Premium Rate Messages: Premium rate SMS sending malware was recently determined by F-Secure Labs to be the fastest growing mobile malware threat, and WhatsApp gives cyber criminals a new way to engage in this malicious behavior. Basically the users receive a message that asks them to send a response – “I’m writing to you from WhatsApp, let me know here if you are getting my messages”, “Get in touch with me about the second job interview”, and various sexual themed messages have all been documented. Responding to these messages automatically redirects your message through a premium rate service. Spanish police claim that one gang they arrested made over 5 million euros using this scheme – leaving everyday mobile phone users to foot the bill. Manipulating Web Traffic: A lot of spam tries to direct web traffic to make money off advertising. As you might imagine, this means they have to get massive numbers of people to look at the ads they’re using for their scams. Scammers use WhatsApp to do this by using the app to spread malware or social engineer large numbers of people to visit a website under false pretenses. F-Secure Labs found that people were being directed to a website for information on where they could get a free tablet. In March there was a global spam campaign claiming people could test the new WhatsApp calling feature. Both cases were textbook scams, and instead of getting new tablets or services, the victims simply wasted their time spreading misleading spam messages and/or exposing themselves to ads. WhatsApp and other services are great for people, but like any new software, requires a bit of understanding to know how to use. Hopefully these points give WhatsApp users a heads up on how they can avoid spam and other digital threats, so they can enjoy using WhatsApp to chat with their friends. [ Image by Julian S. | Flickr ]
Espionage – it’s not just for James Bond type spies anymore. Cyber espionage is becoming an increasingly important part of global affairs, and a threat that companies and organizations handling large amounts of sensitive data are now faced with. Institutions like these are tempting targets because of the data they work with, and so attacks designed to steal data or manipulate them can give attackers significant advantages in various social, political and industrial theaters. F-Secure Labs’ latest malware analysis focuses on CozyDuke – an Advanced Persistent Threat (APT) toolkit that uses combinations of tactics and malware to compromise and steal information from its targets. The analysis links it to other APTs responsible for a number of high-profile acts of espionage, including attacks against NATO and a number of European government agencies. CozyDuke utilizes much of the same infrastructure as the platforms used in these attacks, effectively linking these different campaigns to the same technology. “All of these threats are related to one another and share resources, but they’re built a little bit differently to make them more effective against particular targets”, says F-Secure Security Advisor Sean Sullivan. “The interesting thing about CozyDuke is that it’s being used against a more diverse range of targets. Many of its targets are still Western governments and institutions, but we’re also seeing it being used against targets based in Asia, which is a notable observation to make”. CozyDuke and its associates are believed to originate from Russia. The attackers establish a beachhead in an organization by tricking employees into doing something such as clicking a link in an e-mail that distracts users with a decoy file (like a PDF or a video), allowing CozyDuke to infect systems without being noticed. Attackers can then perform a variety of tasks by using different payloads compatible with CozyDuke, and this can let them gather passwords and other sensitive information, remotely execute commands, or intercept confidential communications. Just because threats like CozyDuke target organizations rather than individual citizens doesn’t mean that they don’t put regular people at risk. Government organizations, for example, handle large amounts of data about regular people. Attackers can use CozyDuke and other types of malware to steal data from these organizations, and then use what they learn about people for future attacks, or even sell it to cyber criminals. The white paper, penned by F-Secure Threat Intelligence Analyst Artturi Lehtiö, is free and available for download from F-Secure’s website. [ Image by Andrew Becraft | Flickr ]