Kaspersky Lab is seeing bolder cyber threats in 2015, including the targeting of banks directly, and the further evolution of cybercriminal activities that target Automated Teller Machines (ATMs) and mobile payment systems.
Kaspersky Lab, a leading developer of secure content and threat management solutions, warned that cyber criminals are growing in confidence.
In a recent investigation, Kaspersky Lab security experts discovered an incident where cybercriminals were able to draw off enough information to steal money directly from a bank.
Before, cyber criminals tended to attack users of banking services, seeing it as the weak link in the security chain, the firm explained. This year, Kaspersky Lab experts anticipate high-stakes targeted cyber-attacks pinpointing the banks.
And the fraudsters won’t stop there. Kaspersky Lab security experts expect they will ‘go for broke’ and try to develop new malware that can take cash directly from ATMs.
In addition to financial cybercrime, 2015 is also likely to bring even more privacy concerns, security worries about Apple devices and renewed fears about connected devices like network printers hackers can use to penetrate corporate networks.
During a recent investigation, Kaspersky Lab’s experts discovered an attack in which an accountant’s computer was compromised and used to initiate a large transfer with a financial institution.
It represented the emergence of a new trend: targeted attacks directly against banks. Once attackers get into a bank’s network, they siphon enough information to allow them to steal money directly from the bank in several ways, such as remotely commanding ATMs to dispose cash, and performing different kinds of transfers from customers’ accounts.
ATMs are vulnerable
Attacks against cash machines (ATM) seemed to explode last year with several public incidents and a rush by law enforcement authorities globally to respond to this crisis.
As most of these systems are running Windows XP and also suffer from frail physical security, they are incredibly vulnerable by default, Kaspersky said.
In a statement, Alexander Gostev, Chief Security Expert at Global Research and Analysis Team, Kaspersky Lab said “In 2015, we expect to see further evolution of these ATM attacks with the use of targeted malicious techniques to gain access to the ‘brain’ of cash machines.”
“The next stage will see attackers compromising the networks of banks and using that level of access to manipulate ATM machines in real time,” he added.
Virtual payment systems
Kaspersky Lab Global Research and Analysis Team expect criminals to leap at every opportunity to exploit payment systems.
These fears can also be extended to the new Apple Pay, which uses NFC (Near Field Communications) to handle wireless consumer transactions.
“The enthusiasm over the new Apple Pay is going to drive adoption through the roof and that will inevitably attract many cybercriminals looking to reap the rewards of these transactions,” Gostev said.
“Apple’s design possesses an increased focus on security (like virtualized transaction data) but we’ll be very curious to see how hackers will exploit the features of this implementation,” added Gostev.