We have received very recent information about a new fraud method targeted at finance systems and users, specifically those using commercial online banking systems.
The attack method is a next step on from the banking trojans seen in growing numbers over the last few years. It has the ability to detect the particular online banking system being used, and to run automated scripts in the background during legitimate user sessions to change existing beneficiary account numbers and sort codes to those of fraudulent beneficiary accounts.
It appears that this malware operates in an environment where:
The modus operandi is as follows:
Action you can take to protect your business
|Action Type||Immediately||Longer-term & permanently|
|Banking services||Does your online banking fulfil the three criteria specified? If so contact your bank and discuss defence strategies.||Look for two-factor authentication on all key transactional processes and banking systems.|
|Phishing awareness||Remind staff to be extremely vigilant when clicking links from untrusted sources through work computers. Limit access to shopping, news, social media channels and the like via work PCs.||Publish regular reminder emails on phishing linked to current/relevant news stories.
Conduct occasional / un-warned phishing tests.
|Process changes||Use a different PC just for your online banking - one that is not used for any other purpose. You can set up kiosk mode so that it starts with only an Internet browser accessing online banking only. Shut this PC down when not needed.||Additionally, longer term you could establish this PC on a separate broadband connection; if you use a different internet provider it can also be your alternative for business continuity. Safety firewalls and automatically updated anti-malware scanning and immediate application of security updates should also be applied.|
|Technical checks||Ensure anti-malware is always fully updated. Not all systems detect advanced malware so if concerned, conduct a technical forensic review to identify any advanced malware threats.||Establish continuous penetration and threat testing by independent specialist products and/or services.|
If you are concerned you may be at risk, please consult with your cyber-advisers about the safeguards that can be employed. For further information and guidance, visit Financial & Specialty Lines Risk Solutions or contact a member of the team.