Hackers Exploiting SS7 Protocol & Injecting ATM malware to attack banks and financial sectors

ATM malware

The banking and financial sectors were constantly affected by cyber attacks compared to other industries. 25.7 percent of all malware attacks last year focussed on banks and organizations of financial services.

The credentials leak doubled to any quarter of 2018 according to Insights Q1 2019. The increase is due to the collection of leaked data exposed online in Hacker Forums around 2.2 trillion usernames and passwords.

Credit card leakage increased by more than 212% and increased over the years by 102% in malicious applications. As mobile banking makes users more comfortable, the risk of malicious applications is growing in parallel.

insights noted huge fluctuations in the area of black market financial assets. The percentage of the papers leaked remained stable last year but increased by 23 percent in the first quarter of 2019.

Top Types of Attack

Hackers exploit SS7 telecommunications vulnerabilities to intercept messages that allow for accounts payments.

New research details that sophisticated hackers are now tapping into the telephone network using the SS7 protocol to rob bank accounts of money by intercepting messages.

The primary goals are the banking and finance sectors. Trojans are common to all, Adload, ATRPAS, and Emotet are some famous Trojans.

Cybercriminals inject a fake message into switch servers to approve fraudulent withdrawal applications such as fast cash and ATMJackPot.

Ransomware is yet another cybercriminal trunk business, infects the banking system and keeps the bank’s hostage until they pay up.

Mobile banking attacks, attackers provide false banking applications and banking trojan as well as ex-filters login credentials and user account stolen money are the next serious threat.

The finance sector is also most commonly found on DDoS target lists on the dark web, according to the report. Insider threats allow attackers to determine the breakdown without alerting in some cases.

Phishing as a service allows anyone without technical expertise to run campaigns and exfiltrate sensitive registration credentials.

The report shows that the threat actors in the developing world are most often targeted at banks and financial institutions.

“Our research shows that Latino, African and South Asian financial organizations— especially India and Pakistan — are particularly vulnerable to attacks because many of them lack the same comprehensive security systems common to large companies in developed countries across North America, Western Europe, and parts of Asia, such as Singapore and Japan.”

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.