• Sat. Oct 1st, 2022

The Cyber ​​Threat to Mobile Banking

ByCindy J. Daddario

Aug 28, 2022

Lack of adequate cybersecurity and shortage of talent in the banking sector could potentially lead to a further increase in cyberattacks on user devices

Lack of adequate cybersecurity and shortage of talent in the banking sector could potentially lead to a further increase in cyberattacks on user devices

While cash transactions are a thing of the past, an increasing number of people’s interactions with their bank or bank accounts are happening through their smartphones. According to a 2020 Statista survey of five thousand households in 25 Indian states, two-thirds of respondents said they have a smartphone. Of these, half said they send and receive money digitally, and around 31% said they have a mobile app for banking. Nearly 14% said they use their mobile phone for banking purposes. This number has increased further as the COVID-19 pandemic has caused many more people to switch to digital payment methods instead of making cash transactions. The convenience and speed of payments through mobile apps has also played a key role in accelerating this trend. With this acceleration comes a vulnerability: an increased threat of cyberattacks on mobile devices.

Kaspersky’s view on the threat

Global cybersecurity firm Kaspersky warns of an increase in cyberattacks on Android and iOS devices in the Asia-Pacific (APAC) region as more people turn to mobile banking services in the region. According to Suguru Ishimaru, Senior Malware Researcher at Kaspersky, Mobile Banking Trojans are dangerous malware that can steal money from mobile users’ bank accounts by disguising the malicious app as a legitimate app to trick users into unsuspecting people to install the malware. (A Trojan horse is malicious code or software that looks legitimate but can take over your device, including smartphones.)

Speaking at the APAC Cyber ​​Security Weekend conference on Thursday, Mr. Ishimaru highlighted two major malware campaigns that operate in the region and target smartphone users in multiple countries.

Trojans unleashed

A mobile banking trojan, called Anubis, has been targeting Android users since 2017, and its global campaigns have affected users in Russia, Turkey, India, China, Colombia, France, Germany, the United States States, Denmark and Vietnam. The malware remains one of the most common mobile banking Trojans, with one in 10 unique Kaspersky users facing a banking threat from the malware. The perpetrators infect the device via malicious apps that look legitimate and rank high on Google Play, smishing (phishing messages sent via SMS) and BianLian malware, another mobile banking Trojan, noted Mr. Ishimaru.

Roaming Mantis is another prolific malware targeting mobile banking users. The group attacks Android devices and spreads malicious code by hijacking domain name systems (DNS) through smishing exploits. Kaspersky’s research team has been tracking the malware since 2018; and between the start of 2021 and the first half of 2022 alone, they detected almost half a million attacks in the APAC region.

Mr. Ishimaru said that although this threat group is known to target Android devices, its recent campaign has shown interest in iOS users. The group targets users by sending smishing texts with a short description and landing page URL. If a user clicks on the link and opens the landing page, they are redirected to a phishing page. For iOS users, the landing page mimics Apple’s official website; while Android devices download other malware. And once the individual enters their login credentials and performs two-factor authentication, the attacker gets to know the user’s device and login credentials.

“There is a notion that iOS is a more secure operating system,” Ishimaru said. “However, we [users] must consider two things: the growing sophistication of social engineering techniques and mobile banker’s malware arsenal, and the possibility of human error. »

Interoperability Complicates Problems

Mobile payment platforms such as Google Pay, PaytM, PhonePe, Square, PayPal and Alipay have benefited from the shift in consumer adoption of mobile banking.

As a result, they have also permanently changed the payout game to their advantage. But these platforms operate in a closed-loop payment world where a Google Pay user can send money to another bank account through only the search giant’s payment platform. This is similar to how Visa and Mastercard work, as they allow payment transactions to occur only within their own networks, not between them.

That business model could change “in part because of regulators favoring open, standardized platforms that lower barriers to entry,” according to a 2022 Banking Trends report from Accenture.

Some countries are already forcing payment platform providers to change their business model. China, for example, has ordered its internet companies to offer their rival company’s matchmaking and payment services on their platforms. In India, a new law requires all licensed mobile payment platforms to be able to provide interoperability between wallets. Pressure from regulators to make payment platforms interoperable comes at a time when the demand for technical experts is a major concern in the banking industry.

The shortage of technology, engineering, data and security experts that banks need to achieve their digital aspirations tends to hide a much larger problem: the attractiveness of banks as first-choice employers for all kinds of talent has faded, adds the Accenture report. The lack of adequate cybersecurity and the shortage of talent in the banking sector could potentially lead to a further increase in cyberattacks on user devices. And until this mismatch is corrected, it pays to be cautious and extremely careful when using a mobile device to make payments. In addition to regular digital hygiene practices such as updating the phone and rebooting regularly, consumers can ensure that they only use their phone for banking when the device is connected to a VPN. secured. iOS 16 users can enable lockdown mode as it limits the functionality of the device and protects it from any potential malware.

THE ESSENTIAL

According to a 2020 Statista survey in 25 Indian states, two-thirds of respondents said they have a smartphone. Of these, half said they send and receive money digitally, and around 31% said they have a mobile app for banking. Nearly 14% said they use their mobile phone for banking purposes.

Global cybersecurity firm Kaspersky warns of an increase in cyberattacks on Android and iOS devices in the Asia-Pacific (APAC) region. A mobile banking trojan, called Anubis, has been targeting Android users since 2017. Roaming Mantis is another prolific malware targeting mobile banking users.

Regulators are pushing to make payment platforms interoperable at a time when the demand for technical experts is a major concern in the banking industry.