/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: Symantec’s latest analysis of the cyber threat landscape has revealed the rise of .in URLs in spam.
Last year, the India domain (.in) ranked 10th in the distribution list, while it has now jumped to the 5th position. Furthermore, 25 per cent of phishing attacks on Indian brands used the .in domain.
In May 2012, Symantec Intelligence also observed a whopping 187 per cent rise over the previous month in phishing attacks on Indian brands, all of which were in the banking sector. While these originated around the world, Hyderabad hosted the second highest number of phishing attacks on Indian brands. Hyderabad also tops the list of cities for this month that hosted phishing sites in India of non-Indian brands followed by Nashik, New Delhi and Bangalore on the 3rd and 4th place respectively. Hyderabad was at 7th place in April and Thanjavur has featured in this list for the first time.
Top Threats to your Bank Blance
Banking threats are not new; they have been around as far back as 2003. However, even as electronic banking channels have evolved and grown, banking threats have reached a considerable level of sophistication. Particularly in India and emerging nations where banks are encouraging e-transactions as a new stream of revenue, banking threats are widely prevalent. Sality, for instance, the most prevalent malcode in India for the past two years, has the capability of spreading through a variety of means and stealing banking information.
The majority of cyber attacks today are motivated by financial gain. Today there is an underground economy where information and identities are stolen, traded and exploited in an organized manner by the cyber mafia. Unsurprisingly, credit card and bank account information have been the top most actively traded items in the online black market — worth billions of dollars - for the past two years. In fact, the latest Symantec Internet Security Threat Report XVII revealed that finance was the third-most targeted sector is 2011 for cyber attacks.
The good news is that the Reserve Bank of India has proactively directed banks to beef up their information security and risk management posture, outlining 225 checks in seven categories to protect users’ information and money from cyber threats.
Here are some of the threats used by cyber attackers to wipe out your bank account:
ZEUS: This is the most prevalent and ubiquitous banking threat, in circulation and evolving since 2006. Zeus infects PCs, waits for their users to log on to a list of targeted banks and financial institutions, and then steals their credentials and sends them to a remote server in real-time. Additionally, it may inject HTML into the pages rendered by the browser, so that its own content is displayed together with (or instead of) the genuine pages from the bank’s Web server. In this way it is able to ask the user to divulge additional personal information, such as payment card number and PIN, one-time passwords, and more. Today Zeus also has its own mobile version, affecting most of the popular mobile operating systems.
SILENTBANKER: This Trojan targeted over 400 banks around the world, intercepted transactions; silently changes the user-entered destination bank account details to the attacker's account details instead. The Trojan ensures that the user does not notice this change by presenting the user with the details they expect to see, while all the time sending the bank the attacker's details instead.
TATANARG: Kills not only security processes, but also other banking threats (imagine two thieves targeting your house and attacking one another in the process!), enables the attacker to access your computer remotely, intercepts communication between the user and the bank, and effectively controls the infected computer. It also encrypts communication to lull the user into believing that the transaction is secure, since they will see “https” in the URL and the padlock symbol.
INFOSTEALER.BANCOS: One of the earliest banking threats, it gathers confidential financial information from the user’s computer. The Trojan is most often spread by way of an email containing a social engineering trick such as a fake email from a bank asking the user to run the attached program and perform some other actions to verify their banking details, potentially leading to account information being compromised.
THREAT LANDSCAPE HIGHLIGHTS (*SOURCE: SYMANTEC INTELLIGENCE REPORT — MAY 2012)
- Spam — 67.8 percent
- Phishing — One in 568.3 emails identified as phishing
- Malware — One in 365.1 emails contained malware
- Malicious Web sites — 4,359 Web sites blocked per day
- W.32 Flamer: W32/Flamer is a highly sophisticated and targeted threat primarily targeting organizations and individuals located in the Middle East designed for cyber espionage and for stealing information.
- 2012 Olympics — Spammers Go for Gold: Internet users need to be on the lookout for scammers trying to cash in on the upcoming 2012 Summer Olympic Games. Lottery scams are on the rise, as is a new scam where spammers seek participation in the form of co-coordinators, welcome partners, and more. The reader is asked to provide a large amount of personal data up front–a red flag for any sort of promotion like this. The use of the official event logo is possibly to deceive the user of its legitimacy.