Cyber security experts have revealed that hackers used the source code from a banking Trojan previously released on the Dark Web to create their own version. They embedded the code in two legitimate weather apps and released them into the Google Play Store. The Trojan was configured to show fake online banking login screens. Malware was also able to by-pass two-step authentication processes.
A recent report by the Internet Registry SIDN discovered that only 6% of online banking websites were using Domain Name System Security Extensions; this was significantly behind other industries.
A Lack of Investment
Cyber security is big business, but many of the world’s biggest banks are still not taking online security seriously enough. In 2016, consumer group Which? released a report that strongly criticised some of the UK’s leading banks for not investing enough in online security. It found that only five out of 11 leading high street banks had adopted two-step authentication to protect customers when they logged into their accounts, even though they have the technology in place.
The banks hit back by releasing statements to say security was their top priority, but with financial fraud on the rise, banks clearly aren’t doing enough. Hackers stole £755 million in 2015, a jump of 26% from the previous year. This figure includes all types of financial fraud, from online attacks such as malware and data hacks, to deception scams and impersonation fraud.
Online Fraud Costs UK Economy £193 Billion
The Annual Fraud Indicator 2016 estimates that fraud costs the UK economy more than £193 billion every year. That equates to £6,000 lost every second. Yet banks go to great lengths to promote their online services as “safe”, even when it’s clearly not the case. £2.5 million was stolen from 9,000 Tesco Bank customers in 2016. In the US, JP Morgan Chase has suffered recurring cyber-attacks. A 2014 attack saw 76 million customers affected.
The Rise of Online Banking
Online banking is now mainstream. 64% of individuals in the UK use online banking on a daily basis. In Denmark, the figure is even higher at 88%, but in Norway, 91% of people bank online. The problem is that online security hasn’t kept apace. Whilst many banking institutions do take cyber security very seriously, hackers are still able to exploit vulnerabilities to steal our cash.
Financial institutions and online platforms such as Oanda are increasingly migrating their applications into the public cloud, but this represents a whole new layer of vulnerability. There are cost savings to be made from utilising public cloud infrastructure. The cloud can also allow organisations to cope with extra demand during peak periods. It is clear that the public cloud does have a place, but data security needs to be a priority.
It isn’t just financial institutions that are vulnerable to hackers. 2016 saw some of the biggest hacks ever. In September, Yahoo revealed more than 500 million user accounts had been hacked in 2014, before making matters a lot worse by disclosing that a further one billion user accounts had been hacked in 2013.
For many people, password verifications, authentication processes and alerts are a major nuisance, but without some form of online security protocol, your online bank accounts and personal data would be laid wide open to hackers. Unfortunately, even with multi-layer security protocols in place, hackers still find a way.
If you'd like to learn more about how to protect yourself from fraud online, take a look at onlinescam.