Banking Malware: Top Threat Trends and How to Stay Protected

By Negin Aminian

Posted on Mar 31, 2021

As banks continue to digitize their offerings to optimize efficiency and improve the customer experience, they are exposing themselves to increased levels of malware risk. In order to stay protected, it is essential that financial services organizations take steps to ensure that their internal and third-party cybersecurity processes allow for comprehensive malware threat identification and remediation. Let’s take a look at some of the key banking malware threats facing the industry as well as the proactive steps that banks can take to better protect against them.

What is banking malware and how dangerous is it?

Banking malware refers to malicious software that causes damage to infected networks or devices. It’s important to understand the dangers of banking malware, especially as mobile apps continue to be a leading trend in the financial services industry. As more customers begin to make use of these apps, organizations can’t overlook those who may not be as technically proficient. To cover the gaps in security that these users may cause, organizations should gain an awareness of the various threats facing the industry so they can be better prepared to protect against them.

Key malware threat families in the banking sector

The cyber threat landscape is constantly evolving and organizations’ digital attack surfaces are rapidly expanding, and this is especially true for the banking sector as cybercriminals increasingly take advantage of the industry’s current wave of digital transformation. Here are the top banking malware threats :

1. Zeus

Zeus entered the digital landscape in 2007 and is among the oldest banking malware. It originally employed tactics such as stealing user credentials, manipulating page forms, or redirecting users to unauthorized sites, but quickly evolved, with some able to evade detection for extended periods of time and even generate revenue. Zeus is one of the most common and widespread banking malware, though its original version has since been neutralized. Instead, Zeus’s significance in today’s cyber threat landscape lies mostly in its predecessors, as many banking malware threats stem from the family.

2. Gozi

Gozi is also one of the oldest banking malware threats, though it is still one of today’s leading threats for the financial services industry. The malware tricks users into submitting confidential information or completing financial transactions in accounts they do not own. Gozi is constantly evolving and implementing new, advanced evasion techniques, and its recent connection with other malware threats such as DanaBot or Tinba has made it a serious concern for today’s banking institutions.

3. Citadel

Citadel is a descendent of Zeus, and it was first identified in 2011 targeting stored login credentials in password managers. Citadel is not as active of a threat as it was nearly 10 years ago after its unique technical support aspect led to the end of the banking malware’s reign. Users had the ability to file bug reports and connect with other users of the malware, and it was through this feature that the FBI was able to locate the source of the threat. However, its widespread distribution in its earlier years means that this threat could re-emerge at any time.

4. Emotet

Emotet entered the banking sector in 2014 and began as a relatively simple malware. In later years, it evolved and became capable of dropping additional pieces of malware. The malware was typically used to gain access into unauthorized systems, where it then sold that access to other cybercriminals to exploit in a number of ways. An example of this is BokBot infections, which have become much more prevalent in recent years due to widespread distribution via the Emotet malware.

5. SpyEye

SpyEye frequently targets Windows users on common web browsers and steals user credentials and funds from online bank accounts. The main goal of this malware is typically to steal highly sensitive information, user identities, and commit financial theft. This malware is unique in that it attempted to remove its competitor, Zeus, by including a feature that would remove the malware from an already infected machine.

6. Panda

As a variant of Zeus, Panda leverages techniques such as man-in-the-brows (MITB) attacks or keystroke logging. However, its main differentiator is its ability to evade detection. There are at least 23 known forensic analytic tools that Panda can detect, and that number is likely to continue growing. It’s critical that the banking sector keep this threat in mind given how difficult it can be to monitor and analyze.

How banks can protect against malware threats

As the banking sector continues to embrace emerging technologies and deliver new services to customers, cybersecurity must remain top of mind. Organizations should consider the following to ensure that the right security policies and programs are in place:

Implement a cybersecurity risk management program

An effective cybersecurity risk management program should be developed with the organization’s business objectives in mind. The first step is to assess any data that needs to be protected, then identify any vulnerabilities within those assets. From there, the IT security team can prioritize threats based on their overall potential impact and determine a plan of action for establishing the proper security controls moving forward.

Employee training

Employees are arguably the first line of defense for organizations, which is why it’s critical that workforces understand the threats facing their particular organization or industry, as well as how to respond to them. With the recent shift to more remote work environments, social engineering attacks are on the rise. Employee awareness and training are a necessity for organizations now more than ever.

Continually monitor third-party cyber risk

Banking institutions are facing increasingly stringent regulations, specifically when it comes to monitoring third-party vendors. Given the sensitive nature of the data being shared, there are strict guidelines that must be followed for managing third-party risk. In the U.S., for example, The Federal Reserve Board requires comprehensive oversight and the continuous risk monitoring of all services providers. This helps to ensure that your entire IT ecosystem is maintaining compliance with relevant industry mandates.

Leverage cybersecurity threat intelligence

Cybersecurity threat intelligence is the various data that has been collected to help organizations gain a better understanding of the threat landscape and other trends in cybersecurity. In doing so, security teams can analyze threats from the past, present, and future, allowing them to make more data-driven decisions about how to improve the organization’s cyber hygiene.

How SecurityScorecard can help defend against malware

SecurityScorecard makes it possible for banking and financial services institutions to streamline cybersecurity, maintain compliance, and continuously monitor third- and fourth-party vendors. Our security ratings allow IT security teams to analyze organizational risk across 10 groups of risk factors, making it easier to identify any gaps in security across the entire IT supply chain.

Like many industries, the banking sector is embracing digital transformation in order to improve both day-to-day operations and the customer experience. As they undergo these changes and continue to utilize new technologies, it’s critical for organizations to be aware of the threats they may be introduced to, including but not limited to, some of today’s top banking malware threats. With SecurityScorecard, organizations can confidently monitor their cybersecurity posture as well as that of their vendors, helping to ensure comprehensive security and compliance with changing industry standards.

No waiting, 100% Free

Get your personalized scorecard today

Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.

Get Your Free Score

Get In Touch

Thank you for contacting us!