Kaspersky Lab predicts a new trend for 2015: targeted attacks directly against banks

This year has shown us that cyber criminals are capable of executing increasingly malicious attacks. In “Predictions,” the first part of the Kaspersky Security Bulletin, experts provide insight on what next year could look like in the security industry. The list includes high-stake, targeted cyber-attacks pinpointing banks and the development of malware that can take cash directly from ATMs. In addition to financial cybercrime, Kaspersky Lab predicts 2015 is likely to have more privacy concerns, security worries about Apple devices and renewed fears about connected devices.

Top Target: Banks
During a recent investigation, Kaspersky Lab experts discovered an attack in which an accountant’s computer was compromised and used to initiate a large transfer with a financial institution. It represented the emergence of a new trend: targeted attacks directly against banks. Once attackers get into a bank’s network, they can siphon enough information that lets them steal money directly from the bank in several ways:
. Remotely command ATMs to dispose cash
. Performing SWIFT transfers from various customers’ accounts
. Manipulating online banking systems to perform transfers in the background

ATMs are vulnerable
Attacks against ATMs seemed to explode in 2014 with several public incidents and a rush globally by law enforcement authorities to respond to this crisis. As most of these systems are running Windows XP and also suffer from frail physical security, they are incredibly vulnerable by default.

“In 2015, we expect to see further evolution of these ATM attacks with the use of targeted malicious techniques to gain access to the „brain” of cash machines. The next stage will see attackers compromising the networks of banks and using that level of access to manipulate ATM machines in real time,” comments Alexander Gostev, Chief Security Expert at Global Research and Analysis Team, Kaspersky Lab.

Attacks against virtual payment systems
The Kaspersky Lab Global Research and Analysis Team expect criminals to leap at every opportunity to exploit payment systems. These fears can also be extended to the new Apple Pay, which uses NFC (Near Field Communications) to handle wireless consumer transactions. This is a ripe market for security research and we expect the appearance of vulnerability warnings about weaknesses in Apple Pay, virtual wallets and other virtual payment systems.

“The enthusiasm over the new Apple Pay is going to drive adoption through the roof and that will inevitably attract many cybercriminals looking to reap the rewards of these transactions. Apple’s design possesses and increased focus on security (like virtualized transaction data) but we’ll be very curious to see how hackers will exploit the features of this implementation,” added Gostev.

The full text of the report is available on the Securelist website.