Malware Threats Rise for Mobile Banking

mobile malwareLast year alone on Google’s mobile Android platform, Trend Micro detected 350,000 “malicious and high-risk” Android app samples, according to a report by the digital security firm. That’s an increase from the 1,000 samples it saw the previous year. Only 20% of Android device owners use a security app, the company has found. [http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt-repeating-history.pdf]

Vulnerability

Right now, most hacks cyber criminals employ focus on picking up one-time-passwords sent to mobile phones. “They are not there, yet,” says Pascual of digital deception. “[Hackers] are just dipping their toes in the water, attacking those one-time-passwords.”

Mitigation

Akamai commissioned research by IDC Financial Insights to further understand these threats. The resulting whitepaper, titled ‘New Threats Demand Innovative Responses,’ exposes some of the challenges that IT departments and their business-side counterparts face in responding to these threats.  Some of the major recommendations include:- IT security teams need to ensure that security strategies are reflective of business goals and strategic direction where the growth of the digital banking channel is concerned. This requires IT to be involved in the design and development of new products and services from the outset, particularly where newer interaction mechanisms – namely mobile and social – are involved.

  1. [i]“As a priority, banking IT security teams must become more knowledgeable regarding the threats posed by mobile malware. While the likelihood of attack is currently low, IDC Financial Insights believes this situation will change in 2012, as cyber criminals seek ways to exploit vulnerabilities in mobile OSs and develop more sophisticated methods by which to perform fraudulent activities.
  2. Banks should continue – or in some cases commence – to educate customers as to how they can identify fraudulent attempts to gain access to personal financial data (by means of phishing or smishing attacks). Historic fraud education methods have, in IDC’s opinion, often been found wanting. Interactive training, where banks simulate phishing and smishing attacks to ensure customers know what signs to look out for and how to react offers a better alternative. i.e. Smishing attack is a form of SMS spam.
  3. If existing security technology suppliers are lagging behind in the provision of dedicated solutions to improve the robustness of the mobile channel, institutions should consider using specialist niche vendors who solely concentrate on innovations in mobile security.
  4.  IT departments should seek ways to better engage with business-side users in order to obtain executive sponsorship (and budgetary contributions) for initiatives to improve digital banking security. Conversely, business-side users should not get ahead of their skis and consider launching new services or applications before they have been adequately assessed and signed-off by IT security.
  5. Innovations in digital banking can still occur, provided they are underpinned by suitably innovative security solutions.
  6. With an increasing number of attacks expected through both PC and mobile devices, banks should plan their survival strategies accordingly. Ultimately it is far better to be over-prepared rather than woefully ill-equipped to deal with the consequences.” Rich Bolstridge January 24, 2012 3:38 PM

[i]

Rich Bolstridge. “New Security Threats in Online Banking Demand Innovative Responses”blogs.akamai.com, Available at:https://blogs.akamai.com/2012/01/new-security-threats-in-online-banking-demand-innovative-responses.html,accessed on August 21, 2013 @1746 hrs.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s