Cybercrims Target Internet Banking
- Only affects PCs running Windows
- Hasn’t arrived in Aussie yet
- No signs of criminal activity
A report by Trend Micro is said to have identified an Automatic Transfer System (ATS) that allows cybercriminals to breach new bank security measures and clean out a victims’ bank accounts without leaving signs of criminal activity.
Entitled “Automatic Transfer System, a New Cybercrime Tool” the report documents attacks that have been directed towards banks that are using enhanced security measures, such as those that impose daily account transfer limits and use two-factor authentication through SMS notifications. Banks in Germany, the United Kingdom and Italy have been targeted the most for these attacks.
“The attacks are of particular concern because they circumvent traditional and even enhanced online banking security measures” said Tom Kellermann, VP Cybersecurity, of Trend Micro. “Due to the seemingly imperceptible way that this ATS tool modifies records, endpoint solutions must be used to prevent infections from starting or to detect the threat after it has already affected a machine. Users should also update their endpoints security systems frequently to ensure they afford themselves the best chance to prevent these attacks.”
The ATS tool currently only affects bank accounts where a PC running Windows is used to access bank records. Unlike previous cybercrime tools that interact with SpyEye and ZeuS, the ATS tool also does not prompt pop-up displays and will automatically perform several tasks such as checking account balances, conducting wire transfers and modifying account transactions to hide traces of the tool’s presence. No banks in the United States have reported to be affected yet, but previous threats that have been linked with SpyEye and ZeuS create the possibility that the tool can be repurposed to attack banks in the United States.