Cyber attacks on ATM and internet banking applications on the rise

Dubai: One third of all cyber attacks last year targeted the ATM and internet banking applications in the Middle East, an industry expert said.

“Today’s attacks have moved to the application layer from the earlier years of network-based attacks. The motivation behind the attacks is clearly for financial gains and, therefore, attackers are targeting business applications and web applications,” Rajat Mohanty, CEO of Paladion Networks, said.

He attributed another reason for this phenomenon as well. Organisations today have more web applications and, hence, encounter more cyber attacks.

The US and China have been the top source countries for launching external cyber attacks. They together contribute more than half of the cyber attack sources. Other Bric countries — Brazil, Russia and India — also are amongst top sources of external cyber attacks in the region. About 40 external cyber attacks took place per month in the Middle East.

“The reasons for this can be many. Some of them are due to better bandwidth and hosting facilities as well as advanced attacker skills in these countries. But it may also be due to more number of compromised systems in these countries which are being used as launch pads by attackers. It should be noted that this data does not confirm the physical location of the attackers and the actual attackers may or may not be from these countries,” Mohanty said.

Breaching security

Paladion data shows that the bigger the companies, more the number of attempts to breach their security infrastructure.

“The automatic money transfer [ATM] system attacks, which allows cybercriminals to breach new bank security measures and clean out a victim’s bank account without leaving signs of criminal activity, are of particular concern because they circumvent traditional and even enhanced online banking security measures,” Tom Kellermann, vice-president (Cybersecurity), of Trend Micro, said.

“Users should update their endpoint security systems frequently to ensure they afford themselves the best chance to prevent these attacks,” he warned.

More than 51 per cent of the security alerts were directed at organisations with revenue greater than $1 billion (Dh3.67 billion) while 27 per cent were directed at organisations with revenue between $500 million-$999 million.

Of the 13,400 phishing attacks handled by Paladion last year, an average of 600 attacks was targeted at banks.

Smaller banks targeted

Attacks in 2011 have been lesser in number than in 2010, and it has been decreasing further over the past few months. But, there has been a small increase in phishing incidents in smaller banks, going up from 15 per cent to 20 per cent in 2011.

“Phishers had started to include the smaller banks as their targets in the latter part of the year, maybe due to diminishing returns from larger banks as these started deploying better anti-phishing measures,” he said.

The US remained the most preferred destination to host phishing sites in 2011.