ALL >> Computers >> View Article
Attackers Launch Man-in-the-mobile Attacks On Polish Bank Customers
Cyber threats have evolved over a period of time. Cyber security professionals are constantly endeavoring to devise new mechanisms to prevent security breaches. In the recent times, some banks and financial institutions have introduced a new format of verification, wherein one-time passwords are being sent to the mobile phones of the customers to authorize an online banking transaction. The purpose of such a measure was to ensure that only legitimate customers are able to complete the transaction. However, cybercriminals have devised new mechanisms to intercept that communication and conduct unauthorized transactions.
Recently, customers of ING Bank Slaski, in Poland suffered security breach. Bank customers, whose computers are infected with Zeus Mitmo, are the victims of the latest attack. Zeus Mitmo is a variant of Zeus Trojan and was first identified last year by S21sec, a Spanish Security company. According to security vendor F-Secure, security specialist Piotr Konieczny, first performed the analysis of the latest attack on his blog. The attackers use the Trojan to carry out man-in-the-mobile attacks. Customers ...
... using Symbian and BlackBerry devices are more likely to be affected by the attacks.
Attackers first lure Internet users to download and install a malicious file containing Zeus Mitmo through clicking on a malicious link and drive-by download and other modes. When customers visit a banking site, in this case the website of ING Bank, the Trojan injects a security notification in the web banking process. Usually, ethical hacker certified professionals conduct security evaluation of the websites to detect and mitigate security flaws. In this case, the Trojan injects HTML fields into the website, without making any changes in the URL of the visited site. As such, customers have no reason to doubt the legitimacy of the security notification. The notification gives a false impression to the user that their security is enhanced. The notification asks customers to enter their mobile numbers.
Once, customers enter the mobile number, they receive a Short Message Service (SMS) message containing a link. When they open the link, an application ZeusMitmo.A is installed on the mobile phone of the customer. Customers are tricked to believe that application will enable them to receive the codes sent by the bank.
Once installed, ZeusMitmo.A monitors all SMS messages received by the customers and steals the transaction authorization codes known as mobile transaction authentication numbers (mTANs) sent by the bank. The codes are also known as high security passwords in some countries. The Trojan also includes a backdoor to receive directions from a remote attacker through SMS messages. When a customer performs a transaction and receives the mTANs from the bank, the attackers extract the information through ZeusMitmo.A and conduct fraudulent transactions. The Trojan prevents customers from receiving new notification messages, making it easy for the offenders to initiate and verify transactions with the help of the extracted codes, without the knowledge of the user.
The latest attack target ING Bank customers highlights the sophisticated and advanced mechanism used by cybercriminals. IT security professionals need to be aware of the latest attack mechanisms used by attackers in the cyberspace. Working professionals may benefit from iPad training, tutorials and webinars to equip themselves with necessary skills and technical know-how. Such training programs would allow the professionals to initiate better security measures in their organizations.
Ironically, the threat follows a recent initiative by Google, which provides Google account holders, an additional layer of security through a two-step verification process. Under the two-step verification, users receive a code on a mobile phone after their first log-in on the site. Security breach may have financial and legal implications for banks. Therefore, organizations must hire professionals holding IT security certifications to strengthen the IT security apparatus. Internet security specialists must continue to evolve new mechanisms to improve security of banking and other online transactions.
Add Comment
Computers Articles
1. 00al556 Ibm 550-watts Platinum Power Supply For X3650 M4: Reliable And Energy-efficient Power For Enterprise ServersAuthor: Server Tech Central
2. Iot Identity And Access Management (iam) Market : Driving Secure Innovation In Connected Ecosystems
Author: Umangp
3. Why Should You Plan Blinkit Onboarding Before Market Expansion And How Can Zane Marketing Help You Grow Faster
Author: Zane Marketing
4. Customer Identity And Access Management (ciam) Market : Strengthening Security And Customer Trust
Author: Umangp
5. How To Start Your Website Redesign Project?
Author: brainbell10
6. Sap Compliance In Manufacturing: Closing The Gaps Grc Leaves Behind
Author: Mansoor Alam
7. Speech Analytics Market : Unlocking Actionable Insights From Customer Conversations
Author: Umangp
8. Data Preparation Tools Market: How Ai And Cloud-based Solutions Are Transforming Modern Data Workflows
Author: Umangp
9. How To Setup And Create Instagram Ads?
Author: brainbell10
10. Why Digital Business Cards Are The Future Of Professional Networking
Author: WhyTap
11. End To End Sataware Product Development Is The Process Of Identifying Market Opportunities To Hire Flutter Developer, Connecting User Needs And Requir
Author: brainbell10
12. Dynamics Nav To Business Central Upgrade Guide
Author: brainbell10
13. Data Governance Framework: Building Trust In The Digital Age
Author: Umangp
14. A Complete Guide To Dynamics 365 Warehouse Management
Author: brainbell10
15. Conversational Ai In Intelligent Contact Centers: Market Outlook And Future Growth To 2028
Author: Umangp






