Friday, May 27, 2016

 

This serpent-like malware lies dormant until you access your bank account

Serpent-like malware targets your bank account.

GozNym stays 'asleep' until you access your money.

If you think you can rely solely on your bank’s internet security to protect you, think again. Researchers at IBM Security have uncovered new malware that targets consumers in order to steal money from their accounts.

“We already know of $4 million that was stolen by this malware,” said Etay Maor, an executive advisor with IBM Security. The worst part: It's still out there.

Maor led the Israel-based team that discovered the malware, which has already been used against undisclosed banks in the U.S., Canada and Europe.

The virus, known as GozNym, is a combination of two pieces of malware — one that infects the computer and the other that waits silently like a serpent until the user visits the website of a financial institution.

“The criminal is sitting on the other end obtaining that info in real time,” Maor said.

What’s really different about this malware, according to Maor, is that it’s hard for researchers to even analyze because hackers doubled the encryption.

“When we first saw it, we were saying something bad is happening here but we’ve never seen this before … there are so many layers, we had to break in just to understand what it was,” said Maor.

It’s also much harder for anti-virus software and other solutions to detect it — leaving the end user completely in the dark.

Consumers' computers typically get infected with GozNym by clicking on links in emails. (Right now, the virus appears to be limited to PCs.) The email might be a message about a security solution or update. If you click the link — you might think nothing happened, but from that point on you are exposed.

Maor and his team believe the hackers behind the new virus are located somewhere in Eastern Europe.

“Don’t get this wrong, we are up against professional programmers … not kids," he said.

While GozNym represents a new level of sophistication, viruses targeting financial institutions are not new.

Just last year, 20 million financial records were stolen by malware, Maor said. While exact losses are hard to tally, by some estimates it could run into the billions of dollars.

To guard yourself from GozNym and other viruses, do not click on links in any suspicious emails.

Also, keep your operating system and anti-virus software up-to-date. Software providers are in the process of releasing updates that hopefully will disable GozNym.

Another best practice is to avoid reusing passwords as this can let hackers into multiple accounts.

You should also have two ways to check your account balances, such as using paper statements, ATM receipts or a mobile app in addition to online banking.

The criminals behind GozNym are so sophisticated they can change online banking websites to show full balances even after funds have been transferred out.

Catching the criminals

Meanwhile, banks are working to protect consumer accounts.

"The financial services industry takes this very seriously," said Bill Nelson, president and CEO of the Financial Services Information Sharing and Analysis Center, a group set up by the industry to share threat information, and which has 7,000 members.

And while banks have tools in place to battle against GozNym, "cybersecurity is a shared responsibility between customers and the banks," according to Doug Johnson, senior vice president for payments and cybersecurity at the American Bankers Association.

Law enforcement would like to bring the criminals to justice.

"The FBI — along with our federal, international and private sector partners — will continue to combat cybercrimes, including those involving malware," a spokeswoman explained.

Tags : ,

Share

Social

The idea behind the text.
Respect for the truth is almost the basis of all morality.
Nothing can come from nothing.



Follow

Popular Topics

Read

Well, the way they make shows is, they make one show. That show's called a pilot. Then they show that show to the people who make shows, and on the strength of that one show they decide if they're going to make more shows.

Like you, I used to think the world was this great place where everybody lived by the same standards I did, then some kid with a nail showed me I was living in his world, a world where chaos rules not order, a world where righteousness is not rewarded. That's Cesar's world, and if you're not willing to play by his rules, then you're gonna have to pay the price.

You think water moves fast? You should see ice. It moves like it has a mind. Like it knows it killed the world once and got a taste for murder. After the avalanche, it took us a week to climb out. Now, I don't know exactly when we turned on each other, but I know that seven of us survived the slide... and only five made it out. Now we took an oath, that I'm breaking now. We said we'd say it was the snow that killed the other two, but it wasn't. Nature is lethal but it doesn't hold a candle to man.

You see? It's curious. Ted did figure it out - time travel. And when we get back, we gonna tell everyone. How it's possible, how it's done, what the dangers are. But then why fifty years in the future when the spacecraft encounters a black hole does the computer call it an 'unknown entry event'? Why don't they know? If they don't know, that means we never told anyone. And if we never told anyone it means we never made it back. Hence we die down here. Just as a matter of deductive logic.