The latest cybersecurity issue has been identified by IBM Trusteer. Here researchers indicate they have uncovered a massive fraud operation. This operation has utilized network of mobile device emulators to drain millions of dollars from online bank accounts in a matter of days.
What makes this attack one of concern is the way the attackers use data sources, scripts, and customized applications to create one automated process.
Looking at the issue for Digital Journal is Frederik Mennes, Director of Product Security at OneSpan.
Mennes explains that this issue “demonstrates the increasing need for a layered approach to mobile banking app security, consisting of multiple and complimentary security mechanisms for mobile apps.”
To safeguard financial operations, Mennes recommends: “the mobile banking fraud operation demonstrates the need for multifactor user and transaction authentication. The mobile banking apps that became victim of the fraudsters used static passwords to authenticate users and payments. Static, single factor credentials are extremely sensitive to phishing and should be replaced with multifactor authentication systems using dynamic authentication codes.”
As further measure, Mennes states: “Mobile banking apps should be protected against replication by using strong device identifiers. The attack demonstrates that weak, static device identifiers can easily be obtained by malware on mobile devices. Strong device identifiers, leveraging hardware features (e.g. Secure Enclave) of mobile devices, ensure identifiers cannot be simply obtained by malware.”
There are other activities too. Here Mennes states: “This massive fraud case demonstrates the need to protect mobile banking apps against execution on emulators. Emulators allow fraudsters to script and automate attacks, especially at large scale. Application shielding technology will allow a mobile banking app to detect that it runs inside an emulator and to prevent attackers from abusing it.”
Anti-malware is also a good practice: “The fraudsters have gathered mobile banking app credentials and device identifiers primarily via malware. Equipping apps with malware detection and response capabilities will obstruct the collection of this data, impairing the attack.”