Electronic Banking Threat - "GozNym" Malware
Ricardo Swire
Principal Consultant @ R-L-H SECURITY CONSULTANTS & BUSINESS SUPPORT SERVICES
Today’s data driven, highly distributive world, is shadowed by serious unseen security threats. When conducting virtual banking or e-banking be mindful that information and money are not totally secure. Online banking payment systems allow financial institutions' customers to engage a range of transactions, via the institution’s website.
Online banking systems connect to or are part of the core banking system operated by an institution. Cyber service contrasts traditional branch banking. Usually, to access a financial institution's online banking facility, a customer with internet access registers with the institution for e-service.
A password and other credentials, different from telephone or mobile banking and essential for customer verification, are issued. Customer number is not the same as account number. The customer number can be linked to any account the client controls. Such as cheque, savings, loan, credit card and others.
Types of electronic financial transactions available to clients include obtaining account balances, lists of latest transactions, electronic bill payments and money transfers. Most banks enable customers to download copies of statements. Some enable clients to download transactions, directly to accounting software.
The electronic portal facilitates ordering cheque books, statement requests, misplaced credit card reports, stop payment on a cheque, address changes and other routine actions. We should be cognizant that vulnerability piggybacks on technological customer service innovation. In 2013 the “Blackhole Exploit Kit (BHEK)” was credited with more than two point five million cyber breaches.
In 2015 malware stole twenty million financial records, worth billions of US dollars. Recently an IBM Security X-Force team based in Israel uncovered a new, disruptive malware. In April 2016 the computer gurus identified a Trojan Hybrid, spawned from “Nymaim” and “Gozi” ISFB malware.
Eastern European hackers, armed with professional programmer skills, created the software specifically for targeting customers and stealing money from financial institution accounts. Known as “GozNym” the two piece, multi layered, malware combination infects targeted computers and waits until users visit the financial institution’s website.
Caribbean banking entities should be mindful Nymaim Trojan component of GozNym has worldwide reach. During the last two years Nymaim Trojan was responsible for ransomware attacks, utilizing a personal generic locker on European, North American, South American and Caribbean campaigns. Gozi ISFB’s section of GozNym provides banking Trojan competences.
Cyber fraud is committed via infected Internet browsers. After GozNym enters a victim's computer it takes over the Web browser, in an attempt to collect online banking credentials and credit card numbers. GozNym also subtracts money from bank accounts, manipulating processes used for internet connectivity. GozNym injects its own data in a victim's Web browser.
The combination of GozNym's two predecessors formulate one better attack, rather than two individual assaults. GozNym is cloaked by high levels of sophistication. The Hybrid malware is invisible to standard Anti-virus programs. GozNym activates its Nymaim released Pony loader Trojan. Gozi ISFB is subsequently initiated and financial institutions defrauded.
Reports noted American, Canadian and European banks registered losses, of approximately US$4 million, to GozNym in one infestation. East European criminal hackers were clever enough to alter official online banking data. Accounts indicated full balances, although all cash was fraudulently cleaned out. GozNym focused attacks on twenty-two American banks, credit unions and well known e-commerce platforms.
Two Canadian financial institutions among victims. GozNym’s double encryption makes the malware a phantom. Personal Computer (PC) infections are triggered if users open septic email, masquerading as a security solution message or update. GozNym malware is extremely covert. The Hybrid malware’s Nymaim loader, modified with Gozi ISFB Trojan’s internet manipulation capability, initiates the online banking fraud attacks.