Digital Mugging: What Financial Institutions Need to Know About the Targeting of Cryptowallets

The cybersecurity outlook for financial institutions would seem to be bright. Out of necessity, banks have improved their ability to detect and prevent malware and fraud. There’s also been a consistent decline in Trojans targeting bank transactions and wire transfers. These transfers now have additional regulations and security, and because they’re easier to trace, criminals are not as enthusiastic to attempt this crime.

Banking regulators in the U.S. are also upping their game. In November, they finalized a rule requiring banks to report all major cybersecurity incidents to the government within 36 hours of discovery.

Of course, bad actors are still very interested in stealing people’s money. It’s just that now, we’re seeing a change in what they’re focusing on. And as we move into 2022, cryptocurrency and digital wallets will become even more attractive targets for the bad guys.

Digital wallets, digital mugging

As mentioned, hijacking wire transfers has become increasingly difficult for cybercriminals as financial institutions encrypt transactions and require multi-factor authentication. But digital wallets can sometimes be less secure – and they are a much bigger market. It’s akin to the difference between a digital bank robbery and a digital mugging.

Digital wallets have gained ground quickly. McKinsey & Company’s 2020 Global Payments report found that while 50% of monetary transactions were cash-based in 2010, a decade later it’s dropped to 28%. Digital wallet use in North America is expected to increase by almost 50% by 2025. The Federal Reserve is even working to create its own digital currency.

Though individual wallets typically don’t yield as much reward, this could change as businesses increasingly use digital wallets as currency for online transactions. As this happens, it is probable that more malware will be designed specifically to target stored credentials and to empty digital wallets.

Malware focusing on crypto wallets

As an example, FortiGuard Labs researchers recently documented a new phishing threat that uses a phony Amazon gift card generator to steal cryptocurrency. This malware monitors the victim’s clipboard for wallet addresses and replaces them with the attacker’s wallet. It also uses fake documents in an attempt to trick victims into giving their credit card numbers, credentials for online shopping sites, home addresses and other confidential information.

Another phishing campaign detected last summer included malware designed to steal crypto wallet information and credentials from a victim’s infected device. And ElectroRAT targets digital wallets by combining social engineering with custom cryptocurrency applications and a new Remote Access Trojan (RAT) to target a variety of operating systems. These are just a few examples; we definitely expect to see more.

Getting ahead of the problem

The distribution of Endpoint Detection and Response (EDR) technology is the best strategy for securing digital wallets. That’s because endpoints are still the main point of risk for most organizations. However, many still only use antivirus or even off-the-shelf endpoint security solutions to defend their assets. Advanced attacks that compromise the endpoints may happen in just minutes – if not seconds. Legacy endpoint detection and response (EDR) security tools simply cannot keep up. They require manual triage and responses that are not only too slow for fast-moving threats, but they also generate a huge volume of indicators that burden already stretched cybersecurity teams. Further, first-generation EDR security tools increase the cost of security operations and can slow network processes and capabilities, which negatively impacts business.

To be truly effective, EDR solutions should combine AI-enhanced behavioral anomaly detection and advanced kernel protection to block malicious behaviors like triggering a malware payload or contacting a C2 server, interrupting an attack before it can succeed.

Prepare to protect

Now that it’s harder to hijack wire transfers, cybercriminals are training their sites on digital wallets. We’re already seeing malware designed specifically to attack these wallets, which businesses are adopting in larger numbers. This then becomes a greater concern for those businesses’ financial institutions and all banks in general. No one can stem the tide of cryptocurrency and digital wallets, so all banks must update their cybersecurity posture to protect them. Modern EDR helps defeat cyber muggers from stealing digital wallets and should be included in the security framework of financial institutions.

By Renee Tarun, Deputy CISO at Fortinet

If you would like to attend a free Banking Exchange webinar on Generation Z Banking, Please click to register on the link below. The event will take place on February 24. Thank you for supporting Banking Exchange.
https://event.on24.com/wcc/r/3624294/28B5F8B441274C617360F751DDB26A99?partnerref=BankingExchangeStory