Fighting Coronavirus phishing and malware campaigns

  • Will LaSala, Senior Director of Global Solutions, Security Evangelist, at OneSpan

  • 20.03.2020 04:30 pm
  • Coronavirus , Fraud

It's not uncommon for cybercriminals to exploit surges in communications in order to lure consumers into unknowingly downloading malware or giving up sensitive, often financial, information. Last year hackers used heightened communications around new legislation like Strong Customer Authentication (SCA) and also annual events like Black Friday and Cyber Monday in order to obtain personal information which could then be used to commit fraud

We’re now seeing similar activity as cybercriminals exploit fears around the Coronavirus in an attempt to persuade victims into opening malicious attachments which they’re led to believe is information on how to stay safe from the outbreak.

There have been several cases already identified. A team of researchers at IBM X-Force identified a number of campaigns where opening attachments began silently installing an Emotet downloader. Likewise, Kaspersky announced they had found “malicious pdf, mp4 and docx files disguised as documents relating to the newly discovered Coronavirus. The file names imply that they include virus protection instructions, current threat developments, and even virus detection techniques.” Initially, these attachments were in Japanese, due to the country’s locality to the outbreak’s epicentre. However, as Coronavirus has spread around the globe, we’re seeing similar tactics used in other regions too.

 Its paramount that banks and financial institutions implement additional safety measures to protect both retail and enterprise banking customers from these coronavirus focused attacks.

Upgrade fraud detection systems

Banks and FIs should deploy machine learning-powered fraud detection systems in order to detect and block fraud attempts in real-time, without harming the customer experience.

Machine learning algorithms are capable of analysing vast amounts of data from a range of sources, such as device used, location, and transaction history. Additionally, machine learning algorithms can continuously monitor banking sessions and assess data points such as time of day, length of a session, and spending patterns. All of this information can be used to build up a detailed picture of an individual’s normal behaviour. Any abnormal behaviour that may be an attempt at fraud can be spotted in real-time, and additional security measures implemented.

Fraud detection systems powered by risk analytics and machine learning are also more adept at spotting early warning signs of phishing. The algorithms are able to determine the likelihood of the HTTP referrer being from a phishing page, which can be supplemented with expert rules put in place. These rules will dictate how the system should respond to phishing attacks taking place.

Expert fraud rules

In order to react to the rapid development and constantly shifting nature of fraud, FIs and banks need to adopt a dynamic approach to fighting fraud. This includes implementing expert fraud rules that can operate at different levels depending on the threat levels at the time. For example, right now, when there are likely to be an increased number of fraud attempts, fraud detection systems can be set to operate at lower levels of trust. The threshold for any fraud scoring models can also be adjusted so that it allows more false positives in an attempt to block more cases of fraud than let any slip through the net.

After the increased risk surrounding the coronavirus has diminished banks and FIs can readjust their systems back to their normal levels of fraud detection.

Beyond the coronavirus

Banks and FIs need to take precautions, not just during heightened threat periods. After the risk of attack has subsided, risk analytic technology can continue analyse individual transaction and better understand the fraud risk in real-time. The security mechanisms will improve their precision for detecting fraud as more data is collected, all of which is done without impact a user banking experience. For low transaction risk there is little to no friction, whereas additional necessary security steps are taken for transactions that are determined to be risky or abnormal.

Attackers always seek to launch phishing attacks that play on fear, like the ones we’ve seen recently. It is disconcerting that individuals or groups take advantage of these events, but the trend is unlikely to stop any time soon. That’s why it is imperative for fraud teams to have the most advanced capabilities and be able to respond effectively. This will allow them to stop phishing attacks, like these ones and others to come, in their tracks.

Other Blogs