Read: Transforming Back Office Operations with Intelligent Automation

The December 2023 OptionOne Cybersecurity Briefing

By OptionOne Technologies

We searched through the most popular cybersecurity websites to bring you the latest industry news, updates, and tips.

Cybersecurity Threat News

JavaScript Malware Targeted More Than 50,000 at Dozens of Banks

A new JavaScript malware has been detected, targeting over 40 international banks to steal users’ credentials, The Hacker News reported. The malware’s impact accounts for around 50,000 infected user sessions, spanning widespread geographic locations.

IBM Security Trusteer uncovered this campaign in March 2023. The campaign uses JavaScript web injections to compromise popular banking applications and steal banking information.

Security researcher Tal Langus stressed the severity of the situation, stating, “Threat actors’ intention with the web injection module is likely to compromise popular banking applications and, once the malware is installed, intercept the users’ credentials in order to then access and likely monetize their banking information.”

The malware, delivered via phishing emails or “malvertising,” specifically targets common page structures of several banks, altering the login page to incorporate malicious JavaScript capable of harvesting credentials and OTPs.

The malware’s behavior allows it to erase traces of injections, insert fraudulent user interface elements, and show an error message stating online banking services will be unavailable for 12 hours. This attempts to deter victims from logging in, allowing the threat actors to take control of the accounts.

The malware’s origins remain unclear, but indicators suggest a connection to DanaBot, a known stealer and loader family propagated via malicious Google Search ads, serving as an access vector for ransomware.

Threat Landscape in the Second Half of 2023 Dominated by AI and Android Spyware

According to a recent report in Infosecurity Magazine, the period between June to November 2023 saw a surge in malicious AI-related activities, with a new economy evolving around OpenAI API keys and the ChatGPT name. According to cybersecurity firm ESET, its telemetry blocked more than 650,000 attempts to access malicious domains, with names including ‘chapgpt’ or similar text, mimicking the ChatGPT chatbot.

In an alarming development, the report identified a significant rise in Android spyware detections, up by 89% compared to the previous reporting period. The primary reason seems to be the introduction of a third-party software development kit (SDK), SpinOk Spyware, into numerous legitimate Android applications. Consequently, SpinOk Spyware accounted for almost a third of all Spyware detections by ESET, earning it the seventh position in the Top 10 Android detections for H2 2023.

Lukáš Štefanko, a senior malware researcher at ESET, highlighted the risks associated with incorporating third-party technology into apps. He said, “The SpinOk case serves as a reminder for app developers about the need for caution when deciding to incorporate third-party technology into their apps…Ensuring the security of an SDK involves a series of steps, starting with a comprehensive investigation of the provider’s reliability.”

Hybrid Online Fraud Likely to Increase in 2024

Financial institutions and merchant services need to bolster their cybersecurity measures in anticipation of an uptick in hybrid online frauds in 2024, as per a report by CSO Magazine.

According to Recorded Future’s threat research division, Insikt Group, Hybrid threats involve cybercriminals using multiple methods to commit fraud. The report’s concerning findings reveal that in 2023, stolen cards led to $9.4 billion in fraud losses for card issuers and a potential $35 billion in chargeback fees for merchants and acquirers.

The report states, “Even more alarming is that fraudsters in 2023 increasingly used refined social engineering tactics (via phishing and scams) and sophisticated cyber-based tools and fraud schemes to bypass rules-based fraud detection programs and enact their fraud schemes.”

Interestingly, the report also highlights a 24% drop in card-not-present payment card records on dark web carding shops in 2022, followed by a recovery in 2023 after Russian authorities clamped down on cybercriminals.

Emerging trends indicate that cybercriminals are increasingly leveraging new techniques such as Google Tag Manager, Telegram Messenger, and attack-carrier domains to facilitate their attacks. Furthermore, the use of AI workflows for fraud schemes is expected to continue its upward trajectory in 2024, posing another significant challenge for organizations in their bid to prevent fraud.

Cybersecurity Tips

Opinion: CISOs Need to Make Cyber Insurers Their Partners

In a recent opinion piece in DarkReading, Rob Jenks, Senior Vice President of Corporate Strategy at Tanium, discusses the evolution and current challenges of the cyber-insurance industry in this comprehensive opinion piece.

Jenks emphasizes the rapid advancements in the field compared to traditional insurance sectors like life or property insurance and notes the industry’s shift from instinct-based premiums to a more data-driven, risk assessment approach. With an increasing number of claims and the risk concentration among certain policyholders, insurers have had to implement complex underwriting processes involving in-depth data collection and analysis.

Jenks points out the main challenge with this approach: the constant changes in IT estates which makes accurate risk assessment difficult.

“The trouble is that IT estates are in a constant state of flux throughout the policy period, which makes getting truly accurate and nuanced information via a questionnaire nearly impossible — even for organizations that are attempting to provide the most accurate and detailed information,” said Jenks.

Jenks concludes his piece by stressing the importance of partnerships between organizations and insurers. He proposes a solution rooted in radical transparency, where organizations willingly share electronically gathered metrics of their cyber posture, enabling insurers to better assess the risk.

He states, “The missing piece is establishing a way to measure risk that both sides are satisfied with so policy pricing can be based upon it.”

Jenks emphasizes that the shared goal should be risk reduction, with insurers providing valuable feedback and remediation advice based on their findings.

Thanks for Reading

That’s it for this month’s Cybersecurity Briefing. Contact us today to learn more about our services.