Safety gaps in online banking security systems exposed

Mobile Pnone Shopping Online With A Debit Card
Banks have ‘concerning vulnerabilities’ in security that could leave their customers exposed to fraud, according to an investigation by Which? Photo: Getty

Safety gaps in the online banking security systems of some of the UK’s biggest banks have been exposed by a new investigation by consumer group Which?

Banks have “concerning vulnerabilities” in security that could leave their customers exposed to fraud, according to the investigation by Which? and independent security experts 6point6.

The investigation looked at four main criteria: encryption, login, account management and navigation.

Tesco Bank (TSCO.L) received the lowest rating for online security in Which?’s testing, with an overall score of 46%.

Multiple security headers were missing from its webpages, the investigation found. Security headers protect customers against a range of cyberattacks, by telling users’ browsers how to behave when they communicate with the website.

Tesco Bank also failed to block testers from logging in to its website from two computer networks at the same time and also did not log out when switching to a different website or using the forward or back button to leave the session and return to it.

READ MORE: Brits to spend 19 million hours on tax returns

Tesco Bank told Yahoo Finance UK: “The security of our customers’ accounts is always our top priority. Customers can be assured we have robust security measures in place to protect them and their money. Not all of these controls are obvious or visible to customers, but each of them serves to protect customers and all are in line with industry standards.

“We use the latest technology to protect and manage the security of Online Banking and our Mobile Banking App and all our controls are constantly reviewed to ensure they remain fit for purpose, giving customers peace of mind they can bank safely and securely with us.”

TSB finished second from bottom in the ranking with a score of 51%. The bank’s login process did not meet new regulations on “strong customer authentication” (SCA), introduced in March, the research found.

Which?’s ranking for online banking security. Photo: Which?

When Which? reported TSB’s non-compliance to the Financial…


Beware! Hackers Using New Amazon Gift Card Scam to Infect Devices with Banking Malware

With movement restrictions and lockdowns due to the COVID-19 pandemic, millions of people have preferred to shop online during the holiday season. Cybercriminals, however, are taking advantage of that situation with scams and malware targeting online shoppers. Among those, an Amazon gift card scam has attracted the attention of cybersecurity researchers as it could not only cost you money but also make your device vulnerable to hacking.

Discovered by cybersecurity research firm Cybereason, the scam is targeted to people in Europe and the US. As many people are staying home, gift cards have become a popular tool to present to loved ones during Christmas. However, one such “too good to be true offer” is designed to serve Dridex banking trojan.

“Both cybercriminals and nation-state threat actors alike find and exploit trending circumstances in order to leverage a given situation to infect unsuspecting victims, such as the holiday season, the ongoing COVID-19 pandemic, or both of them combined,” Daniel Frank, a cybersecurity researcher at Cybereason said in a blog post.

Cybercriminals are sending spoofed emails pretending to give out $100 Amazon gift card

Dridex Malware

The malware is delivered by phishing attacks through a spoofed email that reads, “We are delighted to enclose a $100 Amazon gift card as our way of saying Thank You.” The email also contains Amazon order date and number. However, the email comes with a malicious word document or screensaver file attached. After downloading the attachment, the users are redirected to Amazon’s legitimate webpage, “gaining more credibility with the victim.”

Once the user opens the document, it prompts to run a malicious macro. After enabling the macro, it shows a fake error message “Word experienced an error trying to open the file”. But in reality, a Windows PowerShell script runs in the background to serve the Dridex malware.

Phishing email
The phishing email contains a word file to serve Dridex malware that can steal banking credentials

Apart from spoofed emails, hackers are also using a second delivery method involving screensaver files (with .scr extension). Using SCR to infect devices has gained popularity amongst hackers as it…


`SC Korea to roll out high-security mobile banking service

The Seoul-based branch, a wholly owned subsidiary of London-based Standard Chartered said the mobile banking services will have 5G quantum security technology applied, a first for a commercial bank here.

The services will be offered to users of the Samsung Galaxy A Quantum smartphone, in which a quantum random number generator (QRNG) chipset is embedded, offering the strongest level of encryption and protection.

SK Telecom, the country’s largest mobile carrier, will be sole provider of the android-based mobile phone that offers the services.

QRNG is a technology that creates unpredictable quantum random numbers without patterns by utilizing the characteristics of protons.

This technology in theory greatly improves security by using the most complete random number to generate cryptographic keys, allowing more secure encryption of customer information.

Customers with Galaxy A Quantum handsets can as a result make financial transactions safer, such as opening accounts and transferring money through the mobile banking app.

“The most important factor for customers who use mobile financial services through online channels is security that protects the safety of transactions,” said a Standart Chartered Bank Korea official said.

“We will continue to play a leading role in customer convenience and digital innovation as well as customer information protection through partnerships with various finctech firms.”

Meanwhile, SK Telecom is discussing with various smartphone manufacturers about incorporating QRNG chipsets in their devices.

The bank will offer the services to such smartphones.

Led by CEO Park Jong-bok, the Korean branch reported a net profit of 900 million won ($813,000) in the third quarter of 2020. The figure for the first nine months was 182.9 billion won.


Kaspersky discovers Ghimob banking malware targets mobile users worldwide – Back End News

When monitoring a Windows campaign from Guildma banking malware, Kaspersky researchers found URLs distributing not only a malicious .ZIP file for Windows, but also a malicious file that appeared to be a downloader to install Ghimob, a new banking Trojan.

Upon infiltrating Accessibility Mode, Ghimob can gain persistence and disable manual uninstallation, capture data, manipulate screen content, and provide full remote control to the actors behind it. According to experts, the developers of this “very typical” mobile Remote Access Trojan (RAT) are heavily focused on users in Brazil but have big plans to expand across the globe. The campaign is still active.

“Latin American cybercriminals’ desire for a mobile banking Trojan with a worldwide reach has a long history,” said Fabio Assolini, security expert at Kaspersky. “We have already seen Basbanke, then BRata, but both were heavily focused on the Brazilian market. In fact, Ghimob is the first Brazilian mobile banking Trojan ready for international expansion.”

Kaspersky explains threats in APAC’s manufacturing industry

Kaspersky’s report shows phishing rampant on social media, messaging apps

Guildma, a threat actor, which is part of the infamous Tétrade series, known for its scalable malicious activities both in Latin America and other parts of the world, has been working actively on new techniques, developing malware, and targeting fresh victims.

Spying on 153 mobile apps

Its new creation — the Ghimob banking Trojan — lures victims into installing the malicious file through an email which suggests that the person receiving it has some kind of debt. The email also includes a link for the victim to click on so they can find out more information. Once the RAT is installed, the malware sends a message about the successful infection to its server. The message includes the phone model, whether it has lock screen security, and a list of all installed apps that the malware can target. In total, Ghimob can spy on 153 mobile apps, mainly from banks, fintech companies, cryptocurrencies, and exchanges.

When it comes to functions, Ghimob is a spy in the victim’s pocket. Developers can remotely…