What kind of Cyber-Crimes are Commonly Perpetrated Against Banks?

A cyber attack is deliberate exploitation of computer systems, technology-dependent enterprises and networks. Cyber attacks use malicious code to alter computer code, logic or data, resulting in disruptive consequences that can compromise data and lead to cybercrimes, such as information and identity theft.

Cyber attack is also known as a computer network attack (CNA). Cyber attacks occurred targeting banks and broadcasting companies in South Korea on March 20.

The malware involved in these attacks brought down multiple websites and interrupted bank transactions by overwriting the Master Boot Record (MBR) and all the logical drives on the infected servers rendering them unusable.

It was reported that 32,000 computers had been damaged and the exact amount of the financial damage has not yet been calculated. More serious is that we are likely to have greater damages in case of occurring additional attacks, since exact analysis of cause is not done yet.

APT(Advanced Persistent Threat), which is becoming a big issue due to this attack, is not a brand new way of attacking, but a kind of keyword standing for a trend of recent cyber attacks.

In this paper, we show some examples and features of recent cyber attacks and describe phases of them. Finally, we conclude that only the concept of security intelligence can defend these cyber threats.

Electronic banking, with its inherent advantages for the banking industry as well as the customer, is an area with tremendous growth potential.

This field has also seen a corresponding increase in network security breaches, data thefts/loss, identity thefts and other white-collar crimes resulting in huge losses to the banking industry as well as the banking clientele.

Losses by the banking industry worldwide due to white- collar crimes are in billions of dollars and far outstrip conventional methods of bank robbery. The unprecedented speed at which net banking has evolved, the ubiquitous and global nature of open networks and the increasing reliance on information technology have all added up to provide an environment of enhanced security challenges.

Amendments in the IT act, banking regulations and the coming explosion in WAP are issues that need to be taken into account by the industry.

The terms computer crime, high-tech crime, digital crime, e-crime and cyber-crime can be used interchangeably with electronic crime.

E-crimes are essentially crimes where the computer is used either as a tool to commit the crime, as a storage device, or as a target of the crime. As a storage device, computers can either store information that will assist in the execution of the crime or information that is illegal for the owners to possess, such as stolen intellectual property.

Computers are classified as a target if the information that they contain is altered or retrieved in an unlawful way, such crimes can range from amateur hacking to terrorism. Perpetrators against banks can use several kinds of cyber-crimes.

The most common are outlined in Exhibit-1. Phishing (pronounced “fishing”) is growing rapidly. The Anti-Phishing Work Group (APWG) and the Federal Deposit Insurance Corporation (FDIC), both report that the financial services industry is the most commonly victimised industry.

In fact, APWG says banks are about four times more likely to be victimised than the second highest victimised industry.

where perpetrators will ask for information to serve their criminal intents. Often the spoofed uniform resource locator (URL or web address) will be similar to the real entity’s address.

According to the APWG, “the average time a spoofed site was online in 2004 was 6.2 days, and the longest was only 31 days.”

This trickery is facilitated by the fact that there is vulnerability in Microsoft’s Internet Explorer that fraudsters can use to make it appear that the victim is at one Web site (URL) when in reality he or she has accessed a different and bogus one. One possible countermeasure is to use an alternate Internet browser.