Cyberattacks have become a real threat to the financial stability of countries. The banking sector has solidified its position as one of the main targets for cybercriminals due to its high potential for economic gains and access to confidential customer information.
In fact, during 2023, cyberattacks on the banking sector have increased by 53% compared to 2022. This is according to S21Sec, one of Europe’s leading cybersecurity service providers acquired by Thales Group in 2022, in its benchmark report, the Threat Landscape Report, which analyzes the evolution of cybercrime on a global scale.
As a result of the massive digitalization experienced by banking in recent years, cybercriminals have adapted their techniques to online banking systems, resulting in a total of 4,414 attacks on the financial sector globally in 2023, with 2,930 of them occurring in the second half of the year. This new online focus has caused a 40% decrease in attacks on ATMs in recent years.
Among the most commonly used attacks against the financial sector, S21Sec highlights the activity of malware, a type of malicious software designed to damage or exploit any network, device, or service. In the case of the banking industry, these attacks focus on collecting personal and banking information that could allow access to funds from accounts or even cryptocurrency wallets. Cybercriminals use various techniques to obtain this information, such as skimmers, web injections, malspam, or phishing emails.
Sonia Fernández, Head of the Threat Intelligence team at S21Sec, emphasizes the importance of the human factor in these types of attacks: “In most cases, it is people who click on the malicious link, allowing the cyberattacker to enter our device and start their operation. It is crucial to have global awareness around cybersecurity to ensure people’s financial stability, and the first step is to never access a URL without first contacting your bank,” the expert advises.
Danabot, ToinToin, and JanelaRAT: The Most Dangerous Active Malware for the Banking Sector
The company highlights the activity of one of the most active malware in the last six months of 2023, known as ‘Danabot’. This type of attack stands out for its use of web injections, a technique that allows the malware to modify or inject malicious code into the content of websites visited by users, often without their knowledge or consent. Danabot is frequently used for various activities, such as distributed denial-of-service (DDoS) attacks, spam distribution, password theft, cryptocurrency theft, and as a versatile bot for various purposes.
On the other hand, S21Sec highlights the presence of ‘JanelaRAT,’ a type of malware that primarily steals access credentials for banks and cryptocurrency wallets. The most significant credential-stealing features of this malware create fake forms when it detects a visited banking or cryptocurrency site, capturing mouse inputs, keystrokes, screenshots, and gathering system information to carry out the cyberattack. The distribution method used is emails containing a link that, once clicked, shows the user a fake page, automatically downloading the first phase of this malware, which will create a file through which it can remain on the device or website.
Another frequent attack has been the so-called ‘ToinToin,’ which is part of a sophisticated campaign that manages to distribute malware and achieve infection through several stages. The distribution of this type of attack is also carried out through emails containing a malicious URL from which a connection is established to start stealing information.