Trust. It’s something we implicitly place in our web browsers. In a recent instance, criminals reportedly worked to exploit that confidence — launching a malicious extension of Google Chrome aimed at stealing people’s online banking details. It’s a strong reminder that the criminal mindset is simple: attack the supply chain.
Perhaps, not the supply chain a banker often considers -- the one involved in the delivery of an FI’s online or mobile banking portal -- but one that customers interact with every day.
In the hacker lexicon, the malicious files briefly found inside the Google browser online app store are what’s known as a Trojan.
Similar to the wooden horse in Greek Mythology, the malware hides inside the seemingly legitimate-looking software. Crooks have even been known to first steal the credentials of developers’ behind widely-used applications to compromise an update, or release a new malicious product, entirely. This tactic has been used successfully to ‘side load’ malware onto Apple iPhones, overseas.
Brass tacks, once the trap is sprung, a banking Trojan often uses a keylogger to track vital strokes and capture their victim’s login credentials.
According to ArsTechnica, in this instance, the Trojan malware monitored all of a victim’s online activity. That included visits to specific pages where the extension was programmed to log Brazilian bank customers’ username and password information into a criminally-controlled forum.
Google removed the extension from its Chrome Web Store soon after the scheme was reported.
The takeaway: On the whole, the network defenses protecting customer information and company secrets inside FIs have become increasingly sophisticated.
In order to break past those digital defenses, malicious hackers attempt to find weak points. To beat them back, bankers have to think like attackers. Identifying their adversaries and their resources. Deciphering their Motives. The exercise, called threat modeling, is crucial to defending against our adversaries.
That starts with examining the tools — browser extensions, for instance — used by employees and customers (and don’t forget vendors). Just because something is outside of your network doesn’t mean it’s off-limits to hackers. They want what you have and will attempt to get it by any means necessary.