Malware threats on the rise as hackers target e-banking platforms

Malware targeting banking apps and websites on mobile devices are on the rise as the online transaction industry continues to evolve in Nigeria.

Fraud in the Nigerian payments system and also on a global scale has been on the rise over the past few years as technological advances continue to impact on the way we transact.

Internet banking as well as the ever increasing use of other electronic platforms has in one way or the other accelerated the growth of fraudulent activities in the country. Today, simply viewing a webpage, even a trusted bank’s home page, is enough to get a footprint on your device. Mobile browsers and applications are no exception.

“Internet banking actually accounted for a loss of about N3.2 billion to fraudulent transactions in terms of value,” a Nigeria Inter-Bank Settlement System (NIBSS) report stated.

Internet banking scored as the lead channel for perpetuating fraud in 2014, as it recorded the highest value lost to fraudulent activities.

Electronic fraud spurred by self-service banking and economic pressures and invigorated through technological advances has become a source of pain to almost too many homes in Nigeria.

Nigeria remains vulnerable to a multitude of online criminal activities, from financial fraud and malware distribution. The rising popularity of e-banking has made Nigeria a favourite destination for cyber criminals, who target online financial transactions using Malware.

“There is no doubt the growth in the use of electronic banking systems and e-commerce has brought about a parallel increase in efforts to defraud both individuals and corporate organisations, and thus cause tremendous financial loss,” said Abdulkarim Chukkol, head of the Advance Fee Fraud and Cybercrime Section, Economic and Financial Crimes Commission (EFCC).

According to Chukkol, some of the biggest threats Nigeria faces are phishing – targeting mostly local banks and their clients; unauthorised access to systems and the information they contain by insiders, service providers or consultants; and Malware distribution such as software and hardware key-loggers.

In the past year, the number of variants of mobile malware has exploded from several hundred to hundreds of thousands, if not millions. It comes in many forms, such as SMS grabbers that reroute multifactor identification, and it undermines security measures by even the most fortified institutions.

Today, it is safe to assume that standard multi-factor authentication and transaction monitoring can be compromised or bypassed by banking Malware. Because financial institutions sometimes use text messaging to verify that online transactions are initiated by a legitimate user, the infected mobile phones forward messages to the criminal, thwarting the bank’s two-factor authentication.

Popular low-cost Smartphone’s in Africa particularly Nigeria, have been found to contain non-removable Chinese ‘DeathRing’ malware threat. DeathRing is a Chinese Trojan inherent in various popular Smartphone’s across a number of Asian and African countries such as India, Taiwan, Vietnam, Indonesia, and Nigeria.

According to IT security company Kaspersky, mobile banking malware is now the biggest threat as cyber criminals believe this to be the quickest and most efficient way of stealing money from victims. In fact, malware infections in mobile devices increased by 25 percent last year, according to a study by Alcatel-Lucent’s Motive Security Labs.

Financial institutions in the West African region have lost as much as $5 billion in the past two to three years to cyber crimes, Akpan Ekpo, director-general of the West African Institute for Financial and Economic Management, said at a high level seminar on cyber security framework for the sub-region’s financial institutions held at the ongoing 2015 Spring Meetings of the International Monetary Fund (IMF) in Washington DC, USA.

Persistent use of legacy systems and the inability to accurately assess digital ‘footprints’ in cyberspace represent the most significant security threats to financial institutions in Africa.

Although Ekpo acknowledged that central banks in the sub-region had been proactive, achieving tangible results however had been difficult as perpetrators seem to be way ahead.

“Therefore, they have to keep training, they have to keep improving in their ICT and be proactive,” Ekpo told the participants, adding that “being equipped means being able to afford the resource to buy the necessary equipment to confront cyber fraud.”

 Dan Ojabo