Banks under cyber-crime siege

The UK is second only to the US on the hit-list of cyber gangs using the rogue software SpyEye Trojan to purloin personal and banking information from financial institutions, according to a study.
Last month, Virgin Media became the first UK ISP to warn customers their PCs were infected with a virus when it sent letters to 1,500 customers, warning them they had been targeted by the software. It is claimed DIY cyber-crime kits can be bought on the Internet for as little as £10.
Some 60% of the SpyEye bots target customers of financial institutions in the US, followed by the UK (53%), Canada (31%), Germany (29%), and Australia (20%), according to security firm Trusteer. Other destinations targeted by more than 10% of SpyEye bots include Ireland, Italy, Spain, France, Portugal, Turkey, India and Russia.
And the study claims the problem is growing. In May, SpyEye added targets in the Middle East including Saudi Arabia, Bahrain and Oman. In June, financial institutions in Venezuela, Belarus, Ukraine, Moldova, Estonia, Latvia, Finland, Japan, Hong Kong and Peru were attacked.
One of the hallmarks of SpyEye is that it is designed to evade transaction monitoring systems that rely on detecting abnormal behaviour, with new versions released as often as every week.
Trusteer chief executive Mickey Boodaei said:”Some of the changes our risk analysis teams are seeing include some very significant improvements to the core SpyEye technology.
“The SpyEye author’s ability to rapidly react and improve the software should be a major concern to anyone who already is, and who may be, on SpyEye’s target list. The ability to react fast to SpyEye’s changes in pattern is, we believe, key to an effective fraud prevention architecture against this dangerous toolkit,” he added.
Virgin Media said it had been alerted to the malware infection by the Serious and Organised Crime Agency. The agency identified Virgin Media customers as targets while carrying out a wider investigation into cyber gangs.
In February, the Cabinet Office claimed cyber-crime costs the UK up £27bn a year; £1bn a year is lost due to loss or theft of customer data and £1.3bn goes thanks to direct online theft.

Related stories
Virgin customers get virus help
Cybercrime ‘costs UK £27bn’
£10 buys cyber crime toolkit