Financial institutions and their customers continue to be a target for cybercriminals. From JP Morgan Chase to the Bangladesh central bank heist, we continue to see targeted attacks aimed at the financial sector. Now, ESET has discovered new targeted attacks motivated by financial gain.
This week, ESET researchers illustrated how a new cybercrime group called RTM is relentlessly deploying complex malware targeting software used by businesses to make bulk transfers via the Remote Banking System (RBS).
As part of the research outlined in a detailed white paper ESET discovered that the malware—which targets businesses primarily in Russia and some surrounding areas—– leverages a full range of spying capabilities, including card reading, keylogging and real-time monitoring of banking-related activities.
The malware could also search for specific export files in accounting software used mainly in Russia, which may contain bulk transfer details used as an intermediary step in remote banking systems to execute payment orders. Since this text file can be modified by the criminals, they can make monetary gains off it by simply changing recipient account details. RTM and several other groups are actively and profitably targeting businesses in Russia; once they gain access, they move slowly to understand the network and develop custom tools to steal funds.
So what does all this mean for your business? Knowing and understanding the types of malware and the attack techniques being used by cybercrime gangs reminds us that cyberthreats are becoming increasingly sophisticated, and targeted attacks motivated by financial gain will continue.
ESET researchers note they didn’t see RTM activities outside of Russia and its neighboring countries. However, it is not uncommon for groups and malware to move from one region to the next.
That means core cybersecurity best practices—including ongoing education for employees and implementing tools like two-factor authentication (2FA), encryption and layered protection for systems and endpoints—remain a vital defense against cybercrime.
For enterprise financial institutions that want to leverage global intelligence, ESET Enterprise Threat Intelligence (ETI) provides a valuable early-warning system. ETI, based on data from more than 100 million sensors worldwide, gives security teams greater awareness of attacks targeting their business and enables more effective defense against malware campaigns.