Fintech is one of the business sectors that needs cyber security the most – and needs it to be most effective. That’s because it’s a sector that, alongside the hardcore functional and ransom-worthy data that makes any business work, also potentially holds the financial data, and thus direct access to resources, of all its customers. Fintech and cyber security should go together like a lock and a key.
Unfortunately, cyber attackers know this as much as fintech companies do – which tends to make fintech companies a big prize for bad actors, and a big nightmare for insurers, because in the event a fintech organization suffers a bad cyber- attack, the implications have far more ripple effects than would be common outside the sector. In the fintech sector, there is more lucrative damage to be done by targeting the users of the technology, who may have significantly less stringent cyber security in place, than there is to target a fintech company. One malicious app, loose in the app ecosystem, can strip fintech users of their assets, leaving the fintech company with a reputation in tatters for failing to prevent the attacks.
Unleash Profitable Chaos!
This level of chaos and potential payoff inspires bad actors to create increasingly sophisticated ways to access everything from banks and neobanks to crypto wallets—and sometimes to do so in ways that don’t flag their activities until it’s far too late.
Ways like the new generation of SOVA banking Trojans, which will return in 2022 in a new upgraded form. When it first appeared in September 2021, it was able to target 90 different apps, hitting both financial and shopping apps, across the US and Europe, and harvest credentials by launching overlay attacks.
Now, less than a year later, it can infect 200 apps. It hides inside fake apps that use the logos of legitimate merchants like Amazon and Google Chrome, and can then scrape credentials at will. It’s made easier in the latest iteration of features that allow it to both take screenshots and record device screens. It can also retrieve data from your Binance and Trust Wallet accounts, including both passwords and seed phrases. And to deflect both automatic system checks and human suspicion, the Trojan uses its access to permissions to disable uninstall attempts and redirect users back to the home screen with the false message “This app is secured.”
The next generation threat
In addition to spreading its reach to even more apps, the next iteration of the SOVA Trojan is already expected to have a ransomware element, which will only deepen the need for cybersecurity to be at the forefront of the fintech world’s consciousness.
And of course the SOVA Trojan is just one of the many threats deployed by bad actors attracted by the high potential rewards of fintech. Blockchain hackers allegedly stole $1.3 billion in just the first quarter of 2022. The Binance smart chain ecosystem itself is $100 million more than it was at the start of 2022.
In fairness to the fintech industry, it is aware of the growing scale of the problem and is at least trying to develop mitigation measures. Many fintech companies – and the apps that connect them to their users – are learning from past mistakes and introducing multi-step authentication into their system, whether in the form of one-time randomly generated PINs or knowledge-based authentication (KNA), to avoid internal compromise of fintech systems. But it’s arguable that none of these are at the forefront of mitigating cyberattacks, as the former can be redirected, and the simple levels at which knowledge-based authentication typically operates means that these systems are easily compromised – especially in the event that the hackers have access to social Media.
Facial biometrics are also coming in as the next level of supposedly unbeatable security, and some fintech firms are using them, but the long cycle of development and deployment means there are already bad actors out there, working to spoof biometric scanners and circumvent the new technology before it really has a chance to become established as a safety standard.
Ways to win
Within fintech companies, work needs to be done, as there is in other sectors, to reduce the size of the window of opportunity for cyber hackers to compromise systems. Rigid password policies, using the most up-to-date password managers, forced use of VPNs for remote employees, to make hacking more difficult, server-side software to interrogate rogue links and downloads before allowing them to deposit malware on computers and systems, etc. These are all in the basket of practices advocated by cyber security experts in the wake of the recent Mobile Security Index report which showed a 22% increase in cyber attacks in 2021.
But when it comes to the apps fintech companies use to attract and retain users, the devil is in the length of the development and deployment cycle. Traditional pre-release security testing is now more or less bunk, as it delays release cycles and gives the cyber attacker the same lead time to develop ways around a supposed end product. A new security culture-oriented development process known as DevSecOps may offer some hope against the likes of the next iteration of the SOVA Trojan, by testing bits and pieces of development (like an anti-Trojan app upgrade) as the process progresses, rather than lumping all the tests together at the end of the development process.
The bottom line, however, is little substitute for user awareness and caution. Whether it is within the fintech companies themselves or among the user communities, it is critical to advocate strict protective behaviors and educate people who may act as random entry points for a cyber attack about the dangers and the mitigation approaches. next to some technological approaches to the fight.
