Last week a leading internet technology security organization released a threat report identifying Automatic Transfer System (ATS) as a major hazard to online banking security. ATS is a program that allows cybercriminals to breach new bank security measures and completely drain victims’ bank accounts without a trace of criminal activity.
The report, written by Trend Micro Incorporated, also discussed who the ATS tool is used with SpyEye and Zeus malware to create what is referred to as Man in the Browser attacks. The attack does not even require the criminal to be online during a session, and can automatically transfer funds using the victim’s credentials without alerting the victim.
The report also points out that hacking attacks have been perpetrated against banks that use enhanced security measures, even those with daily account transfer limits, and two factor authentication through mobile phone text messaging. Most of these attacks have occurred in Germany, the United Kingdom, and Italy. No banks have reported attacks on banks in the U.S. but previous threats of SpyEye and ZeuS in America show that the U.S. is not immune to a possible attack.
Cybercriminals often first use tactics known as social engineering to get their foot in the door and steal credentials to use software such as ATS to transfer funds. Social engineering is the art of deceiving people. These hackers will often post malicious software that will automatically download to computers that access their websites. Often the websites will cover popular stories such as buzz worthy events including: natural disasters or highly anticipated product launches.
Although social engineering is a threat on any type of system, ATS is only a threat to computers running windows.