Fraud attacks originating from fake banking apps almost trebled in the first six months of 2019. Banks need to take a layered approach to manage the risks.
Repackaging prevention is one out of many security layers in Promon’s In-App Protection software. Detecting whether an attacker has duplicated your banking app and injected malicious functionality into it is of great importance. If repackaging is detected, Promon SHIELD™ will render the corrupted app inoperable.
Fake apps are a major threat to banks
According to RSA Security, online fraud attacks originating from fake apps that appear to belong to legitimate banks almost trebled in the first six months of 2019. Fake apps are a major threat to banks. The ease in which malicious players can download an app, alter the code and re-package it for an app store has helped established fake apps among today’s biggest cybersecurity threats.
RSA detected 140,344 fraud attacks during the first six months of the year, up from 86,344 in the last six months of 2018. 29% of these attacks came from fake mobile apps as cybercriminals capitalize on consumer trust in legitimate brands as a channel to commit fraud.
“The digital transformation of finance is well underway, and yet this transformation is a double-edged sword”, said Daniel Cohen, RSA FRI unit director. “While digital has created opportunities for organizations to improve customer experience, it also introduced new digital risks that need to be managed.”
Spending money has never been easier
RSA highlights the dramatic increase in digital touchpoints, through initiatives such as open banking, as an important driver. More touchpoints give fraudsters access to a larger attack surface.
“From one-click payment buttons to mobile apps from our favorite retailers, spending our money has never been easier,” said Cohen. “The fact that fraud via fake mobile applications tripled in the first half of 2019 is a testament to how perpetrators will constantly seek out weak points by exploiting consumers’ growing trust in mobile apps.”
The threat of fake apps, alongside adversarial AI and increasingly sophisticated IoT attacks, was given a special mention in Avast’s annual Threat Landscape Report back in January. RSA’s recent findings back up security firm ImmuniWeb’s report in August, finding that 97% of all financial services apps they tested had at least two medium or high-risk vulnerabilities. ImmuniWeb also reported that 56% of mobile app backends had serious misconfiguration or privacy issues relating to SSL/TILS configuration and inadequate web server security hardening.
The fake app challenge is a global one, but there are proven ways to confront it. “To keep pace with constantly evolving tactics, banks need to take a layered approach to proactively manage the risk of fraud across all channels,” said Cohen.