Financial services firms are to remain the top targets for cyber-attacks in 2006, according to research from Counterpane and MessageLabs, which warns that hackers are starting to deploy more sophisticated tactics to bypass stronger authentication schemes
The study, which analysed key cyber-attacks across 15 industry sectors, found that nearly 30 per cent of total targetted scam attacks worldwide in 2005 were directed at the financial services sector.
This trend is set to continue in 2006, says the report's authors, who warn that hackers are engineering Trojan attacks and targeted scans to exploit weaknesses in the security posture of financial institutions.
Alex Shipp, senior anti-virus technologist, MessageLabs, says: "We have seen a Trojan program that did not have to trick victims out of revealing their password, but instead waited for the victim to check their bank balance and the Trojan then silently siphoned money out of the account. We expect this kind of activity to become more prevalent as banks move to stronger forms of authentication, as tactics typically change only when they need to."
In the past twelve months, cyber-criminals have moved away from deploying large-scale generalised attacks, like Blaster and Slammer, towards carefully engineered attacks calculated for precise outcomes, says Bruce Schneier, founder and chief technology officer of Counterpane.
"Today's attackers are smarter and stealthier," he contends. "They're much more likely to install spyware; they're more interested in making money."