Financial professionals targeted by sophisticated 'keylogger' malware

Financial professionals targeted by sophisticated 'keylogger' malware
New computer viruses designed specifically for financial institutions can avoid attack, steal login information and hijack payment transfers.
JUN 06, 2018
The good news is that financial institutions are better than other industries at preventing malware and other hacker threats, according to a new report from cybersecurity firm Lastline. The bad news: that higher level of security is inspiring more sophisticated attacks. Lastline's analysis of malware samples found at all kinds of finance firms included an unusually large number of keyloggers, a type of malware that records keystrokes entered into a computer and sends username and password information out to a third party. (More: Finra: Firms begin to heed cybersecurity, but have much to do) Instead of phishing scams, which use a fake website page to convince victims to enter their information, keyloggers are programs downloaded, usually through an email attachment, and act in the background. Instead of information to one website, keyloggers can track every user name and password entered, and even gather answers to security questions. Andy Norton, Lastline's director of threat intelligence and author of the report, said one keylogger can result in 50 sets of stolen login credentials. "Keylogging is more bang for the buck for the attacker," Mr. Norton said. In particular, financial institutions are being targeted by two keyloggers, Emotet and URSNIF, which were designed specifically to operate undetected in a firm's technology, Mr. Norton said. These malwares, which infect a computer through a Microsoft Office document, can evade detection and hijack transfer payments. "They are aware of a financial system's back end," Mr. Norton added. "The malwares are built to survive in an enterprise security network." Lastline's analysis found that financial institutions faced 47% more malicious files than the global average, and 20% more of these advanced malwares. (More: This is the No. 1 cybersecurity threat to financial advisers, experts say) Mr. Norton's advice to advisers is to not simply rely on the cybersecurity provided by their home office, but to educate employees and clients on how to be safe online. As with phishing scams and other cyber-threats, advisers and clients both have to be vigilant in which websites they visit, who they share information with, and what they download. "If you understand what something is doing before you let it into your environment, you can have a higher level of resilience," he said.

Latest News

Advisor headcount down at Bank of America, Osaic and UBS so far in 2025, Wolfe Research analyst says
Advisor headcount down at Bank of America, Osaic and UBS so far in 2025, Wolfe Research analyst says

Counting advisor moves in and out of firms requires some art as well as science.

Carson Group's M&A head sees '10-to-15 year bull market' for RIAs
Carson Group's M&A head sees '10-to-15 year bull market' for RIAs

“I'm just a big believer that based on demographics alone, we are looking at a 10-to-15 year bull market in M&A in the RIA and independent wealth space,” said Michael Belluomini, SVP of M&A at Carson Group.

Nationwide finds Medicare myth on long-term care could cost Americans dearly
Nationwide finds Medicare myth on long-term care could cost Americans dearly

As a tsunami of retirees comes crashing in, three-fifths of those surveyed believe – wrongly – that the federal safety net will cover their LTC needs.

Fintech bytes: Orion, Altruist unveil new RIA-focused integrations
Fintech bytes: Orion, Altruist unveil new RIA-focused integrations

Orion's latest update, a partnership with 11th.com, focuses on an underserved area of compliance for advisors and wealth firms.

Raymond James reels in advisors managing $1B+ in Colorado
Raymond James reels in advisors managing $1B+ in Colorado

The latest arrivals, including a 10-advisor ensemble from Ameriprise, bolster the firm's independent contractor and employee advisor channels.

SPONSORED RILAs bring stability, growth during volatile markets

Barely a decade old, registered index-linked annuities have quickly surged in popularity, thanks to their unique blend of protection and growth potential—an appealing option for investors looking to chart a steadier course through today's choppy market waters, says Myles Lambert, Brighthouse Financial.

SPONSORED Beyond the dashboard: Making wealth tech human

How intelliflo aims to solve advisors' top tech headaches—without sacrificing the personal touch clients crave