Attacks Against Financial Institutions and Cryptocurrencies

Josep Albors/Ontinet

Banking threats are a classic among the malware families that we have observed for more than 15 years. In all this time we have seen how the criminals have switched from attacking only the online banking customers to directly attack the networks and systems used by the banks to send money between each other.

Despite this, banking malware is still an important threat to online banking customers, with new families of malware switching from the desktop to our mobile devices because that’s were most banking operations are done nowadays. Motivated by this new scenario, cybercrooks have developed some very interesting strategies to lure victims into their traps and steal their money.

Regarding this scenario we will provide a brief update on the BackSwap malware discovered last year by ESET Researchers Michal Poslusny & Peter Kalnai and the attacks launched against Spanish online banking users. Since this investigation was presented at last year’s AVAR there have been important updates, including Michal and me working along with the Spanish National Police to obtain information about the criminals and try to stop this campaign.

Moving to another scenario, attacks on ATMs and Point of Sale devices have evolved rapidly to become a serious threat. These systems don’t have the best (or any) protection and most of them run outdated OSes which makes it relatively easy for an attacker to gain access to them. From the old skimmer techniques to the remote-control tactics used by some modern malware, we will provide an update on the attacks to this devices, with some examples from Japan.

From the bank’s side, we have seen several examples of attacks launched against systems that have access to the SWIFT network in order to obtain large amounts of money in one blow. We will review targeted attacks that have been and are being used by the criminals and the TTPs of these attacks.

Finally, given the increasing importance of cryptocurrencies, especially in countries like Japan, we will provide an update on the threats that both the customers and the exchange services face nowadays.

November 8 at 10:30 - 11:00, Stage A

Josep Albors is the Head of Awareness & Research at He`s a security expert with more than 14 years working in cybersecurity and specialized in malware research. He is also the editor at and one of the experts writing at the WeLiveSecurity blog, besides from other publications related with the IT security world.

He has been a speaker at some of the most important security conferences in Spain, besides collaborating with initiatives such as X1RedMasSegura, that wants to raise awareness among users so they can use Internet and technology in a safe way. Included in social responsability, Josep also does awareness and cybersecurity presentations in schools and universities. He`s also a teacher in cyber security expert courses at UCLM and Extremadura University and participates in several conferences organized by several spanish universities and INCIBE (Spanish National Institute of Cybersecurity).

Josep has also collaborated with the Spanish Guardia Civil, Spanish National Police and the Spanish Army, teaching their units on how to fight cybercrime and with cyber intelligence training, contributing with his experience in analyzing cybercrime and malware.