With the rise of banking app usage during the pandemic, securing these apps and the connections they use is crucial. Employing an endpoint management system alongside antivirus solutions is vital for safeguarding financial organizations.
As tax season approaches in Egypt, Amir opens an email from a trusted bank asking him to submit his taxes. He downloads the attached PDF and clicks the links in the email, inadvertently downloading the Lampion trojan from an online server. This malware can access his computer’s disk details, open windows, clipboard contents, and banking credentials. The Lampion trojan employs anti-debug and anti-VM techniques, making it difficult to analyze.
These phishing emails are increasingly common, targeting the Middle East and the financial sector.
Meanwhile, in UAE, Khaled attempts to access his banking app on a corporate mobile device. The app, bearing his bank’s logo, requests access permissions for security reasons. Trusting the app, Khaled allows it to run with his credentials. This activates the Hydra trojan, which drops a DEX file and deletes it to avoid detection by antivirus software. The stolen credentials are sent to the dark web. The Hydra trojan can enable Wi-Fi, access contacts, and send messages over the internet.
Avira, an antivirus software company, discovered Hydra’s archive containing icons of almost every banking application, indicating that these banks are targeted.
Banks and banking applications are prime targets for hackers due to the valuable data and money they hold. Employees often access their banking apps via devices connected to the corporate network, posing a security risk. Educating employees about cyberattack trends and phishing emails is essential, but mistakes can still happen.
How Endpoint Management Can Safeguard Your Organization
1. Sandbox Your Browsers
Compartmentalize browsers to allow access to untrusted sites without affecting the organization or retaining data/downloads. This helps block web-based threats.
2. Block EXE Downloads
Use endpoint management solutions to block executable downloads, which often come with phishing emails.
3. Keep OSs Up to Date
Regularly apply OS updates and patches to all endpoints to prevent exploitation of vulnerabilities.
4. Restrict Applications
Allow access only to trusted sites and secure applications. Block untrustworthy applications and safelist trusted ones on laptops and mobile devices.
5. Employ a Self-Service Portal
Install applications only from recognized stores like Google Play. In office environments, use a software self-service portal to allow the installation of trusted applications.
6. Regularly Update Antivirus Software
Ensure antivirus software is up-to-date to avoid updated advertisements and the spread of trojans like SUNBURST malware.
7. Scan Regularly
Perform regular inventory scans to detect and remove malicious links or executables.
8. Run Antivirus Scripts
Run antivirus scripts before deploying software to ensure it is free from trojans.
Conclusion
The financial sector is a prime target for cyberattacks, and the consequences of a breach can be devastating. As we’ve seen with the Lampion and Hydra trojans, sophisticated threats continue to evolve, making robust security measures more critical than ever.
Endpoint management systems are a powerful tool in this fight, providing a layered defense that protects not only your sensitive data but also the reputation and trust you’ve built with your customers. By partnering with SanaTech GS, you gain access to comprehensive endpoint management solutions tailored to the unique needs of the financial sector.
Our expertise in ManageEngine’s Endpoint Central and Desktop Central ensures that your organization benefits from the latest technologies and best practices in endpoint security. Don’t leave your organization vulnerable to cyber threats.
Contact SanaTech GS today to learn how we can help you strengthen your defenses and protect your most valuable assets.