2. Avoid Using Public WiFi for Banking Transactions

            Wireless  networks  freely provided  in public spaces  like hotels and coffee  shops may present  an entry
            point for malware intrusion. Hackers piggybacking the connection can execute man-in-the-middle attacks
            to intercept online financial transactions.

            Unfortunately,  up to 20% of Americans  continue  to use public WiFi  for their banking-related  activities,
            exposing themselves to higher risks of attacks. A workaround is to use a VPN when connecting to these
            networks, as these systems encrypt data and protect sensitive information.


            3. Employ Strong, Unique Passwords

            Passwords are like the final piece to the cyberthreat puzzle. Once breached, hackers can initiate various
            forms of malware  attacks  on a user’s  online account.  Best practices  recommend  changing  passwords
            every three months,  ensuring  they are complex  enough  to limit the efforts of threat actors.  The rule of
            thumb is to create passwords containing over 16 characters with a combination of letters and numbers.

            4. Use Multifactor (MFA) Authentication

            MFA provides an extra security layer against malware threats by requiring additional forms of verification.
            This can prevent unauthorized access even if login credentials are compromised. However, this measure
            may  soon  become  ineffective,  as  more  sophisticated  threats  like  the  Chameleon  banking  trojan  can
            disrupt  biometric  authentication  operations,  highlighting  the  need  for  a  multifaceted  approach  to
            cybersecurity.

            5. Download Only Trusted Apps

            Kaspersky's  2023  Financial  Threats  Report  shows  mobile  banking  malware  has  increased  by  32%
            compared to 2022. This underscores the need for users to install apps from trusted sources only — the
            Apple App Store, Google Play or Amazon Appstore. Even so, many apps from these stores are not 100%
            failsafe, but at least they undergo some form of security screening before being listed.

            6. Be Cautious with Email Links

            Avoid clicking links or downloading  attachments  from unknown  emails to prevent phishing  attacks. For
            example, the Emotet trojan typically spreads through malicious email attachments disguised as invoices
            or shipping notifications.



            Don’t Fall Like the Trojans

            Banking  trojan  intrusions  have  become  more  frequent  and  complex  in recent  years.  The  best  way to
            protect  against  this evolving  threat  is to maintain  a robust security  posture  against  all  potential  attack
            surfaces.  This  means  employing  a  mix  of  cybersecurity  measures  and  best  practices.  Financial
            institutions  must step up their efforts to safeguard  their systems  by utilizing  the latest advanced  threat
            monitoring and analysis tools.






            Cyber Defense eMagazine – July 2024 Edition                                                                                                                                                                                                          74
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.