In late May, online security firm Trusteer, an IBM company, raised alarms about a new online banking Trojan it calls Zberp. According to Trusteer, more than 450 global banking institutions in the U.S., the United Kingdom and Australia have been targeted by this malware strain, which combines features from Zeus and Carberp, two well-documented banking Trojans.
Just days earlier, global cyber-intelligence firm IntelCrawler warned of new point-of-sale malware known as Nemanja, which had reportedly infected retailers in nearly 40 countries.
And news about recent evolutions in the mobile malware strain known as Svpeng also has caused concern. In May, Svpeng was found to have evolved from merely a banking Trojan to a malware strain equipped with a dual ransomware feature (see New Ransomware Targets Mobile).
But with so many alerts about new and emerging malware strains and attacks, how should banking institutions respond? It's a growing challenge for information and security risk officers because one of the keys to mitigating cyber-risks is differentiating new threats from older ones.
While banking institutions have to take all emerging threats seriously, they should take most alerts issued by security vendors in stride, says financial fraud expert Tom Wills, director of Ontrack Advisory, a consulting firm focused on payments innovations.
"It's mostly hype," he says. "Every time a new threat shows up in the media, this is the first filter I run. Mo...