UK bank networks hijacked to spew botnet spam, BBC finds

Evidence fills the spam traps

Computers inside many of the UK's largest banks and building societies are being used to spew malicious botnet spam, research conducted on behalf of the BBC has shown.

Using research from the University of Delft in The Netherlands, security messaging firm Cloudmark and one unnamed organisation running spam traps, the BBC found that there were 20 spam 'incidents' connected to bank networks in 2013, slightly up from the levels seen in the preceding two years.

A separate cut on the data over the same period showed that the networks of seven banks were regularly sending out the gamut of spam from pump-and-dump stock scams to straight phishing lures.

Although it's not a major surprise that bank networks have been compromised in this way - the phenomenon of enterprise botnets is long established - research on the topic has been thin on the ground as researchers have tended to focus on more newsworthy threats such as Advanced Persistent Threats (APTs) and Android mobile malware.

"There should be no spam coming out of these networks," said Delft University's Professor Michel van Eeten. "If they are vulnerable to that you have to wonder what else they are vulnerable to. This might show they can fall victim to a targeted attack more easily because those are much harder to avoid falling into."

The BBC has not named the banks involved although coming up with a list of candidates would not be hard. When contacted, most banks had not wished to comment on the revelations, the BBC said. The few that did claimed the infected PCs were corporate computers not connected to the networks used for customer online transactions.

The danger, of course, is that compromised PCs and servers inside bank networks could also be used for purposes other than spam. Once a botnet has control of a PC it has effectively opened a temporary backdoor that can be used to attempt to compromise other systems

Separately, banks are still smarting from the attempted and foiled KVM raids publicised by police earlier this year. This showed that not all weaknesses in bank security are digital.

Trend Micro figures reveal that spam designed to steal online bank account credentials using phishing spam has recently surged to an all-time high. Banks are under attack but so are their customers.

Last week regulators and banks took part in a major security exercise, Waking Shark 2, designed to test the readiness of the UK's financial institutions to resist cyber-attacks. Designed as a high-level test, this was not focussed on how well banks cope with mundane, everyday problems such as bots or retail banking attacks.

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal TechsecurityCloudmark

More about BBC Worldwide AustralasiaCloudmarkKVMTrend Micro Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts