Banks the prime target for cyber attacks 24 June 2015 3:51PM Beverley Head Banks are fending off three times more cyber attacks than other industry sectors, with their staff attracting particular attention from credential-stealing gangs.Analysis released today by Websense, which monitors internet traffic, has fingered the financial sector as attackers' favourite target. Rajiv Motwani, director of security research at Websense, said the financial sector had always been an obvious target "because that is where the money is."He said the sophistication of banks' technical response to the threat had increased markedly in the last few years, leaving employees as the weakest link. Websense's 2015 Financial Services Drill-Down Report shows that threats such as Geodo, which is email-transmitted malware designed to steal data such as customer credentials, which can be sold on the black market, were now widespread in the sector. Motwani said attackers typically conducted extensive reconnaissance of bank employees (this could involve visits to social networks or online searches to find out about their habits and preferences) in order to be able to then use the information to construct a credible email. When the employee opens an attachment or clicks on a link in that email, malware is downloaded which sends a copy of the email from that user's (authentic) email account to 20 more bank employees, from where the process can be repeated, potentially allowing Geodo to spread through a bank like wildfire, collecting credentials along the way. According to Websense bank employees are now subject to about a third of all "lure" attempts made by cyber criminals. It also found that credential stealing attacks involving tools such as Asprox, Vawtrack and Geodo were seen 400 times more often in the financial sector than any other markets. A report from the ACCC released last month similarly identified phishing scams, where people are sent credible seeming emails that fool them into clicking on dodgy links, opening infected documents, or even sending money directly, as a major problem across Australia. The ACCC found that online losses through such scams doubled in 2014 compared with the year before. Motwani said the financial sector needed to make "elevating the IQ of employees" a priority. Although technology was important in fixing the problem, "humans are the weakest link in the context of phishing developments," he warned.