SUNNYVALE, Calif.—Cloud-based security firm Proofpoint is warning that malware-wielding hackers may be preparing to launch APT attacks against the largest U.S. financial institutions.
The hackers, who Proofpoint said speak Russian, have already stolen the credentials of 800,000 bank customers using “Qbot” malware that was installed on 500,000 consumers’ PCs. Proofpoint said that 59% of stolen credential are tied to the five largest banks, and that half of the infected PCs are running Windows XP. One contributor to the compromised machines: the banks didn’t require two-factor authentication.'
But the bigger issue, said Proofpoint, is that some of the compromised PCs are inside financial institutions' networks, meaning attackers could launch APT attacks from inside the banks’ firewalls.