Assessing the Role of Online Banking Characteristics in the Target Selection of Banking Malware

Master thesis (2018)

Authors

Samuel Samuel Natalius Technology, Policy and Management

Contributors

M.J.G. van Eeten (supervisor 1)

C. Hernandez Ganan (supervisor 2)

Mark de Reuver (supervisor 2)

S. Tajalizadehkhoob (coach)

Faculty

Technology, Policy and Management

Cyber security Banking malware Target selection Online banking Characteristics

More Info

expand_more

To reference this document use:

http://resolver.tudelft.nl/uuid:c0308b34-f6f4-46b1-9a23-14a12ef2ae38

Published Date

29-08-2018

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Technology, Policy and Management

Abstract

Understanding target selection is a step before making a suitable proactive measure to address the complex issue of banking malware in online banking landscape. Despite several previous studies, gaps in the research of target selection are still present like the lack of attention to the non-targeted entities, the presence of other potential factors and the change in the landscape itself. Seeking to address the gaps, this research is conducted to find out what characteristics related to online banking services can affect the likelihood of the malware attack to them. The research starts with literature review to identify characteristics which can potentially explain the target selection, in accordance to aspects of Routine Activity Theory (RAT). Next, data about malware attack and the list of banks as well as several external data like language and authentication factor of online banking were collected and processed for quantitative analysis. Several metrics to approach the actual attack count were proposed and other metrics were extracted from the data. Some interesting findings were captured, like, within the period February 2014 – November 2017, from 5,039 banks in the EU, 1,188 banks were without any online banking services and from 3,851 banks with an online banking service, 1,802 banks were found targeted and 2,049 not targeted. Some malware variants were also seen performing targeted attacks. Meanwhile, it is found from explanatory analysis that some characteristics maintain their significance in explaining the likelihood of attack, like the presence of English and two-factor authentication. Services offering English language were seen to be more attacked. Contrarily, services which implemented 2-factor authentication were found to receive fewer attacks, although more entities with such authentication were targeted. Meanwhile, some other variables were getting less significant when more controlling factors are taken into account, indicating that some variables were relatively more or less important than others. Future work is needed in order to enhance the model so that more plausible conclusion can be obtained, such as improving and adding more data as well as including more factors, especially those that are financial and market related.

Files

Thesis_Samuel_Natalius_4608380... (.pdf)

(.pdf | 3.04 Mb)

Thesis_Samuel_Natalius_4608380... (.pdf)

(.pdf | 0.801 Mb)