TRENDS OF FRAUD OPERATIONS ON THE BANKING MARKET AND APPROACHES OF CYBERSECURITY AS-SESSMENT

O. Kuzmenko Doctor of Economic Sciences, Associate Professor, Head of the Department of Economic Cybernetics, Sumy State University, Ukraine ORCID ID: 0000-0001-8520-2266 N. Pilina Postgraduate student, Department of Economic Cybernetics, Sumy State University ORCID ID: 0000-0003-3381-5268 R. Pilin Postgraduate student, Department of Economic Cybernetics, Sumy State University, Ukraine ORCID ID: 0000-0003-1526-2583

of making an adequate organizational structure, educational work with staff in the field of information security and risk management, the use of modern technologies, creating an effective management system and decision-making. It is conducted a comprehensive analysis of the bank's customer service channels, most prone to cybercrime attacks. The investigation is stressed on restrictions designed to protect bank accounts from unauthorized access. The article contains a list of problems that may arise in the bank's customers when using the affected software, which forces banks to implement anti-fraud systems. It is considered the latest approaches to countering bank account attacks. The article contains malicious software (Ramnit, Trickbot, Ursnif, Gustuff, IcedID, IcedID, Panda, Zevs), which has affected banks in recent years, causing significant material damage. Modern approaches to the assessment of the information protection system in general and cybersecurity, in particular, are identified.

Formulation of the problem in general form and its relation to important scientific or practical tasks:
The relevance of the issue of the theft from bank accounts is beyond doubt. Attackers are developing ways to intrude banking systems, successfully neutralizing security programs, and appropriating considerable sums of money for themselves. According to experts, fraudsters get annually from 5% to 12% of gross income through misappropriation of money. World-famous companies claim corporate fraud as a phenomenon that exists in all countries around the globe. Damage resulting in increased expenses and decreased revenues is accompanied by the brand damage and loss of customers, which can further lead to the rating downgrade and even bankruptcy.
The number of cybercrimes is increasing every year. Therefore, the development of the information security industry is an important task both for the banking sector and for all companies with access to confidential information. Particular attention should be paid to securing data storage and data protection. Typically, malware is designed to gain access to personal, sensitive and other confidential information. Thus, in modern conditions of cybercrime develop-ment, the problem of developing and introducing information protection systems in the banking sector based on the active automation of its business processes is especially relevant and requires effective measures to solve it.
An analysis of the latest research and publications in which the problem is solved and which the author relies on, the selection of previously solved parts of the general problem to which this article is devoted: Analysis of peculiarities of development of financial and economic relations and active development and improvement of banking software product of functioning of market infrastructure allowed to distinguish some of the most explored factors of influence on security of banking software.
In the literature investigated software development of cybercriminals, which are created to interfere with banking software products. [1,2,3,4,5,6,7,8] The most widespread cyber-attacks on banks, on cloud-technology and the ideas of protection against them are considered. [9,10,11,12,13] Particular attention is paid to Trojan malicious banking programs. [14,15,16,17,19,20,21,22,23,24,25,26,27,28] To analyze research on trends of fraud operations on the banking market and approaches of cybersecurity assessment, a map of the scientific bibliography was formed using the software product vosviewer (vosviewer, 2020). It was based on data from publications selected in conjunction with cybersecurity and banking issues and generated in the Scopus database. By researching Figure 1, we can understand that cyberattac, computer crime and security problems is a long time problem and scientists are actively working to solve the problem. The map shows clusters of publications by keywords, which are also combined with the data. As a result, 4 clusters of keywords were identified, each of which was distinguished by a color different from the others.
Researchers examining banking and cybersecurity issues study them in conjunction with network security, computer crime, risks, information management, big data-these categories formed in the first cluster. The second cluster emerged blockchain, digital banking, fintech and cryptography, that means program-technology point of investigated issue. Turning to the analysis of the next third cluster we have to consider its direction on machine learning, algorithm, artificial intelligence, which stressed on business-analytics and business intelligence of the point. And the last claster are formed by such categories as artificial neural network, discrete wavelet transforms, classification which are based on mathematical background of the research.

The goals' formulating of the article (Problem statement):
To identify relevant trends in banking fraud and approaches to the development and implementation of cyber security measures.

The basic results of the researches with full justification of scientific results:
Today there are many problems in business and, accordingly, in the banking sector. Rating agencies annually publish the most anticipated threats for the current year. According to the forecasts of Protiviti Inc. in Executive Perspectives on Top Risks for 2020, [1, page 7] the main risks for business in 2020 will be the following problems: Top Risks for 2020 in business: 1. Impact of regulatory change and scrutiny on operational resilience, products and services 2. Economic conditions impacting growth 3. Succession challenges; ability to attract and retain top talent 4. Ability to compete with "born digital" and other competitors 5. Resistance to change operations 6. Cyber threats 7. Privacy/identity management and information security 8. Organization's culture may not sufficiently encourage timely identification and escalation of risk issues 9. Sustaining customer loyalty and retention 10. Adoption of digital technologies may require new skills or significant efforts to upskill/reskill existing employees (new in 2020) [2] Thus, cybersecurity and privacy issues are ranked 6th and 7th among the most anticipated 2020 issues. Among Short-Term Risk Outlook, cyber-attacks in the form of data and money theft are among the top five issues of 2019, according to the article The Risks-Trends Interconnections Map 2019 [3, page 12].
Cyber dependency is steadily increasing due to the digital interconnection of people, things and organizations. This, in turn, can lead to bilateral or multilateral disputes between states, which may transform into an economic one (such as trade/currency wars, nationalization of resources), military, cyber, social, or other conflict. Large-scale cyberattacks or malware cause major economic damage, geopolitical tensions, or widespread loss of trust in the Internet. In the Global Risks Report 2019, 14th Edition, which was presented at the International Economic Forum, cybersecurity has gained about 80% relevance among global threats. The data is presented in the chart Top Risks Expected to Increase in 2019.

Figure 2 -Top Risks Expected to Increase in 2019
This is a confirmation of the high level of the problem for business and the banking sector as a whole. In this part of the article, we consider the intrusion of cybercriminals into banking programs that contain confidential personal information of the client in the form of personal data, bank accounts, bankcard data, etc. Cybercriminals have at their disposal many software tools to commit illegal actions: viruses (classic file viruses, ransomware virus), Trojans, spies, hacking of an account, phishing, DDoS attacks, botnets, backdoor, worms, malware, rootkit, fraud, flood, etc. [4] Criminals also create programs using the latest machine learning technologies. [5] One of the options for spreading cybercrime is the involvement of the so-called insiders -employees who knowingly participate in fraudulent activities within the organization, have certain advantages, endowed with legal authority and can easily gain access to classified information. Practice shows that the success of an attack depends directly on the presence of an employee in the company, which facilitates its implementation.
The following table shows the percentage of various types of fraud of the total top five in US banks, New York, 2018.
Top 5 most common types of fraud in US banks, 2018. According to Federal Trade Commission, Consumer Sentinel Network. [6,7]  Thus, it is possible to conclude that more than half of all frauds in New York banks are credit card fraud and identity theft.
One of the ways to solve the issue of data protection in banks is to build a fraud-monitoring system. The quality of the cyber defense system is very important. It should not interfere with the work of the bank or company. The approach to the development of anti-fraud systems should be complex and cover the internal processes of the bank. It is very important to build an adequate organizational structure and to carry out educational work with personnel in the field of information security and risk management, to use modern technologies, build an effective management and decision-making model for incidents identified.
According to a 2017 survey, it takes about 214 days for a company to detect cyberattacks, and another 77 to resolve the problem. About 70% of attacks involve money theft, 26% focus on data theft. [8] Such a slow response to cyber threats can lead to significant material damage.
Currently, banks provide various types of customer service channels: mobile banking, Internet banking, ATMs, card payments, telephone service, and services at bank branches. Each individual option of working with a client's bank account is attacked by cybercriminals. Banks install anti-fraud systems to protect the system from attacks. It is important for the bank to choose a quality company that will develop and update the software, maintain the system in online mode, respond timely to unauthorized interventions, customer complaints, etc. This system costs a lot of money and requires constant investment to keep it running.
Certain limitations designed to improve service are a problem in banking anti-fraud systems. Such restrictions give only a temporary effect. Attackers easily bypass such limitations, but these limitations complicate access of an ordinary user to a bank account and actions with a card. The most common options for protecting an account from unauthorized access is user recognition by sending SMS with a unique code; limiting the number of purchases with one bank card by one user for a specified period of time; limits on the maximum amount of a single purchase by one user for a certain period of time; restrictions on the use of the number of bank cards by one user; limiting the number of users using bank cards that are tied to one bank account (family account); account history of purchases by bank cards, etc.
Restrictions may be imposed by each individual bank on its customers in order to protect users' funds and personal data. However, for clients, such a limit usually makes it difficult to access their own accounts.
We provide a list of the top malware for banks in the first half of 2019. Turning to malware in the banking sector we have to mention that Agent Smith is a virus that has replaced the Android application code on 25 million devices. As of August 2019, AgentSmit hit around 22,000 devices across Ukraine, highlighting the need and priority of problem identification and software development that can protect banks from such a strong cybercrime impact. [9,10] Anubis is a Trojan designed for Android mobile phones. It received additional features including the Remote Access Trojan (RAT) function, keylogger lock function, audio recording capability and various software features. It has been discovered and reported in hundreds of different Google Store applications. [11 Pandalab,про Anubis 12] Asacub is a mobile banker distributed via phishing SMS containing a link that downloads a Trojan APK to an affected device. Asacub was first introduced in 2015 as spyware. Currently, Asacub functions as a banker to collect information about the victim's bank account. It can distribute incoming SMS messages, revealing browser history and contacts, executing remotely sent commands, intercepting messages, switching off the phone or its screen. [13,14] Bancos -Bancos steals financial information by using logs to capture the victim's data as they are uploaded to the destination banking website. Bancos may also supplement or replace a webpage with fields for entering personal and logon account information into a fake webpage. [15,16] Emotet is an advanced, self-propagating and modular Trojan. Emotet used to be a banking Trojan and has recently been used as a distributor of other malware. It uses several methods to maintain stability and avoid detection. It can also be spread through phishing spam emails containing malicious tabs or links. [17] Ramnit is a banking Trojan that steals bank customer accounts, FTP passwords, session cookies, and personal information. [18] Trickbot is a dominant banking Trojan that is constantly replenished with opportunities, features and distribution vectors. This allows Trickbot to be flexible and customized malware that can be distributed through multi-purpose campaigns. [19] Ursnif is a Trojan that runs on the Windows platform. It is usually distributed through sets of exploits -Angler and Rig. It may steal information related to Verifone Point-of-Sale (POS) payment software. For this purpose, the Trojan communicates with a remote server to download the collected information and receive instructions. It then downloads the files to the infected system and executes them. [20,21] Gustuff is a Trojan Android banking introduced in 2019. It can target the customers of over 100 leading international banks, users of cryptocurrency services of popular websites and e-commerce markets. Gustuff can also create messaging files between Android and PayPal, Western Union, eBay, Walmart, Skype, and more. Gustuff may include a mechanism to use the Android Access Service to circumvent the security measures used by banks to protect against previous generations of mobile Trojans. [22] IcedID is a banking Trojan that first appeared in September 2017, and is typically used by other well-known banking Trojans to expand its distribution potential, including Emotet, Ursnif and TrickBot. IcedID steals users' financial data through redirect attacks (installs a local proxy server to redirect users to counterfeit clone sites) and web injection attacks (overlays counterfeit content on top of the original page in the browser). [23,24] Necurs is one of the largest spam botnets in 2016, consisting of approximately 6 million bots. Today, the botnet is used to distribute many variants of malware, mainly banking Trojans and spies. [25] Panda is a Zeus variant that is distributed through Exploit Kits. Since its development, Panda has focused on financial services in Europe and North America. A large-scale piracy campaign against Brazilian banks was registered before the 2016 Olympic Games. [26] Ginp is a bank Android Trojan created on the basis of Anubis Trojan that is used to collect and steal sensitive information. [27] The latest version of Ginp has the same capabilities as most other Android banking Trojans: sending, collecting, SMS forwarding; collecting contact lists; call forwarding; switching between C&C (Command & Control) servers; keeping track of all software installed on the affected device; hiding the application icon; prevention of removal; emulation-detection; the ability to overlay a fake page on top of legitimate banking applications and portals to obtain user credentials entered into fraudulent fields. [28] The conclusions of this research and perspective of further research in this area: Cybercrime is a global problem of our millennium. Cybercriminals have many options for banking software interventions, and are constantly developing new programs and upgrading existing ones. To combat cybercrime, banks are implementing information security systems that cost a lot of money. This reduces banks' profits and causes them to be constantly in a state of readiness for cyberattacks. Therefore, developing and implementing qualitative software is an important task for the banking system worldwide.
The publication contains the results of the taxpayer-funded researches: № 0118U003574 "Cybersecurity in the banking frauds enforcement: protection of financial service consumers and the financial and economic security growth in Ukraine", used in Sumy State University.