I. J. Computer Network and Information Security, 2022, 1, 25-39 Published Online February 2022 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijcnis.2022.01.03 Copyright © 2022 MECS I.J. Computer Network and Information Security, 2022, 1, 25-39 A Bayesian Attack-Network Modeling Approach to Mitigating Malware-Based Banking Cyberattacks Aaron Zimba Department of Computer Science and Information Technology, Mulungushi University E-mail: gvsfif@gmail.com ORCID: http://orcid.org/0000-0002-2587-106X Received: 06 April 2021; Accepted: 13 August 2021; Published: 08 February 2022 Abstract: According to Cybersecurity Ventures, the damage related to cybercrime is projected to reach $6 trillion annually by 2021. The majority of the cyberattacks are directed at financial institutions as this reduces the number of intermediaries that the attacker needs to attack to reach the target - monetary proceeds. Research has shown that malware is the preferred attack vector in cybercrimes targeted at banks and other financial institutions. In light of the above, this paper presents a Bayesian Attack Network modeling technique of cyberattacks in the financial sector that are perpetuated by crimeware. We use the GameOver Zeus malware for our use cases as it’s the most common type of malware in this domain. The primary targets of this malware are any users of financial services. Today, financial services are accessed using personal laptops, institutional computers, mobile phones and tablets, etc. All these are potential victims that can be enlisted to the malware’s botnet. In our approach, phishing emails as well as Common Vulnerabilities and Exposures (CVEs) which are exhibited in various systems are employed to derive conditional probabilities that serve as inputs to the modeling technique. Compared to the state-of-the-art approaches, our method generates probability density curves of various attack structures whose semantics are applied in the mitigation process. This is based on the level exploitability that is deduced from the vertex degrees of the compromised nodes that characterizes the probability density curves. Index Terms: Cyberattack, Crimeware, Banking malware, Bayesian network, GameOver Zeus. 1. Introduction Internet usage has today touched almost every area of our daily lives including the way we handle finances [1, 2]. Traditional ways of trading and marketing, both at personal and corporate levels, have been replaced by innovative Internet applications and online systems [3]. Banks in several countries have jumped onto the bandwagon to provide access to financial services through the Internet to customer accounts. The evident advantage of such online services is the convenience and elimination of expensive retail offices and bureaucratic paper transactions. More recently, mobile banking has emerged as a channel to provide various platforms for online banking. This in part is due to the increase in the number of websites from just one, the first ever-website in 1991 [4], to about 1.75 billion as of January 2020 [5]. In the same way, the number of Internet users has grown to about 4.4 billion [6]. This enormous number of Internet users has attracted cybercriminals who have evolved in their tactics. Just like street crime, which historically grew in relation to population growth, a similar phenomenon i.e., the evolution of cybercrime with increased Internet users and digital targets, is being witnessed today. In the same vein, cyberattacks have evolved from hobbies and self-gratification attacks [7] to financial-based crimes which pose a serious threat to today’s networks [8, 9]. Cybersecurity Ventures predicts that by next year (2021), cybercrime will cost the world about $6 trillion annually in damages [10] from half the value of $3 trillion in 2015. As such, the unprecedented damage caused by cybercrime to both private and public enterprises is driving up huge spending on Information Technology security. Cumulatively, global spending on cybersecurity products and services is predicted to exceed $1 trillion from 2017 to 2021 [11]. However, cybercrime is a culmination of different types of criminal activities that either target or use a computer as an instrument to further illegal ends. There are different types of cybercrimes each targeting a specific industry. The graph in Figure 1 shows the average annual cost of cybercrime by industry [12]. As can be seen from Figure 1, cybercrime in the banking industry represents the largest segment of cyber-attacks in the technology-connected world today. Unlike cyber-attacks in other industries, cyber-attacks in the banking industry are lucrative to cybercriminals in that the attacker is nearest to the monetary proceeds in the attack chain [13]. But even in financial cybercrime, attackers employ a variety of attack vectors to actualize attacks in the banking industry. Such