Now on Demand: Zero Trust Strategies Summit - Access All Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Banking Trojan Infections Plummeted 73% in 2015

Financial Trojan detections have registered a 73 percent drop in 2015 when compared to the previous year, a new report from Symantec reveals.

Financial Trojan detections have registered a 73 percent drop in 2015 when compared to the previous year, a new report from Symantec reveals.

According to the security firm, while detections have dropped significantly, the threat is still active and Trojans are becoming more advanced in terms of their capabilities. Furthermore, the company says that cybercriminals are increasingly targeting financial institutions via malware or through business email compromise (BEC) scams.

Symantec’s Financial threats 2015 whitepaper reveals that the primary distribution vector for financial fraud malware is via malicious attachments in spam email, and that adversaries continued to use Office documents containing malicious macros as droppers in 2015. 

Fortunately, Microsoft this week announced a new macro blocking feature in Office 2016 designed to counter the use of malicious macros to deliver malware.

Zeus (also known as Trojan.Zbot) was the malware responsible for the largest number of financial Trojan detections last year, with just under one million. However, it showed a significant drop from the 4 million infections registered in 2014, a continuation of a trend observed before, which suggests that criminals are moving to more current, financial malware families.

The drop in Zeus infections is said to be the result of a takedown operation conducted in 2014, similar to what happened in November 2015 with the Dyre group. Following law enforcement actions, the Dyre botnet has remained inactive, yet a similar operation conducted against Dridex in October was unsuccessful, with the Trojan achieving high infection rates only one month later.

In fact, the report also reveals that Dridex/Cridex, the second most used financial Trojan, more than doubled the number of infections year-on-year in 2015, while Dyre, the third in line, dropped to nearly half of them. Last year, Dridex targeted a total of 315 different institutions and was most active in May and June.

A total of 547 institutions in 49 countries were targeted by no less than 656 financial Trojans in 2015, Symantec’s report reveals. According to the security company, the average number of targeted organizations per sample was 93 in 2015, which marked an increase of 232 percent over the previous year.

Advertisement. Scroll to continue reading.

The two most targeted banks were located in the United States, being attacked by 78.2 percent and 77.90 percent of all analyzed Trojans, respectively. Next in line are two banks in the United Kingdom, with 69.36 percent each, followed by a US financial service group with 69.05, and another UK bank, with 68.45 percent of malware targeting it.

However, the geographical distribution of financial Trojans shows that banks in other countries are targeted as well, including Spain, Russia, Canada, Switzerland, Australia, Ireland, Germany, and India. In fact, while the US was the most targeted country, Germany and India came on the second and third positions, respectively, followed by Japan and the United Kingdom.

Some of the analyzed threats had a narrow geographical focus and were not distributed internationally, Symantec said. Such is the case with Shifu, which was found mainly in Japan last year, although it infected a very small number of computers in the UK, USA, and other countries as well. Shifu targeted a total of 16 financial institutions last year, Symantec says.

To increase their effectiveness, threat groups also started targeting mobile phone users, perfecting their malware to circumvent two-factor authentication systems to ensure successful credential theft. The Bankosy Trojan for Android is one such example, as it was designed to make even 2FA systems that use voice calls ineffective.

Cybercriminals behind financial Trojans used multiple attack methods, ranging from man-in-the-browser attacks to redirections, the whitepaper reveals. In terms of infection vectors, malicious emails (which included Office documents containing malicious macros as attachments) were preferred the most, followed by drive-by download sites, social engineering, and supply chain hacks, the whitepaper also reveals.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.