sb-as logo
Story image

Banking Trojans plummet 73% – but don’t get comfortable

Financial Trojans targeting online banking services dropped by an ‘impressive’ 73% last year, but Symantec is warning that while that might be good news, there’s also bad news, with attacks becoming increasingly sophisticated.

Symantec attributes the decrease in threat detections in the past year to the highly successful takedown of the group behind the Dyre Trojan, and increased use of multi-layer protection by individuals and organisations.

The security vendor’s newly released Financial Threats 2015 report notes that while most attacks still rely on email, social engineering and man-in-the-middle browser manipulation through webinjects, the cybercriminals are becoming more savvy.

“The cybercriminals behind these threats have well-established methods to circumvent two-factor authentication and attack mobile banking,” the report says.

“We have also seen an increase in redirection attacks, where the victim is rerouted to a fake website that handles the manipulation of traffic sent from and to the client.”

Symantec says the trend of using Office documents containing malicious macros as droppers also continued in 2015.

The report says cybercriminals are increasingly moving beyond banking customers to target financial institutions directly.

“Once inside the financial institution’s network, the attacker can learn how to transfer money, issue fraudulent transactions, or orchestrate ATM machines to dispense cash,” the report says.

Another scheme becoming prevalent is what Symantec dubs the business email compromise scam (BEC), where the financial department of a company is convinced to carry out a transaction in favour of the attack.

“These BEC attacks do not involve malware and do not tamper with the online banking service, but instead rely solely on social engineering.”

shows 547 institutions in 49 countries were targeted by the 656 analysed financial Trojans, with the average number of targeted organisations per sample being 93 – a 232% increase on 2014.

Dridex was the fastest growing family of financial Trojans last year, with infections up 107%.

However, Zeus, along with all its variants, was again responsible for most of the financial Trojan detections. The Zeus family grew from 400,000 detections in 2012 to nearly four million in 2014, before dropping back to just under one million in 2015.

However, Symantec says there are some easy steps businesses and individuals can take to reduce risks.

Symantec’s top tips for mitigation:

  • Exercise caution when receiving unsolicited, unexpected or suspicious emails or phone calls
  • Keep security software and operating systems up to date
  • Enable advanced account security features, such as two-factor authentication, if available
  • Use strong passwords for all your accounts
  • Always log out of your session when done
  • Enable account login notification if available
  • Monitor bank statements regularly for suspicious activity
  • Notify your bank of any strange behaviour while using their service
  • Exercise caution when conducting online banking sessions, in particular if the behaviour or appearance of your bank’s website changes
  • Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that it’s a genuine email from a trusted source, don’t enable macros, instead immediately delete the email
  • Establish advanced authorisation business processes for transactions to avoid falling for BEC scams.
Story image
Interview: How cyber hygiene supports security culture - ThreatQuotient
We spoke with ThreatQuotient’s APJC regional director Anthony Stitt to dig deeper into cyber hygiene, security culture, threat intelligence, and the tools that support them.More
Story image
Creating private data regulations for employees
Whether employees are hired on a part-time or full-time basis, everyone must know about data privacy regulations. Everyone needs to be responsible for keeping the organisation’s data secure. More
Story image
Revealed: Imperva publishes research on decade old botnet, responsible for millions of attacks
Imperva Research Labs has revealed findings of a six-month intensive investigation into a botnet that has been exploiting CMS vulnerabilities.More
Story image
Why organisations should wise up to the DDoS extortion trend
While it is essential to have a DDoS mitigation solution in place, it’s also important to test that it works as expected, writes NCC Group director of technical security consulting for Asia Pacific Tim Dillon.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
Experiencing ransomware significantly impacts cybersecurity approach
"The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyber threat awareness."More