SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Banking Trojans plummet 73% – but don’t get comfortable
Wed, 30th Mar 2016
FYI, this story is more than a year old

Financial Trojans targeting online banking services dropped by an ‘impressive' 73% last year, but Symantec is warning that while that might be good news, there's also bad news, with attacks becoming increasingly sophisticated.

Symantec attributes the decrease in threat detections in the past year to the highly successful takedown of the group behind the Dyre Trojan, and increased use of multi-layer protection by individuals and organisations.

The security vendor's newly released Financial Threats 2015 report notes that while most attacks still rely on email, social engineering and man-in-the-middle browser manipulation through webinjects, the cybercriminals are becoming more savvy.

“The cybercriminals behind these threats have well-established methods to circumvent two-factor authentication and attack mobile banking,” the report says.

“We have also seen an increase in redirection attacks, where the victim is rerouted to a fake website that handles the manipulation of traffic sent from and to the client.

Symantec says the trend of using Office documents containing malicious macros as droppers also continued in 2015.

The report says cybercriminals are increasingly moving beyond banking customers to target financial institutions directly.

“Once inside the financial institution's network, the attacker can learn how to transfer money, issue fraudulent transactions, or orchestrate ATM machines to dispense cash,” the report says.

Another scheme becoming prevalent is what Symantec dubs the business email compromise scam (BEC), where the financial department of a company is convinced to carry out a transaction in favour of the attack.

“These BEC attacks do not involve malware and do not tamper with the online banking service, but instead rely solely on social engineering.

shows 547 institutions in 49 countries were targeted by the 656 analysed financial Trojans, with the average number of targeted organisations per sample being 93 – a 232% increase on 2014.

Dridex was the fastest growing family of financial Trojans last year, with infections up 107%.

However, Zeus, along with all its variants, was again responsible for most of the financial Trojan detections. The Zeus family grew from 400,000 detections in 2012 to nearly four million in 2014, before dropping back to just under one million in 2015.

However, Symantec says there are some easy steps businesses and individuals can take to reduce risks.

Symantec's top tips for mitigation:

  • Exercise caution when receiving unsolicited, unexpected or suspicious emails or phone calls
  • Keep security software and operating systems up to date
  • Enable advanced account security features, such as two-factor authentication, if available
  • Use strong passwords for all your accounts
  • Always log out of your session when done
  • Enable account login notification if available
  • Monitor bank statements regularly for suspicious activity
  • Notify your bank of any strange behaviour while using their service
  • Exercise caution when conducting online banking sessions, in particular if the behaviour or appearance of your bank's website changes
  • Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that it's a genuine email from a trusted source, don't enable macros, instead immediately delete the email
  • Establish advanced authorisation business processes for transactions to avoid falling for BEC scams.