Story image

Banking Trojans plummet 73% – but don’t get comfortable

30 Mar 16

Financial Trojans targeting online banking services dropped by an ‘impressive’ 73% last year, but Symantec is warning that while that might be good news, there’s also bad news, with attacks becoming increasingly sophisticated.

Symantec attributes the decrease in threat detections in the past year to the highly successful takedown of the group behind the Dyre Trojan, and increased use of multi-layer protection by individuals and organisations.

The security vendor’s newly released Financial Threats 2015 report notes that while most attacks still rely on email, social engineering and man-in-the-middle browser manipulation through webinjects, the cybercriminals are becoming more savvy.

“The cybercriminals behind these threats have well-established methods to circumvent two-factor authentication and attack mobile banking,” the report says.

“We have also seen an increase in redirection attacks, where the victim is rerouted to a fake website that handles the manipulation of traffic sent from and to the client.”

Symantec says the trend of using Office documents containing malicious macros as droppers also continued in 2015.

The report says cybercriminals are increasingly moving beyond banking customers to target financial institutions directly.

“Once inside the financial institution’s network, the attacker can learn how to transfer money, issue fraudulent transactions, or orchestrate ATM machines to dispense cash,” the report says.

Another scheme becoming prevalent is what Symantec dubs the business email compromise scam (BEC), where the financial department of a company is convinced to carry out a transaction in favour of the attack.

“These BEC attacks do not involve malware and do not tamper with the online banking service, but instead rely solely on social engineering.”

shows 547 institutions in 49 countries were targeted by the 656 analysed financial Trojans, with the average number of targeted organisations per sample being 93 – a 232% increase on 2014.

Dridex was the fastest growing family of financial Trojans last year, with infections up 107%.

However, Zeus, along with all its variants, was again responsible for most of the financial Trojan detections. The Zeus family grew from 400,000 detections in 2012 to nearly four million in 2014, before dropping back to just under one million in 2015.

However, Symantec says there are some easy steps businesses and individuals can take to reduce risks.

Symantec’s top tips for mitigation:

  • Exercise caution when receiving unsolicited, unexpected or suspicious emails or phone calls
  • Keep security software and operating systems up to date
  • Enable advanced account security features, such as two-factor authentication, if available
  • Use strong passwords for all your accounts
  • Always log out of your session when done
  • Enable account login notification if available
  • Monitor bank statements regularly for suspicious activity
  • Notify your bank of any strange behaviour while using their service
  • Exercise caution when conducting online banking sessions, in particular if the behaviour or appearance of your bank’s website changes
  • Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that it’s a genuine email from a trusted source, don’t enable macros, instead immediately delete the email
  • Establish advanced authorisation business processes for transactions to avoid falling for BEC scams.
What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
"Is this for real?" The reality of fraud against New Zealanders
Is this for real? More often than not these days it can be hard to tell, and it’s okay to be a bit suspicious, especially when it comes to fraud.