sb-nz logo
Story image

TrickBot malware ramps up attacks against ANZ financial firms

01 May 2017

Attackers behind the TrickBot Trojan have been taking their tactics to the next level, researchers from IBM X-Force have uncovered.

Recent attacks against Australia, New Zealand, the UK, Ireland, Germany and the US indicate that attackers have been adding new redirection attacks specifically targeted towards financial institutions that other attackers generally don’t touch.

Attacks against Australia, New Zealand, the UK and Germany became most active in April, when the number jumped from 1-3 major campaigns per month to five campaigns in April alone.

The new targets include private banks, private wealth management firms, investment banking, retirement insurance and annuity companies.

Researchers note that the TrickBot has even targeted a bank that complies with Sharia law - which is odd because the law prohibits such things as interest fees and some types of business investment as part of Islam.

IBM X-Force believes that TrickBot operators are using the countries as a base for increasing spam runs with the aim of infecting more endpoints. The attackers may then move into an attack phase. “In terms of its attack types, TrickBot is quite similar to Dyre. Its signature moves are browser manipulation techniques that enable the malware to implement serverside webinjections and redirection attacks,” researchers say in a blog.

The malware works by deploying a browser-hooking technique that intercepts HTTP traffic before it is displayed to the user.

Researchers also expect that TrickBot will eventually become a powerful financial malware family; even as popular as the Dridex Trojan.

The Dridex Trojan is well-known for targeting the financial organisations.It currently accounts for 11% of financial malware attacks, well behind the Zeus, Gozi and Ramnit malware.

According to researchers 39% of TrickBot attacks affected the UK, 33% affected Germany and 3% affected New Zealand.

Story image
The best DDoS protection depends on the use case
On-demand, always-on and hybrid models provide different services for different needs, writes Radware product marketing manager Eyal Arazi.More
Story image
Palo Alto Networks advances attack surface management with Expanse
"By integrating Expanse's attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organisation's attack surface with an inside view to proactively address all security threats."More
Story image
Dark net vendors wanting Bitcoin payments for unverified COVID-19 vaccines
As the medicines are being offered on the dark net, purchasers have no way of knowing whether they are genuine, according to Check Point.More
Story image
Ministry of Health successfully completes COVID-19 tracing technology trial
The New Zealand Ministry of Health, the New Zealand Government's principal advisor on health and disability, completed the community-led Bluetooth contact tracing technology trial in Rotorua.More
Story image
Kaspersky discovers COVID-19 research related cyber threats
Kaspersky researchers have identified two APT incidents that targeted entities related to COVID-19 research - a Ministry of Health body and a pharmaceutical company. More
Story image
BackupAssist partners with Wasabi for greater cyber-resilience
This partnership provides customers with an up to 80% less expensive solution that is faster than the competition for achieving enterprise-grade cyber-resilience, the company states. More