Story image

Banking Trojans plummet 73% – but don’t get comfortable

30 Mar 16

Financial Trojans targeting online banking services dropped by an ‘impressive’ 73% last year, but Symantec is warning that while that might be good news, there’s also bad news, with attacks becoming increasingly sophisticated.

Symantec attributes the decrease in threat detections in the past year to the highly successful takedown of the group behind the Dyre Trojan, and increased use of multi-layer protection by individuals and organisations.

The security vendor’s newly released Financial Threats 2015 report notes that while most attacks still rely on email, social engineering and man-in-the-middle browser manipulation through webinjects, the cybercriminals are becoming more savvy.

“The cybercriminals behind these threats have well-established methods to circumvent two-factor authentication and attack mobile banking,” the report says.

“We have also seen an increase in redirection attacks, where the victim is rerouted to a fake website that handles the manipulation of traffic sent from and to the client.”

Symantec says the trend of using Office documents containing malicious macros as droppers also continued in 2015.

The report says cybercriminals are increasingly moving beyond banking customers to target financial institutions directly.

“Once inside the financial institution’s network, the attacker can learn how to transfer money, issue fraudulent transactions, or orchestrate ATM machines to dispense cash,” the report says.

Another scheme becoming prevalent is what Symantec dubs the business email compromise scam (BEC), where the financial department of a company is convinced to carry out a transaction in favour of the attack.

“These BEC attacks do not involve malware and do not tamper with the online banking service, but instead rely solely on social engineering.”

shows 547 institutions in 49 countries were targeted by the 656 analysed financial Trojans, with the average number of targeted organisations per sample being 93 – a 232% increase on 2014.

Dridex was the fastest growing family of financial Trojans last year, with infections up 107%.

However, Zeus, along with all its variants, was again responsible for most of the financial Trojan detections. The Zeus family grew from 400,000 detections in 2012 to nearly four million in 2014, before dropping back to just under one million in 2015.

However, Symantec says there are some easy steps businesses and individuals can take to reduce risks.

Symantec’s top tips for mitigation:

  • Exercise caution when receiving unsolicited, unexpected or suspicious emails or phone calls
  • Keep security software and operating systems up to date
  • Enable advanced account security features, such as two-factor authentication, if available
  • Use strong passwords for all your accounts
  • Always log out of your session when done
  • Enable account login notification if available
  • Monitor bank statements regularly for suspicious activity
  • Notify your bank of any strange behaviour while using their service
  • Exercise caution when conducting online banking sessions, in particular if the behaviour or appearance of your bank’s website changes
  • Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that it’s a genuine email from a trusted source, don’t enable macros, instead immediately delete the email
  • Establish advanced authorisation business processes for transactions to avoid falling for BEC scams.
How blockchain will impact NZ’s economy
Distributed ledgers and blockchain are anticipated to provide a positive uplift to New Zealand’s economy.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Human value must be put back in marketing - report
“Digital is now so widely adopted that its novelty has worn off. In their attempt to declutter, people are being more selective about which products and services they incorporate into their daily lives."
Wine firm uses AR to tell its story right on the bottle
A Central Otago wine company is using augmented reality (AR) and a ‘digital first’ strategy to change the way it builds its brand and engages with customers.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."