Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

3/31/2016
03:30 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Symantec: Financial Trojans Declined By 73% In 2015

Symantec detected far fewer financial Trojans in 2015 and saw cybercriminals focus more of their efforts directly on financial institutions.

Symantec detected 73 percent fewer financial Trojans last year, and a surge in targeted malware incidents. 

The drop in financial Trojan infections in 2015 came amid a 232% increase since 2014 in malware families targeting some 93 organizations, according to Symantec's newly published Financial Threat 2015 report.   

Candid Wueest, principal threat researcher with Symantec’s security response team, warns that the drop in detections does not mean financial Trojans will soon be a thing of the past, however.

“Unfortunately, that’s one of the most misleading [findings] because you can think the problem is going away,” he says. Detections of financial Trojan infections still continue to decrease this year, but Wueest says it’s may be because attackers are getting better at infiltrating the right targets that yield the most success in defrauding accounts.   

Another significant finding from the research, says Wueest, is a shift in where attackers strike: More cybercriminals are directly targeting the financial institutions themselves rather than their bank customers. The recent attack on Bangladesh’s central bank that resulted in the loss of $80 million, is one example of that trend, according to Wueest.

The average number of targeted URL patterns per sample found by Symantec was 283 in 2015, an increase of 405% -- meaning that every financial institution could be a target, Wueest says. 

The decrease in detected financial Trojans could also be attributed to better overall detection capabilities of security software, Wueest says. “We would block it before we would even know there would be a financial Trojan download,” he says.

Recent takedowns by the FBI and the European Cybercrime Task Force also may have affected the decline in the number of financial Trojans detected -- including the shutdown of a few Dridex networks in October and a Dyre group takedown in November in Russia. 

But Kurt Baumgartner, principal security researcher at Kaspersky Lab, says his firm saw an increase in financial Trojan infections in 2015 and is also seeing that trend continue in 2016.

“According to our data, more folks around the globe are getting duped into attempting to run financial Trojans on their systems. This statistic seems to be the most significant, because it tells us that crooks are getting smarter about how they are getting financial Trojans in front of people," Baumgartner says.

Ransomware is on the rise, as is the number of ransomware families being developed. “In addition, the sheer volume of ransomware being deployed increased, whether it was through spam, compromised servers, or malvertising,” Baumgartner says. 

Symantec's Wueest also notes that an increase in ransomware could have influenced the drop in the number of financial Trojans detected. “The group behind Dridex ... they actually started to send out ransomware instead of the financial Trojan and we suspect that there might be one or two other groups that started to do this as well,” he says, adding that this is not a new phenomenon. 

The tactics of cybercriminals using financial Trojans haven't evolved much in the last couple of years, he says. “They’re still mostly using man-in-the-browser attacks" as well as business email compromise (BEC) attacks, he says.

While financial institutions are getting better at detecting fraudulent transactions and law enforcement is working together with the security industry to go after cybercriminals, at the end of the day, Wueest says, it’s important to remember that the tactics cybercriminals use to get Trojans onto financial systems are not rocket science.

“It’s still that a lot of people are naïve, maybe even gullible, and should probably be more vigilant when they do transactions online,” Wueest says. 

Related Content:

Emily Johnson is the digital content editor for InformationWeek. Prior to this role, Emily worked within UBM America's technology group as an associate editor on their content marketing team. Emily started her career at UBM in 2011 and spent four and a half years in content ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19642
PUBLISHED: 2019-12-08
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareNa...
CVE-2019-19637
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19638
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.
CVE-2019-19635
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19636
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c.