As the year draws to a close, we have seen the number of emerging threats like advance phishing attacks from the Syrian Electronic Army, financial malware and exploit kits, Cryptolocker ransomware infections, massive Bitcoin theft, extensive privacy breach from NSA and many more.
The financial malware's were the most popular threat this year. Money is always a perfect motivation for attackers and cyber criminals who are continually targeting financial institutions.
On Tuesday, Antivirus firm Symantec has released a Threat report, called “The State of Financial Trojans: 2013”, which revealed that over 1,400 financial institutions have been targeted and compromised millions of computers around the globe and the most targeted banks are in the US with 71.5% of all analyzed Trojans.
Financial institutions have been fighting against malware for the last ten years to protect their customers and online transactions from threat. Over the time the attackers adapted to these countermeasures and sophisticated banking Trojans began to emerge.
According to the report, the number of infections of the most common financial Trojans grew to 337 percent in the first nine months of 2013. Nearly 1,500 institutions in 88 countries were potential targets during 2013.
The financial fraud marketplace is also increasingly organized and Cyber criminals are using advanced Trojans to commit large scale attacks.
Attackers of all skill levels can enter the arena of financial fraud, as the underground marketplace is a service industry that provides an abundance of resources. Those who lack expertise can simply purchase what they need. For as little as $100, an attacker can avail of a leaked Zeus or Spyeye equipped with Web-injects.
The modern financial Trojan is extremely flexible, supporting a range of functionality designed to facilitate fraudulent transactions across a variety of services.
Two dominant attack strategies are:
- Focused attack: This approach suits attackers with limited resources but also scales well to larger operations. If the distribution is accurate and the target institution has a sizeable client base, a focused attack can provide an adequate supply of targets. Shylock, Bebloh and Tilon all use this approach exclusively.
- Broad strokes: In this attack strategy, Trojans are set to target large numbers of institutions. Tilon, Cridex, and Gameover adopt these tactics and Zeus also uses this approach in its default configuration.
According to Symantec, the main reason for the surge is weak authentication practices:
Unfortunately, in many situations, security implementations adopted by financial institutions are inadequate to defend against the modern financial Trojan. Institutions are starting to adopt strong security measures like chipTAN, but the adoption rate is slow. Institutions that persist with weaker security measures will continue to be exploited by attackers.They need to maintain constant vigilance, apply software updates, maintain an awareness of new threats and deploy complementary security solutions that can defend against evolving malware attacks.