Finance sector under threat from sophisticated malware threat

Symantec report claims that trading houses being targeted as attacks proliferate

The financial sector is under threat from increasingly sophisticated malware attacks a Symantec report has claimed, with many security solutions ineffective against modern Trojans.

Following the proliferation of malware targeted at online banking over the past decade, financial institutions created custom security solutions to prevent fraud resulting from simple keylogging Trojans or phishing. However more sophisticated attacks are being created and targeted at a wider range of financial sector companies, according to Symantec's The World of Financial Trojans report, with over 600 financial organisations singled out for Trojan attacks.

The report claims that criminal groups responsible for the attacks have become more knowledgeable about the financial sector as attacks have become more sophisticated, and are supported by a service industry of widely available malware.

"The financial fraud marketplace is also increasingly organised," the report claims. "It is a service industry where a wide variety of financial Trojans, webinjects, and distribution channels are bought and sold. Services being offered are dedicated to each aspect of a financial fraud campaign. These offerings will improve effectiveness of established techniques. "

Symantec points to Trojans such the Zeus based 'Gameover' peer to peer botnet as one of the major threats facing financial organisations, infecting over 678,000 Windows PCs last year. The Zeus Trojan, also known as Zbot, was used in a raid of 3,000 banks accounts in the UK, stealing £675,000 from an unnamed high street bank in 2010.

According to the report the Trojan responsible for attacking the widest number of financial organisations was found to be SpyEye, targeting for 384, followed by Zeus with 284.

The report also highlights the growing ability of cybercriminals to use location-aware distribution services to deliver malware with greater precision. Symantec also points to third-party remote web-injects which can circumvent security countermeasures, targeting a large number of financial companies "concurrently and intelligently" as posing a threat to financial companies.

The organisations being targeted are varied, from commercial banks to credit unions, though attackers have increasingly looked to other organisations that perform online transactions. This means targeting nstitutions that facilitate high volume and high value transactions, such as automated clearing house payments systems, and payroll systems. Single Euro Payments Area (SEPA) credit transfers in Europe are also an increasing target.

Not surprisingly the report found that attackers prefer to target institutions in wealthier, developed countries, but also claimed that new markets in emerging economies such as in Asia and the Middle East were increasingly being targeted.

Countries with fewer financial institutions were also preferential, with the UK deemed to be a prime target due to its wealthy population and only 52 major financial institutions, meaning that a smaller number of variants would be needed to developed by cybercriminals.

The US has the most number of computers infected with banking Trojans, with almost 250,000 systems affected, the report claimed, while the UK is in fourth place with over 40,000. The Zbot Trojan was found to be most prevalent in both countries.

Sian John, security strategist at Symantec said that financial companies are involved in a constant battle to stay ahead of malware creators.

"It is not so much a falling behind, as being involved in an arms race. If they bring in one way of protecting, then the Trojans get used to that protection and bring in a new attempt to attack," John told Computerworld UK. "So there are some banks that will have new thoughts about defence but they won't bring it in until they need, because the guys that write the Trojans pick up on it early."

"It is not that the banks do not have sophistication, they have lots. They just have to continually evolve because the malware is continually evolving."

However there is a gap in the ability of certain organisations to detect threats on customers systems.

"There is a difference in quality between the different banks in terms of how much of the protection and fraud detection methods they put in place," she said. "The challenge is that the Trojans are beginning to work out which the banks are with less security, and going after them."

John said that for the banks, sophistication in their own methods is displayed in how they deal with customers that might be infected, and detect the issues. This means putting in place measures such as strong authentication, PIN pads or not requiring customers to input full passwords to stop details being picked up by a Trojan.

"Banks themselves need to put in software to detect anomalous behaviour, if not to stop it then to at least understand that something is going on with that transaction," John said.

This means implementing transaction software from vendors such as Trusteer for example, which a lot of banks currently provide to detect attempts by a Trojan to hijack a login session.

John said that due to many high profile banks improving their defence methods, some of the organisations which would not previously have been top of the list of cybercriminals are now being focused on, due to comparatively weaker protection.

"It is things like business to business banking, the trading houses and clearing houses, as well as emerging markets which haven't had internet banking previously," she said. "They historically went for the low hanging fruit of internet banking, but are now looking beyond that."

Join the CSO newsletter!

Error: Please check your email address.

Tags symantecsecurity

More about SymantecTrusteerTrusteerTrusteer

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Matthew Finnegan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts