More Australians are getting taken by online banking malware than residents of any country except the United States and Brazil, according to new figures from Trend Micro.
The figures on banking malware, contained in the TrendLabs 2Q 2013 Security Roundup report, suggested more Australians still need to be educated about the potential for social-engineering malware attacks to compromise their systems.
Driven in large part by the rise of the ZeuS/ZBOT malware in the wild, penetration of online banking threats is “spreading across the globe and no longer concentrated in certain regions”, the report’s authors wrote. The number of detected online banking infections jumped from 37,000 in April and 39,000 in May to 71,000 in June alone, according to the figures derived from the cloud-based Trend Micro Smart Protection Network.
While Australia – with 5 per cent of all banking-malware victims – was well below first-place United States (28 per cent) and second-place Brazil (22 per cent), it was well ahead of traditionally-vulnerable Asian hotspots Japan, Taiwan, Vietnam, and India. Germany, with 2 per cent of all online banking malware victims, was ranked 9th while Canada, also with 2 per cent, filled out the top ten. France, with an equal 5 per cent, placed just behind Australia.
Mobile devices factor highly as a new vector for infection: Trend Micro recently raised the alarm about new ways in which an Android ‘master key’ vulnerability had been exploited to Trojanise a South Korean online-banking app.
Exploits leveraging the master key vulnerability – originally described by Bluebox Security – include one affecting Chinese medical appointment schedulers, with other security vendors weighing in on the issue and Google rushing to issue patches for the flaw, which was described in the Trend Micro report as a “scene-stealer”.
Overall the number of malicious and high-risk Android apps grew steadily throughout the quarter, from 561,000 in April to 718,000 in June. And while Australia dodged a bullet in terms of the highest rates of malicious Android app downloads – the UAE, Myanmar, Vietnam, Mexico and Russia were the top five countries infiltrated in that category – its high position in terms of online banking victims reinforces the need for organisations to combine user education with conventional online defences.
Online-banking toolkits had become cheaper or free in recent years, contributing to the rise in online-banking attacks. But banks weren’t the only victims: targeted attacks like the Naikon campaign hit telecommunications, oil and gas, government, media and other industries with EXE/DLL files (in 43 per cent of cases), PDF (12 per cent), DOC (10 per cent), JPG (8 per cent), TXT/HTML (5 per cent) or other file formats.