Banking malware slowed in 2015 – but don't get too comfortable, Symantec warns

Australia is amongst the world's top ten countries affected by banking malware, according to a Symantec analysis that found that one Australian bank was targeted by nearly 55 percent of all banking trojans analysed during 2015.

The company's Financial Threats 2015 report analysed some 656 financially-targeted Trojans, which collectively sought to harvest access codes and other details from 547 banking institutions in 49 countries.

Malware authors' increasing interest in Australian banks was correlated with a strong showing in the leaderboard for the countries with the most computers compromised by banking Trojans last year. More than 20,000 Australian systems suffered attacks from such malware, ranking slightly behind France and just ahead of Russia in terms of absolute numbers of banking-related compromises.

Details of targeted institutions change rapidly, with installed Trojans maintaining a regularly-updated list of URLs to watch for as users go about their online business; when target URLs are detected, Trojans launch man-in-the-browser or redirect attacks to capture banking details that can be sold on the black market for four and five-digit pricetags.

Some banking malware is highly geographically targeted – for example, the Infostealer.Shifu Trojan that targeted just 16 institutions, primarily in Japan – while others relied on a scattershot approach. For example, Dridex – a that grew by 107 percent last year and targeted 315 different institutions – was well ahead of the average of 93 institutions targeted by such malware (in a curious twist, Dridex was itself hacked in February to [[xref:http://www.cso.com.au/article/593492/dridex-banking-malware-mysteriously-hijacked-distribute-antivirus-program/ |distribute antivirus software instead of its malware payload).

Bank Australia chief risk officer Patrick Ashkettle is among the many banking-security executives that have been watching Dridex and its ilk with concern.

“When I talk with the people in our network they are dealing with hundreds of alerts daily,” he told a recent FST Media conference on financial-services security. “The major threats we see are around people, customers, and employees. Despite the amount of literature and media attention [about malware], we continue too see customers being scammed, duped, and hacked.”

Yet intervention does seem to be having some effect: overall infections by banking malware showed a strongly downward trend throughout 2015, according to Symantec's latest figures. By the end of the year, less than 50,000 computers were compromised with banking Trojans – half the rate in April 2015 and one-quarter the rate a year in late 2014.

Yet this decline – which Symantec attributes to the Russian government's November takedown of the insidious Dyre Trojan – should not be taken as a sign that the Trojan banking threat had been contained, the analysis warns.

“While it is getting increasingly difficult for attackers to successfully steal money from financial institutions, it is still an extremely lucrative endeavour for cybercriminals,” the report's authors wrote, noting that successful efforts to block attacks further up the attack chain had masked visibility of Trojan payloads downstream.

Mobile attacks, in particular, had emerged as a favoured new attack vector by cybercriminals, with Kaspersky Labs recently noting that two mobile banking Trojans – Faketoken and Marcher – cracked the top-10 banking Trojans list. In 2015, Kaspersky Labs noted, its tools blocked more than 1.9m attempts to launch malware capable of stealing money via online banking – up 2.8 percent on the previous year.

Join the CSO newsletter!

Error: Please check your email address.

Tags banking TrojansCSO Australia

More about KasperskySymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place