Customers of 200 financial institutions in Australia were targeted by botnets between January 2014 and March 2015 according to a new report by Dell SecureWorks.
The report found that the most common botnets used to target Australians bank customers were Citadel, IceIX and Gameover Zeus. All three botnets are based on the Zeus banking botnet which has been used by cybercriminals to steal millions of dollars in funds.
Customers of banks in Japan, Singapore and Hong Kong were also targeted by these botnets during the time period.
According to Dell SecureWorks counter threat unit (CTU) researcher Pallav Khandar, there was a spike against attacks targeting Asian banks because these organisations traditionally implement weaker account security.
“Cybercriminals quickly adapt to countermeasures and takedowns by improving their software and establishing new sophisticated banking botnets. New threats arise with emerging technologies, and attacks on mobile banking platforms and advancements in bypassing standard authentication mechanisms continue to evolve,” he said in a statement.
While man-in-the-browser (MITB) remains the most commonly used attack technique in banking botnets, cybercriminals are beginning to combine features to increase effectiveness, added Khandar.
“By combining MITB attacks against browsers with social engineering attacks, cybercriminals can compromise mobile devices and circumvent security measures, such as one-time passwords or 2-factor authentication,” he said.
“Once an attacker has obtained a victim’s banking website credentials, they use a proxy server to connect to the victim’s computer, via virtual network computing, and access the account directly.”
Although CTU researchers did not observe much innovation in fraud techniques, he said that traditional threat mitigation would prove ineffective against modern banking Trojans.
“The best defence for financial institutions is a unified Web security solution with real-time content inspection of every packet of incoming and outgoing web content, only available in next generation firewalls,” he said.
“Combining this data with intelligence on known botnets will help enlarge the knowledgebase for identifying attacks and select appropriate attack mitigations tools.”
Follow Hamish Barwick on Twitter: @HamishBarwick