Cybercriminals are now targeting higher value victims than ransomware can ever net them. According to enterprise security provider named Proofpoint in their recently released 2018 Q1 Quarterly Threat Report, banking Trojans have infected more computers than ransomware for the same period last year. Banking Trojans are credential stealing malware that targets online banking depositors using various vectors for infection including phishing emails.
The QA Threat Report emphasized the growth of the Emotet banking Trojan. Its payload comprised 57% of all banking-trojan related infections (33% of overall malware incidents) even though Microsoft claimed they have neutralized it way back February 2018. Panda Banker also clearly made its presence felt as it was responsible for 31% of all banking Trojan incidents.
Proofpoint has also taken note of the new kid on the block, the “DataBot” banking Trojan. It is responsible for targeting the users of NSW Roads and Maritime Services in Australia, as it pretended to be a legitimate E-Toll transaction. Deception is now the trend of the Trojan horse game for the cybercriminals, as MailGuard, a mainstream email filtering solution identified a new banking exploit against St. George Bank patrons.
The story about the growth of banking Trojan does not stop there, as another security firm Carbon Black also observed the same steep rise in banking Trojan infections. Experts believe the financial services industry (FSI) is staring down the barrel of a gun, with the march of new banking Trojans that target it. The cybersecurity firm also revealed that cybercriminals gained so much with their ransomware as well as banking Trojans when it confirmed that 36 financial services company came out as victims. Around 23% of FSI firms believe in deploying countermeasures while the majority just maintained a “concerned” stance on the issue.
Researchers identified the standard Microsoft Windows Powershell and Windows Management Instrumentation (WMI) subsystems as the top two attack surfaces for banking trojan infections. Those two are highly integrated parts of Windows and are favorite targets for exploitation, especially by botnets like Necurs spam. Malware continues to evolve and develop new methods to bypass detection and resistance to countermeasures deployed by FSI’s.
With ransomware attacks in decline, other traditional forms of malware are quickly filling up the vacuum. These include keyloggers and remote access Trojans. Verizon, in their latest result of the 2018 Data Breach Investigation Report emphasized that instances of banking Trojans have reached almost 40,000 and that listing them one by one in the report is unattainable. Cybersecurity firms identified 92% of incidents of banking cyber attacks were performed by outsiders while 13% happened with insider information. These numbers paint an alarming picture when compared to the card-payment fraud at 34% and while 36% involves stolen personal banking information.