Financial institutions at growing risk of Trojan attacks: report

The total number of Trojan virus infections dropped by 73 per cent in 2015 compared to the year earlier, new research has found. But attacks are much more sophisticated and more frequently targeting financial institutions rather than consumers.

A new Symantec research paper identified the prevalence and geographic distribution of financial cyber security threat detection last year.

The big drop in Trojan virus detections was partially due to arrests, such as the successful takedown of the group responsible for the password-stealing Dyre Banking Trojan.

New multi-layer protection has fueled the drop in Trojan detections, with newer proactive security software blocking users from visiting infected websites or preventing droppers from downloading the payload.

The decreasing efficacy of different Trojan families has led to some cybercriminals potentially shifting to ransomware, Symantec noted.

Despite far fewer Trojan detections, prevalent malware has become far more capable, the report said, with a 232 per cent increase in the number of targeted attacks per sample than in 2014.

There was also evidence of attacks increasingly targeting financial institutions directly via spear phishing, allowing the attacker to access money transfer systems.

There has also been an increase in business email compromise (BEC) scams relying on social engineering to convince a financial department or company to carry out a transaction for the attacker.

According to the FBI, BEC scams are now responsible for losses of over US$740 million in the US since 2013.

The most common distribution method for financial Trojans was through spam emails with malicious attachments, including Office documents with a malicious macro (W97M.Downloader) or .zip archives with malicious JavaScript (JS.Downloader).

This is very common with Dridex infections, which increased by 107 per cent in 2015, making it the fastest growing family of financial Trojans last year, the report said.

Symantec has noted 214 percent increase of Dridex detections registered from January to February 2016, during which detections for nearly all other major financial Trojan families dropped by approximately 20 per cent.

The US continues to be the number one targeted region for the third year running - likely due to its size and large prevalence of online banking - followed by Germany and India.

Symantec has release a list of recommended mitigation actions for financial and banking organisations, including enabling advanced account security features, such as 2FA, if available; being extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content; and establishing enhanced authorisation business processes for transactions to avoid falling victim to BEC scams.

“Although we have seen a drop in the number of financial Trojans being detected, the Trojans are becoming more capable at what they do and the threat they pose will remain for some time to come,” said Candid Wueest, Symantec threat researcher.