The holidays are a wonderful time of year, but ‘Tis the Season’ now has a double meaning for both holiday festivities and malicious malware scamming. Malware has been a popular topic of discussion from a movie studio’s network being hacked, to large retailer’s point-of-sale system getting cracked, to the breach of multiple ATMs at multiple banks. Interest in this topic is high because malware is an exceptionally effective attack vector. It’s vital for banking, credit card and ecommerce leaders to understand the key financial malware threats that often are uniquely targeted at their enterprise in order to prevent breaches, and it is equally important for consumers to be aware of the risks and do what they can on their part to prevent becoming a victim to these malicious scams. Many consider the holidays to be their favorite time of year, but unfortunately, this also holds true for hackers whose most productive time of year is upon us.
Despite the fact that financial malware is not a new concept, it is vital to understand the current threats as they quickly evolve in sophistication. At Cyphort, we recently analyzed the top eight financial malware families’ cybercriminals are using today, in hopes of raising awareness of the dangers they present. Our report identified and analyzed the following malware as the most dangerous threats of 2015:
- Zeus—The most successful banking malware that has infected tens of millions of computers worldwide since it debuted in 2007. With its capabilities, financial service professionals consider Zeus to be the most severe threat to online banking.
- SpyEye—Is a Trojan horse that’s infected about 1.4 million computers worldwide. Attackers use SpyEye to steal banking information in two ways: Keylogger application and the bot’s ability to take screenshots on the victim’s machine.
- Torpig– Torpig is a botnet spread by a Trojan horse called Mebroot that infects Windows-based PCs. This botnet is used to steal targeted login credentials to access bank accounts and financial systems. Detection is difficult because Torpig hides its files and encrypts its logs. Once Torpig gains access, it scans the infected PC for account data and access credentials.
- Vawtrak—Is a sophisticated and dangerous, backdoor banking Trojan able to spread itself via social media, email and file transfer protocols. This rather new Trojan has a unique feature of being able to hide evidence of the fraud by changing the balance shown to the victim on the fly.
- Bebloh—Is banking malware used to steal targeted login credentials, intercept online banking transactions, and breach financial systems. Typically, the attacker steals the user’s login credentials and subsequently steals specific amounts of money from the user’s account. The attacker protects his identity by collecting the money through an online “money mule.”
- Shylock—Is known for targeting login credentials for European banks via Man-in-the-Browser exploits. Shylock has infected at least 60,000 computers running Microsoft Windows worldwide. The attackers behind Shylock have an advanced targeted distribution network that allows them to infect victims in selected countries through multiple channels.
- Dridex—Relies on phishing to carry out malicious activities. It has executed malicious code on victim PCs via executable attachments, and Microsoft Word documents containing macros that download a second-stage payload, which then downloads and executes the Trojan.
- Dyre—Dyre relies on phishing to carry out malicious activities. It often uses malicious PDF attachments that can exploit unpatched versions of Adobe Reader. The emails may use the misspelled subject line “Unpaid invoic” as well as the attachment “Invoice621785.pdf.” Dyre uses infected victim PCs to harvest credentials for bank accounts and other online services.
We have learned much about the common characteristics and what to look for in financial malware. We see that propagation to victim PCs usually occurs via spam and targeted phishing campaigns. These are especially popular during the holiday season and can be disguised as electronic greeting cards, requests for charity donations, credit card applications, shipping notifications, and online shopping advertisements. Most financial malware also hides itself from signature-and hash-matching techniques used by antivirus solutions, which makes it especially difficult to defend against. We see that financial malware typically has a three-phase attack process when it targets enterprises: infection, the process of getting a financial malware Trojan onto victim PCs, lateral movement of malware, this occurs after a compromised device joins an organization’s trusted network, and exfiltration, leveraging the injected malware to steal credentials for financial accounts and other data assets.
So what can consumers do to protect your money and safeguard your financial assets heading into the holiday season, and to help protect your employer’s network as well in case access devices are shared between work and personal use?
- Be careful what you click
This time of year our inboxes are inundated with sales that seem too good to be true and there is a good chance that just may be the case. Cyber criminals craft very realistic phishing emails that entice you to click, but it really is just a way to steal your data. Make sure you take an extra look at the email address and read the email carefully for anything that might seem suspicious. - Stick with trusted Apps
Getting alerts directly on your home screen seems like a great way to stay on tops of deals, but make sure that you do not install apps from untrusted sources. Stick to apps from known reputable sources like the Google Play Store. Take time to read reviews and it will give a better idea if it is good or bad. Be stingy with granting access permissions to the installed apps – give only what’s necessary for the needed functions and allow it to get update from the Internet only during active use. - Patch often and be wary of pop-ups
We all know that antivirus software can’t catch all the bad stuff, but having AV installed is much better than having no level of protection at all. Make sure you are up to date with the latest patches. Cyber surfers should also be very vigilant this holiday season when visiting sites with busy offering and popups. When you do need to visit them, doing so from a non-Windows platform may reduce your chance of infection.
Vigilance on the part of both consumers and financial institutions are key in the defense against cyber financial crimes. It is a wonderful time of the year, but could easily turn into the worst if you fall victim to holiday hackers.
- ‘Tis the season for holiday hackers - December 17, 2015