Financial Trojan numbers fall but risk is still high

Whitepaper reveals top threats in Banking and finance

Symantec has released the latest update to its Security Response: State of Financial Trojans 2014 whitepaper.

The document details how the number of financial trojans fell in 2014 but paints an alarming picture of the threats to business and consumers from such attacks.

The security firm said “the underground financial fraud community has become increasingly organized, facilitating an expanded reach.”

The United States was by far the most targeted country for financial malware in 2014. Of the top ten organisations targeted, seven were US-based. Five of which were banks, one was an online payment service and one an auction platform.

Australia was the eighth most targeted nation in 2014 but only one local bank made the top 25.

According to the report, many trojans now use an updateable and encrypted configuration file that is stored on an infected system, registry or embedded on the trojan itself. The trojan will then receive updates and patches from the source similar to legal software.

Symantec Senior Principal Systems Engineer (Security), Nick Savvides, explained that the number of banking Trojans reduced by 53 per cent over the course of last year, but that was more a reflection of the number of infections.

“It really reflects the way it [the malware] is being detected. The drop is from January to December 2014. We are getting better at stopping them.”

Savvides explained that most of the top tier financial malware on the market utilises sophisticated techniques to evade detection and removal.

“It is really a game of cat and mouse when building these technologies. They [cybercriminals] use a series of exploits as soon as they become available. There are zero-day exploits that are unknown to security vendors.”

“That’s the currency these people trade in, being able to trade in these exploits that give them that advantage to prevent them from being detected.”

“There are general families of trojans and people can operate a number of trojans within the same family. Some of those may be less detectable than others and some of them may be less preventable than others depending on the techniques that each individual criminal group is using.”

Savvides urged financial resellers to impress upon clients the need for an end to end security suite that is more than just antivirus.

“Assist your customer in trying to secure their whole stack. Don’t simply focus on how to do the old methods of protecting themselves like SMS, which we have seen come under attack.”