Financial Trojans in 2014 – Symantec reports a significant drop in infections

Pierluigi Paganini March 05, 2015

Symantec revealed observed a significant drop in the number of  Financial Trojans in 2014, a report includes a detailed analysis of the phenomena.

Symantec has analyzed the evolution of Financial Trojans in 2014 highlighting a significant drop in the number of detection of malicious agents. Symantec analyzed nine common financial Trojans during 2014, the sample analyzed targeted customers of 1,467 financial institutions in 86 different countries.

” The drop in detections in 2014 can be partially attributed to a few takedown and arrest operations conducted by different law enforcement agencies in cooperation with the security industry. ” states the Symantec report.

The most targeted institutions are located in the U.S. accounting for 95 percent of the Financial Trojans, because the number of American bank customers that use online banking services is high.

According to the analysis published by Symantec, takedowns contributed to 53 percent drop in infections while financial phishing emails decreased by 74 percent. The security firm revealed that the greatest number of detections occurred in the US, followed by the UK and Germany, meanwhile in the Canada there were an important reduction respect 2013.

The researchers noticed an important increase in the number of infections for the Zeus Trojan and its variants, they grew by ten times from 2012 to 2014. Both Cridex (W32.Cridex) and Spyeye infections decreased by respectively by 88 percent and 87 percent from 2012 to 2014, meanwhile some malware families such Shylock nearly disappeared.

“Some threat families like Trojan.Shylock nearly disappeared, whereas others, such as the new spin-off threat Infostealer.Dyranges, filled some of the gaps. Some groups shifted their focus to other continents, such as Asia, and to local payment systems, such as Boleto Bancário in Brazil.” states Symantec.

Financial Trojans - Symantec

The report explained that stolen bank accounts are precious commodities in the underground market, they are sold for 5 to 10 percent of the balance value on underground cybercrime forums.

“Stolen bank accounts do have a short shelf life and criminals intend to sell it quickly before the accounts get suspended,” he said. “There is a constant supply of new compromised accounts and often the money mule accounts are the bottle neck.” continues the report.

Symantec speculates that the implementation of strong authentication mechanisms is making harder for criminals to hit banking users, anyway attackers have evolved their techniques to try and circumvent new security measures, including two-factor authentication (2FA) and mobile banking.

“with many banks implementing [two-factor authentication] or additional transaction verification steps it is getting harder for the criminals to misuse bank account credentials without having direct access to the victims machine. These factors lower the usefulness of the compromised accounts and with this the price tag drops.”

The experts confirmed that numerous factors influence techniques adopted by criminals and the choice of their targets.
“Different global factors can also influence attackers’ decisions, such as spoken languages and regions where international transactions are more difficult to conduct and require local steps to launder the money,” state the experts.
Despite the number of detections of Financial Trojans decreased in 2014, the threat is considered still significant and security experts warning of new evolutions in the criminal ecosystem.

“But don’t relax too much—the bad guys are still out there and they are after your money.”

Pierluigi Paganini

(Security Affairs –  Finacial Trojans, cybercrime)

you might also like

leave a comment