Financial Trojans in 2014 – Symantec reports a significant drop in infections

Symantec revealed observed a significant drop in the number of  Financial Trojans in 2014, a report includes a detailed analysis of the phenomena.

Symantec has analyzed the evolution of Financial Trojans in 2014 highlighting a significant drop in the number of detection of malicious agents. Symantec analyzed nine common financial Trojans during 2014, the sample analyzed targeted customers of 1,467 financial institutions in 86 different countries.

” The drop in detections in 2014 can be partially attributed to a few takedown and arrest operations conducted by different law enforcement agencies in cooperation with the security industry. ” states the Symantec report.

The most targeted institutions are located in the U.S. accounting for 95 percent of the Financial Trojans, because the number of American bank customers that use online banking services is high.

According to the analysis published by Symantec, takedowns contributed to 53 percent drop in infections while financial phishing emails decreased by 74 percent. The security firm revealed that the greatest number of detections occurred in the US, followed by the UK and Germany, meanwhile in the Canada there were an important reduction respect 2013.

The researchers noticed an important increase in the number of infections for the Zeus Trojan and its variants, they grew by ten times from 2012 to 2014. Both Cridex (W32.Cridex) and Spyeye infections decreased by respectively by 88 percent and 87 percent from 2012 to 2014, meanwhile some malware families such Shylock nearly disappeared.

“Some threat families like Trojan.Shylock nearly disappeared, whereas others, such as the new spin-off threat Infostealer.Dyranges, filled some of the gaps. Some groups shifted their focus to other continents, such as Asia, and to local payment systems, such as Boleto Bancário in Brazil.” states Symantec.

The report explained that stolen bank accounts are precious commodities in the underground market, they are sold for 5 to 10 percent of the balance value on underground cybercrime forums.

“Stolen bank accounts do have a short shelf life and criminals intend to sell it quickly before the accounts get suspended,” he said. “There is a constant supply of new compromised accounts and often the money mule accounts are the bottle neck.” continues the report.

Symantec speculates that the implementation of strong authentication mechanisms is making harder for criminals to hit banking users, anyway attackers have evolved their techniques to try and circumvent new security measures, including two-factor authentication (2FA) and mobile banking.

“with many banks implementing [two-factor authentication] or additional transaction verification steps it is getting harder for the criminals to misuse bank account credentials without having direct access to the victims machine. These factors lower the usefulness of the compromised accounts and with this the price tag drops.”

The experts confirmed that numerous factors influence techniques adopted by criminals and the choice of their targets.
“Different global factors can also influence attackers’ decisions, such as spoken languages and regions where international transactions are more difficult to conduct and require local steps to launder the money,” state the experts.
Despite the number of detections of Financial Trojans decreased in 2014, the threat is considered still significant and security experts warning of new evolutions in the criminal ecosystem.

“But don’t relax too much—the bad guys are still out there and they are after your money.”

Pierluigi Paganini

(Security Affairs –  Finacial Trojans, cybercrime)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

56 mins ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

8 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

19 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

23 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

This website uses cookies.