Financial malware attacks have seen a 16 percent rise in the second quarter of this year, according to data published today in Computer Weekly.
Increase in Financial Malware Attacks
Financial malware attacks are reported to be increasing as malware creators collaborate to evolve banking Trojans into the most dangerous threats online, says Kaspersky Labs, which blocked more than one million financial malware attacks in the second quarter of the year.
One of the reasons for the increase is the collaboration between the authors of two leading banking Trojans, Gozi Trojan and Nymaim Trojan, pushing both into the top 10 rankings of financial malware.
The Nymain Trojan was initially designed as ransomware, blocking access to users’ valuable data and then demanding a ransom to unblock it. However, the latest version includes banking Trojan functionality from Gozi source code that provides attackers with remote access to victims’ PCs.
Currently topping the list of financial malware is Zbot, which accounted for almost 16 percent of all financial malware attacks blocked by Kaspersky Lab in the second quarter.
Mimic Online Banking Pages
Banking Trojans are often propagated through compromised or fraudulent websites and spam emails. After infecting users, they mimic an official online banking page in an attempt to steal users’ personal information, such as bank account details, passwords, or payment card details.
According to Troels Oerting, group chief security and information security officer at Barclays, the hacker community targeting financial institutions is much more professional than in the past. He added that, “they take their time, they look at the processes, they are well resourced and they are very adaptive.”
In the past year to 18 months, Oerting said there has been aggressive use of much more advanced malware tools by cyber attackers.
Just as malware authors are joining forces, he called for greater collaboration between organisations in the financial sector in fighting cyber crime by sharing their knowledge and experience of attacks and attack groups with each other and law enforcement.