santiago silver - Fotolia

Financial cyber attacks increase as malware writers join forces

Financial malware attacks increased 16% in the second quarter of the year, driven by collaboration between the developers of two banking Trojans in the top the financial malware threats, says Kaspersky Lab

Financial malware attacks are increasing as malware creators collaborate to evolve banking Trojans into the most dangerous threats online, a report has revealed.

In the second quarter of the year, Kaspersky Labs blocked more than one million financial malware attacks, an increase of 16% compared with the previous quarter.

One of the reasons for the increase is the collaboration between the authors of two leading banking Trojans – Gozi Trojan and Nymaim Trojan – pushing both into the top 10 rankings of financial malware.

The Nymain Trojan was initially designed as ransomware, blocking access to users’ valuable data and then demanding a ransom to unblock it. However, the latest version includes banking Trojan functionality from Gozi source code that provides attackers with remote access to victims’ PCs.

Additional and apparently also joint efforts have been put into the distribution of this malware, according to the latest threat report by the security firm.

Gozi moved into second place in the financial malware rankings in the quarter, accounting for 3.8% of Kaspersky financial malware detections, Nymaim was in sixth place with 1.9%.

Topping the list of financial malware is Zbot, which accounted for 15.17% of all financial malware attacks blocked by Kaspersky Lab in the second quarter.

Banking Trojans are often propagated through compromised or fraudulent websites and spam emails. After infecting users, they mimic an official online banking page in an attempt to steal users’ personal information, such as bank account details, passwords, or payment card details.  

According to the security firm’s latest threat report, Turkey was the country most targeted by banking Trojans in the second quarter, followed by Russia and Brazil, but Kaspersky Lab expects the Olympic Games to push Brazil up the attack list in the third quarter of the year.

“Financial malware are still active and developing rapidly. New banking Trojans have significantly extended their functionality by adding modules, such as ransomware,” said Denis Makrushin, security expert at Kaspersky Lab.

“If criminals do not succeed in stealing users’ personal data, they will encrypt it and demand a ransom. Yet another example is the Neurevt Trojan family. This malware was used not only to steal data in online banking systems, but also to send out spam,” he said.

Read more about cyber crime

According to the report, malware originated in 191 countries, but an overwhelming 81% came from just 10 countries, led by the US (35.4%), Russia (10.3%) and Germany (8.9%).

One in five PCs came under attack in the quarter, during which Kaspersky Lab detected 16,119,489 unique malicious objects, including scripts, exploits and executable files.

According to Troels Oerting, group chief security and information security officer at Barclays, the hacker community targeting financial institutions is much more professional than in the past.

“Typically they take their time, they look at the processes, they are well resourced  and they are very adaptive,” he told Computer Weekly.

In the past year to 18 months, Oerting said there has been aggressive use of much more advanced malware tools by cyber attackers.

Just as malware authors are joining forces, he called for greater collaboration between organisations in the financial and other sectors in fighting cyber crime by sharing their knowledge and experience of attacks and attack groups with each other and law enforcement.

Read more on Hackers and cybercrime prevention