Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
A couple of weeks ago, we learned about a new phishing campaign that delivered Trickbot in an attempt to harvest the credentials of online banking customers. This latest wave targeted UK users, pretending to come from HRMC (HM Revenue & Customs). The actors exploited a vulnerability in Internet Explorer (CVE-2018-8174), for which a patch was released in May 2018. Banking trojans constitute a significant threat to banking customers and small businesses. In this blog – the second in a series on threats to financial services – we delve into the threat of banking trojans in more detail.
A banking trojan is a form of malware that seeks to collect the credentials of online banking customers from infected machines. The malware is delivered through a variety of mechanisms, exploits a range of vulnerabilities, and increasingly incorporates additional functionality.
One of the oldest variants is Zeus, a trojan first spotted in 2007 in a campaign targeting the US Department of Transportation, that has since grown in popularity. Zeus’ author reportedly retired in 2010 and the Zeus source code was leaked the following year, giving way to a swathe of alternative variants.
Trickbot is one of many banking trojans active in 2018, others include UrSnif, Dridex, Retefe and Panda. As shown below, these can be delivered in a variety of ways, including botnets (often through phishing campaigns) like Necurs and exploit kits (often drive-by downloads from a compromise website or malvertising) such as RIG. Once delivered – often through spam emails – many variants rely on users downloading malicious Microsoft Word Documents. Some variants, such as Retefe, have leveraged ETERNALBLUE (an exploit for CVE-2017-0199).
Table 1: Overview of most prominent banking trojans in 2018
With malware developers rapidly adding new functionality to these variants, it can be challenging to keep up-to-date with the threat posed by banking trojans. However, by understanding the common ways in which the trojans are delivered and infect your machine, it can help you make more informed about security controls and patch priorities.
Organizations should look at deploying a defense-in-depth strategy to protect against initial infection and for post-infection. A strategy for defense should use a blend of technical and non-technical controls in order to be most effective. Some of the components that should be used include:
For finance organizations, banking trojans targeting their employees and customers will be a concern. By taking these steps, organizations and individuals can better protect their sensitive logon information.
Stay tuned for our future blogs on other threats to financial services.
To stay up to date with the latest Digital Shadows threat intelligence and news, subscribe to our threat intelligence emails here.