Banking trojans were extensively used by cyber-criminals during August, with three variants appearing in Check Point’s latest Global Threat Impact Index.
The Zeus, Ramnit and Trickbot banking trojans all appeared in the top 10. These Trojans work by identifying when the victim is visiting a banking website, and then use keylogging or web injects to harvest basic login credentials or more sensitive information such as PIN numbers. Alternatively, trojans may also direct victims to fake banking websites designed to mimic the legitimate ones and steal credentials that way.
The August Global Threat Impact Index also revealed that Globeimposter, a ransomware disguised as a variant of the Globe ransomware, was the world’s second most prevalent malware throughout the month. Although it was discovered in May 2017, the malware did not begin to rapidly proliferate until August, distributed by spam campaigns, malvertising and exploit kits. Upon encryption, Globeimposter appends the .crypt extension to each encrypted file, and a payment is demanded from victims in return for decrypting their valuable data.
“Financial gain is the major motive for the vast majority of cybercrime, and unfortunately criminals have a wide range of tools at their disposal to achieve this,” said Maya Horowitz, threat intelligence group Mmanager at Check Point. “To see both a highly effective ransomware variant and a range of banking Trojans in the top ten most prevalent malware families really underlines how tenacious and sophisticated malicious hackers can be in their attempts to extort money. Organizations need to be both vigilant and proactive in order to protect their networks.”
The report also found that Roughted remained the top malware in August, although its global impact decreased from 18% to under 12% of organizations worldwide. Globalimposter in second place had a global impact of 6% and HackerDefender in third place with 4% global impact.
“It’s vital for organizations to be alert to these shifting threats, to simultaneously keep their defenses up against well-known malware families, new variants and new zero-day threats,” added Horowitz. “This requires a multi-layered cybersecurity strategy, which can respond to a broad range of continually evolving attack types.”
Have you registered for Infosecurity North America taking place in Boston, 04-05 October 2017? For the full agenda, speaker list and more information, please visit https://www.infosecurity-magazine.com/conferences/infosecurity-north-america/