Financial institutions have been fighting malware that targets online banking for over ten years. During that timeframe, banks have had to evolve their security measures to protect online transactions from fraud.

Attackers adapted to these countermeasures and sophisticated banking Trojans began to emerge. In many situations financial institutions adopted custom security solutions.

This resulted in a diverse set of security implementations. Many of these security implementations are ineffective at protecting against the modern banking Trojan. Cybercriminals motivated by financial reward are using these advanced Trojans to commit large scale financial fraud, targeting institutions across the globe.

This paper examines eight of the most popular and sophisticated financial Trojans.

These financial Trojans install on a user’s computer and specifically target user accounts of many financial institutions.

Extracting the configurations for these Trojans revealed customers of over six hundred institutions being targeted. Nearly 95 percent of these institutions belong to the financial sector, which span a broad range of institutions.

Attackers have therefore effectively bypassed any online session security hurdles deployed by each of these financial institutions. Exact details of the techniques used against specific financial institutions are withheld, but are available to the financial institution on request.

A variety of attack strategies were observed with two dominant approaches pursued by cybercriminals: the “focused attack” and “broad strokes”.

The merits and drawbacks of these strategies are examined.

The paper concludes with a real attack analysis involving the infamous “Gameover” variant of Zeus, along with the techniques and capabilities that these modern day banking Trojans possess.

The attack analysis illustrates a typical user interaction during an online banking session when compromised with an advanced financial Trojan.
As banks adopt stronger security implementations, attackers have focused heavily on the institutions with weaker account security. Institutions which provide high volume and high value transactions are also targeted. Payroll systems and Automated Clearing House (ACH) transactions are lucrative for that very reason. Not only new institutions but new regions, including the Middle East, Africa, and Asia have recently been targeted.

This trend looks set to continue as attackers begin to expand their reach into new markets where existing attack techniques are effective.

This expanded reach is facilitated by the underground financial fraud economy.

The underground financial fraud community has become increasingly organized. Everything from bots and intelligent configurations to localized distribution channels are being bought and sold.

Attackers are no longer just participating in financial fraud; some are dedicated to tool creation to facilitate these activities.

The underground community is a service industry.
Leveraging third-party services allows attackers to operate more efficiently. Less effort is required maintaining infrastructure and Trojan configurations.

Attacks that can intelligently target large numbers of institutions concurrently will intensify. Sophisticated cybercriminal groups are already using advanced techniques like automated transaction services (ATS) and traffic direction services (TDS).

These are services that the underground service community is streamlining.
As financial institutions assess the threat of modern financial Trojans, the adoption of adequate security measures will undoubtedly increase. Providing a secure environment where customers can confidently authorize transactions is essential.

Key findings

  • Over 600 financial institutions are targeted by financial Trojans
  • Big banks in countries with high GDP are attacked with highest frequency
  • Two dominant attack strategies are identified: “focused attack” and “broader strokes”
  • New target regions include the Middle East, Africa, and Asia
  • New institution types are being targeted outside of traditional online banking
  • Existing techniques are being streamlined for automation and precision

Please Download the whitepaper for the full report


Leave a Reply