Banking Trojans - Hands up! Manos Arriba! Give me your Money!
If you are ever unfortunate enough to be on the receiving end of any of those three demands, the choices you make in the next few moments will determine what happens to you and your money. Whatever choice you make, you will be keenly aware of the outcome.
Make no mistake. A Banking Trojan used against you accomplishes the same result with one major difference. You don’t know you’ve lost anything until the next time you check your balance on your bank account.
Banking Trojans have been around for years, but one in particular, The Trickbot Bank Trojan released in the Summer of 2016, has recently become much more dangerous with the addition of a combination of features known as redirection, a form of what is referred to as “Man in the Browser” or (MITB) attacks and Code or Web Injection to inject malicious code into web browsers such as IE, Chrome, Firefox, etc. Limor Kessem, an IBM Executive Security Advisor and Cyber Intelligence expert writes in a recent blog that Trickbot implements two of the “most advanced browser manipulation techniques observed in banking malware in the past few years.”
Trickbot now accounts for about 4% of all attacks globally. The Trojan is commonly delivered to bots that are members of the Necurs Botnet, one of the largest collection of Bots in the world. The Bot’s developers continuously work together with other distributors of malware to improve their product and have just recently, started attacking US Banks and users who transact with them online. The proverbial “gun in your back” comes when you conduct an online transaction through a browser on an infected machine to a compromised bank or payment processor such as PayPal.
MITB Attacks are not new and are common in Phishing attacks. In
You will unknowingly enter your credentials, even answering any security questions the bank may ask you, finish your transaction,
How does Trickbot get
Once a machine is infected, the code is smart enough to tie into legitimate Windows APIs, self-authenticate, create a service task for persistence in your
So what tools can protect you?
Use deterrent, preventive, and reactive countermeasures in a layered defense such as:
- Conduct a comprehensive risk and technical infrastructure assessment
- Re-visit the design or re-design your network architecture
- Utilize DNS and IP layer, intelligent proxy and C2 blocking tools
- Employ Multi-Factor Authentication solutions
- Conduct Security Awareness and Anti-Phishing Training for you and your staff
- Consider use of APT Advanced Sensors to protect your network
- Utilize email anti-spam filtering and set as high as possible to block malware attachments
- Consider 24x7x365 Cyber Security Operations Center security monitoring for your network
- Ensure that your Anti-Virus scan engines are up to date and contain Endpoint Detection & Response (EDR)
- Employ monthly external vulnerability scans
- Conduct periodic external penetration tests of your networks
- Use a Managed Services Provider that offers Managed Security as a Service as well
Kessem, L. (2016, January 1). Mitigating Malware in a Modern, Mobile World. Retrieved from securityintelligence.com: https://securityintelligence.com/mitigating-malware-modern-mobile-world/
Kessem, L. (2017, July 19).
Kessem, L. (2017, April 27).
Mimoso, M. (2016, October 17). TRICKBOT BANKING TROJAN COULD BE DYRE REWRITE. Retrieved from threatpost.com: https://threatpost.com/trickbot-banking-trojan-could-be-dyre-rewrite/121340/
Paganini, P. (2017, June 26).
Spring, T. (2017, July 21). Trickbot Malware Now Targets US Banks. Retrieved from threatpost.com: https://threatpost.com/trickbot-malware-now-targets-us-banks/126976/