The financial sector is under threat from increasingly sophisticated malware attacks a Symantec report has claimed, with many security solutions ineffective against modern Trojans.
Following the proliferation of malware targeted at online banking over the past decade, financial institutions created custom security solutions to prevent fraud resulting from simple keylogging Trojans or phishing. However more sophisticated attacks are being created and targeted at a wider range of financial sector companies, according to Symantec's The World of Financial Trojans report, with over 600 financial organisations singled out for Trojan attacks.
The report claims that criminal groups responsible for the attacks have become more knowledgeable about the financial sector as attacks have become more sophisticated, and are supported by a service industry of widely available malware.
"The financial fraud marketplace is also increasingly organised," the report claims. "It is a service industry where a wide variety of financial Trojans, webinjects, and distribution channels are bought and sold. Services being offered are dedicated to each aspect of a financial fraud campaign. These offerings will improve effectiveness of established techniques. "
Symantec points to Trojans such the Zeus based 'Gameover' peer to peer botnet as one of the major threats facing financial organisations, infecting over 678,000 Windows PCs last year. The Zeus Trojan, also known as Zbot, was used in a raid of 3,000 banks accounts in the UK, stealing £675,000 from an unnamed high street bank in 2010.
According to the report the Trojan responsible for attacking the widest number of financial organisations was found to be SpyEye, targeting for 384, followed by Zeus with 284.
The report also highlights the growing ability of cybercriminals to use location-aware distribution services to deliver malware with greater precision. Symantec also points to third-party remote web-injects which can circumvent security countermeasures, targeting a large number of financial companies "concurrently and intelligently" as posing a threat to financial companies.
The organisations being targeted are varied, from commercial banks to credit unions, though attackers have increasingly looked to other organisations that perform online transactions. This means targeting nstitutions that facilitate high volume and high value transactions, such as automated clearing house payments systems, and payroll systems. Single Euro Payments Area (SEPA) credit transfers in Europe are also an increasing target.
Not surprisingly the report found that attackers prefer to target institutions in wealthier, developed countries, but also claimed that new markets in emerging economies such as in Asia and the Middle East were increasingly being targeted.
Countries with fewer financial institutions were also preferential, with the UK deemed to be a prime target due to its wealthy population and only 52 major financial institutions, meaning that a smaller number of variants would be needed to developed by cybercriminals.
Sign up for Computerworld eNewsletters.