The concept of infecting targeted users with banking trojans has been so successful in the recent past that in the first quarter of 2018, banking trojans overtook ransomware as the top malicious payload distributed through email.
In all, banking trojans accounted for 59 percent of all malicious email payloads in the first quarter of 2018 which also saw email-based malware attacks rise significantly. A new report from Proofpoint has shown that the number of firms receiving more than 50 email-based malware attacks grew by 20 percent compared to in the last quarter of 2017.
Aside from injecting banking trojans that are designed to obtain confidential information about customers and clients using online banking and payment systems, hackers are also distributing information stealers, downloaders, remote access Trojans (RATS), and other banking malware via emails to steal credentials and to use them to commit fraud or theft.
Cyber-criminals are also leveraging sophisticated malware that are adept at defeating a majority of anti-malware protections installed on targeted systems. For example, Emotet, a polymorphic malware that has the ability to evade over 75 percent of antivirus engines, has been used in 57 percent of all banking malware attacks and 33 percent of all malicious payloads in Q1.
"Trojans are effective because they exploit weaknesses on different levels. Fraudsters often bait unsuspecting users to click on links in emails that seem to be legitimate, which lead them to a fake website or to download a malicious app," said Gerhard Oosthuizen, CTO at Entersekt to SC Magazine UK.
"These fakes can look frighteningly real, and the emails baiting users often mimic the bank's official communications in design and tone. It makes it very hard for users to know when an email, the site they're clicking through to, or the app they're downloading, is legitimate.
"Trojans also exploit weak security in banking apps and internet banking platforms. It's all about the low-hanging fruit – it's very unlikely that fraudsters would target systems with robust security measures in place when so many others are easy targets. Relying on one-time passwords and solely knowledge-based authentication factors does not offer sufficient protection against fraud and malware, and banks need to realise this," he added.
According to Oosthuizen, those who regularly engage in online banking need to be vigilant and must ensure that they are using official digital platforms at all times to avoid getting infected by banking trojans. At the same time, banks should employ virtually frictionless out-of-band two-factor authentication that provides robust security while inspiring confidence and trust in their customers.
Javvad Malik, security advocate at AlienVault, told SC Magazine UK that the reason why cyber-criminals have started using banking trojans instead of ransomware is that using trojans result in the most profit while exposing them to the least amount of risk. Better chances of success has also made some criminals shift from ransomware to crypto-jacking to mine valuable cryptocurrencies.
"There is little doubt that Ransomware is profitable but is set to a finite amount per system. Gaining access to banking information through a Trojan has the potential to yield greater return. By increasing the number of trojans distributed, the likelihood of finding a susceptible end user increases. In short, the rise in banking trojans is simply an application of probability designed to yield the greatest monetary return," said David Rushmer, senior threat researcher at Cylance.
According to Jack Baylor, senior threat researcher at Cylance, cyber-criminals are using more banking trojans as ransomware attacks are no longer effective against steps such as better patching practices, more effective backup solutions, greater ontake of corporate cyber-insurance and other best practices implemented by banks and other financial institutions to curb the spread of ransomware.
"As banks strive to increase profit margins following the global recession, moves towards fewer physical locations and greater use of online services means a larger target market for banking trojans. The rising use of mobile banking and the inherent delays in patching and upgrading Android systems (76.5 percent of global mobile phone market share) due to slow telco/ISP rollouts means that more and more online banking users are now exposed to the same vulnerabilities that ransomware targets previously endured," he added.