Monday, March 1, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Bank hackers team up to spread financial Trojans worldwide

March 20, 2019
in Internet Security
Bank hackers team up to spread financial Trojans worldwide
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

2018: The year of the banking Trojan
Kaspersky Labs detected 900,000 attacks against users in 2018 alone.

Banking Trojans are popular in cybercriminal schemes given the valuable data and financial service credentials they can steal in successful cyberattacks.

You might also like

These four new hacking groups are targeting critical infrastructure, warns security company

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

Banks find themselves a constant target for relentless attacks against their apps and infrastructure. Their names, too, are abused by threat actors which use them in phishing campaigns and through copycat malicious domains designed to dupe customers into handing over their account credentials.

Banking Trojans are considered one of the top threats to the enterprise today. In 2018 alone, Kaspersky Lab recorded roughly 900,000 financial malware-based attacks against users in 2018 — an increase of 16 percent in comparison to 767,000 attacks in the previous year.

The names of such malware may be familiar. Zeus, Redaman, BackSwap, Emotet, Gozi, and Ramnit are only some of the Trojan families which have gained prominence in the cybercriminal world, however, the operators of campaigns using banking Trojans are constantly cajoling for space and territory.

At least, this used to be the case. According to IBM’s Global Executive Security Advisor Limor Kessem and the IBM X-Force cybersecurity team, the top banking malware operators are now working together to distribute their malware.

On Wednesday, Kessem revealed new research on the cooperative trend, which builds upon the financial malware trends discussed in the latest IBM X-Force Threat Intelligence Index.

Trickbot, Gozi, Ramnit, and IcedID were the most active banking Trojans in 2018, and while other forms of malware have grown in popularity, it is the most active — and prevalent — forms of financial malware which are now being spread through cybercriminal partnerships.

screenshot-2019-03-20-at-08-33-25.png

The cybersecurity researchers say that the list is “populated by organized cybercrime gangs that have ties to yet other cybercrime gangs, each doing its part to feed the perpetual supply chain of a digital financial crime economy.”

“The banking Trojan arena is dominated by groups from the same part of the world and by people who know each other and collaborate to continue orchestrating high-volume wire fraud,” Kessem added.

Trickbot is one of the major players in the financial Trojan space. The Russian cybercriminals behind the malware, who target banks and wealth firms managing high-value accounts, have recently diversified into ransomware as part of a wider botnet strategy and are now working with gang members from IcedID.

First discovered in 2017, IcedID uses web injection attacks to compromise online payment portals and also indulges in the typical bait-and-switch method for redirecting banking customers to malicious domains.

While this malware isn’t particularly memorable as a banking Trojan, a recent shift in its deployment is. IcedID used to be dropped by the Emotet Trojan, but this changed to TrickBot in May 2018.

Three months later, it became clear that IcedID had also received a number of upgrades to perform more like TrickBot, including the reduction in the size of its binary file and plugins being fetched and loaded on demand, rather than being an intrinsic part of the Trojan’s modules.

“Although malware authors do sometimes copy from one another, our research indicates these modifications were not coincidental,” IBM says. “Even if we only looked at the fact that TrickBot and IcedID fetch one another into infected devices, that would be indication enough that these Trojans are operated by teams that work together.”

See also: Facebook debuts AI tool to tackle revenge porn

IBM also speculates that a vague partnership between the two groups may have begun years ago, and potentially during the years when Dyre and Neverquest malware samples were making the rounds pre-2015. Trickbot is considered the protege of Dyre, whilst Neverquest vanished following the arrest of a member of the group behind it. IcedID came onto the scene soon after.

Gozi, too, is another key player in the banking malware industry and has been active for over a decade. First spotted in 2007, Gozi is constantly evolving and the leak of its source code in 2010 gave rise to a number of Trojans that are active today.

The malware is now in two major forms, v.2, and v.3, of which the former variant targets global players and the latter focuses on banks in Australia and New Zealand through macro-based malicious attachments sent via phishing campaigns.

In some countries, such as Japan, the operators of Gozi are collaborating with URLZone. This form of malware specializes in process hollowing and disguises itself as legitimate computing processes to lurk undetected on a victim’s machine. 

In a 2018 campaign, URLZone dropped both the Cutwail botnet and Gozi, which together are able to enslave devices, create persistent backdoors, and steal data.

TechRepublic: How to prevent spear phishing attacks: 8 tips for your business

The operators of Ramnit, too, appear to find value in collaboration. Active since 2010, Ramnit started out using worm-like techniques to infect PCs, networks, and removable drives before evolving into a modular banking Trojan which is now spread through exploit kids including Angler and RIG.

Ramnit tends to focus on victims in the UK, Canada, and Japan, and in 2018, re-emerged after a law enforcement botnet takedown with a new partner in tow: Ngioweb, a multifunctional proxy server which uses multiple layers of encryption.

CNET: Facial recognition overkill: How deputies cracked a $12 shoplifting case

A 2018 campaign between the pair was able to infect approximately 100,000 devices in only two months. During the scheme, Ramnit went back to its worm-like roots and acted as a first-stage infection platform to create a proxy botnet for Ngioweb. 

IBM believes this partnership — albeit a short-lived one — was designed in the hopes of creating a botnet of a size comparable to the old Gameover Zeus botnet.

“While previous years saw gangs operate as adversaries, occupying different turfs, or even attack one another’s malware, 2018 connects the major cybercrime gangs together in explicit collaboration,” IBM says. “This trend is a negative sign to the joining of forces between botnet operators, revealing the resilience factor in these nefarious operations over time.”

Previous and related coverage

Credit: Source link

Previous Post

PuTTY Releases Important Software Update to Patch 8 High-Severity Flaws

Next Post

Check out Google Stadia's machine learning potential with this slick GIF

Related Posts

These four new hacking groups are targeting critical infrastructure, warns security company
Internet Security

These four new hacking groups are targeting critical infrastructure, warns security company

February 28, 2021
Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill
Internet Security

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

February 28, 2021
TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
Next Post
Check out Google Stadia’s machine learning potential with this slick GIF

Check out Google Stadia's machine learning potential with this slick GIF

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Machine Learning as a Service (MLaaS) Market Analysis Technological Innovation by Leading Industry Experts and Forecast to 2028 – The Daily Chronicle
Machine Learning

Machine Learning as a Service (MLaaS) Market Global Sales, Revenue, Price and Gross Margin Forecast To 2028 – The Bisouv Network

March 1, 2021
AI And Automation In HR: The Changing Scenario Of The Business
Data Science

AI And Automation In HR: The Changing Scenario Of The Business

February 28, 2021
Machine learning could aid mental health diagnoses: Study
Machine Learning

Machine learning could aid mental health diagnoses: Study

February 28, 2021
Python vs R! Which one should you choose for data Science
Data Science

Python vs R! Which one should you choose for data Science

February 28, 2021
Can Java be used for machine learning and data science?
Machine Learning

Can Java be used for machine learning and data science?

February 28, 2021
These four new hacking groups are targeting critical infrastructure, warns security company
Internet Security

These four new hacking groups are targeting critical infrastructure, warns security company

February 28, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Machine Learning as a Service (MLaaS) Market Global Sales, Revenue, Price and Gross Margin Forecast To 2028 – The Bisouv Network March 1, 2021
  • AI And Automation In HR: The Changing Scenario Of The Business February 28, 2021
  • Machine learning could aid mental health diagnoses: Study February 28, 2021
  • Python vs R! Which one should you choose for data Science February 28, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates