Fewer financial Trojan infections, but ‘threat far from neutralised’

There was a 73% drop in 2015 in the number of financial Trojan infections, reports Symantec, but the US security products specialist warns that any celebrations are likely to be premature as “the threat is far from neutralised”.

“Financial Trojans are becoming far more capable and criminals are increasingly targeting institutions directly,” the group stated. “With the announcement of Android Pay yesterday, more people than ever will be able to pay for goods and services using just their phone, increasing the risk for both businesses and consumers.”

Candid Wueest, principal software engineer at Symantec commented on cybercriminal activity: “The tactics are simple: through classical attack methods like spear-phishing, the targeted financial institution is compromised and a foothold is established.

“Once inside the financial institution’s network, the attacker can wait and learn how to transfer money, issue fraudulent transactions, or orchestrate automated teller machines (ATMs) to dispense cash.”

The US remained the most affected/infected country in the world by financial Trojans in 2015, targeted with 145,000 in total. Germany ranked second with 113,000, having moved up from fourth in 2013 and third in 2014. Last year’s ‘top five’ was completed by India (63,000), Japan (50,000) and the UK, which was targeted with 42,000 financial Trojans.

Symantec ii

Symantec i

Symantec’s research shows that infections from the Dridex banking Trojan increased by 107% in 2015, making it the fastest growing family of financial Trojans last year.

In more positive news, Symantec reports that “the highly successful takedown of the group behind the Dyre Trojan likely contributed to the decrease in threat detections.

“Individual and organisational use of multi-layer protection also factored into the drop in detections since infections were blocked early in the chain,” the group adds.


Related reading