There was a 73% drop in 2015 in the number of financial Trojan infections, reports Symantec, but the US security products specialist warns that any celebrations are likely to be premature as “the threat is far from neutralised”.
“Financial Trojans are becoming far more capable and criminals are increasingly targeting institutions directly,” the group stated. “With the announcement of Android Pay yesterday, more people than ever will be able to pay for goods and services using just their phone, increasing the risk for both businesses and consumers.”
Candid Wueest, principal software engineer at Symantec commented on cybercriminal activity: “The tactics are simple: through classical attack methods like spear-phishing, the targeted financial institution is compromised and a foothold is established.
“Once inside the financial institution’s network, the attacker can wait and learn how to transfer money, issue fraudulent transactions, or orchestrate automated teller machines (ATMs) to dispense cash.”
The US remained the most affected/infected country in the world by financial Trojans in 2015, targeted with 145,000 in total. Germany ranked second with 113,000, having moved up from fourth in 2013 and third in 2014. Last year’s ‘top five’ was completed by India (63,000), Japan (50,000) and the UK, which was targeted with 42,000 financial Trojans.
Symantec’s research shows that infections from the Dridex banking Trojan increased by 107% in 2015, making it the fastest growing family of financial Trojans last year.
In more positive news, Symantec reports that “the highly successful takedown of the group behind the Dyre Trojan likely contributed to the decrease in threat detections.
“Individual and organisational use of multi-layer protection also factored into the drop in detections since infections were blocked early in the chain,” the group adds.
The agreement, after three years of debate, raise questions on future investment demand, but Fitch Ratings doesnʼt anticipate major market disruption.
The European Commission fined Credit Agricole, HSBC and JPMorgan Chase a total of €485m for manipulating the price of the financial benchmark.
Issuers should seek more engagement with investors, explain better how they generate value, and work with investors on a Swiss code of accountable governance, suggests a white paper.
The Brazilian unit of the accounting giant admitted issuing and attempting to conceal false audit reports.