Financial Malware has Become More Advanced and Sophisticated, Says NSS Labs

A report released recently by security firm NSS Labs highlights the most recent trends in banking malware which speaks about a great innovation which has taken place ever since NSS launched its last study on financial sector in Q1-2013. Ken Baylor, Research VP of NSS Labs unveiled the report 'The Cutting Edge is Honed', reported Betanews.com January 10, 2014.

New-fangled collections of malware like Hesperbot and Beta Bot have surfaced and newer bots are employing SSL (Secure Sockets Layer) to encrypt contact with their C2 (command and control) servers. Additionally, there's been a change to employing seemingly harmless blog websites rather than conventional C2 servers to converse with botnet malware such as Taidoor that makes it increasingly difficult to detect the existence of malware on networks.

Another disturbing trend is the surfacing of a self-propagating edition of Zeus and the MITB (man-in-the-browser) malware targeted at socially engineering Internauts to give up their login information. The geographical blueprint of budding malware is also shifting as there is a rising trend towards fresh threats in Europe initially and then dispersing to American banks and account owners.

Besides these disturbing trends, another problem has stemmed which is leaking of the Carberp source code which "will likely give rise to new generations of Carberp malware". Security firm 'Trusteer' discovered in June 2013 that the source code is being offered on underground forums for as much as $50,000.

The report suggests that banks must ensure their antifraud controls remain robust with the rapid progression of financial malware.

Techweekeurope.co.uk published a report on January 10, 2014 stating that Baylor thinks that financial institutions need to invest more in sophisticated antifraud risk engines to identify potentially deceitful transactions in a better way as banks now require a multi-layered advance to tackle account fraud.

The report warned "Rapid growth of new malware podiums like Hesperbot needs banks to have thorough security rather than rely on conventional attack patterns."

NSS Labs said that banks must conduct regular risk evaluations to make certain that they are ahead of these sprouting risks not just to convene compliance rules but to evade crippling losses in an inventive financial malware environment.

» SPAMfighter News - 1/23/2014