Banking Botnets Continue to Appear Despite Takedowns - Dell

The register.co.uk published a report on 23rd April, 2015 quoting a new study of Dell SecureWorks as "Banking botnets continue to be a threat despite latest high-profile takedowns which only achieve some soothing effect temporarily."

Between mid-2014 and early 2015, law enforcement and private sector industry coordinated and unsettled three most active banking botnets (Shylock, Gameover and Ramnit).

Dyre, Vawtrak (a Gozi variant) and Bugat v5 (also known as Dridex) emerged after arresting Shylock and Gameover ZeuS. ZeuS's activity and its variants reduced during second half of 2014 but activity of Gozi/Vawtrak, Dyre and Bugat v5 gradually increased.

Dell warns that cybercriminals improve their software to quickly adapt to countermeasures and arrest and to establish new advanced banking botnets.

It added: "New threats appear with emerging technologies and attacks on mobile banking platforms and advancements in evading standard authentication mechanisms developed in 2014."

Banking botnet activity temporarily reduced in 2014 and early 2015 due to takedowns and arrests. Dell warns that Trojans are using hidden network services like Tor to fight surveillance and takedowns.

It is alarming that cybercriminals have also slightly shifted focus towards Asian banks having weaker account security.

However, it was discovered that 90% of banking Trojans targeted US banks affecting financial institutions in Germany, Spain, Italy, UK and Australia.

Dell also says that their analysis over the period reveals banking botnets being employed to abuse website of company payroll and finance services, job portals, email services, dating sites, social networking and stock trading websites.

These kind of attacks posed threats to consumers which should not be underrated. Hackers have employed botnets to embezzle identity and log in details and then employed those details to log into job portals and employment sites. In some cases, they pose as employees to access and intercept communications and CVs of applicants of jobs.

Finally, Dell recommends clients to do online banking and financial transactions on isolated workstations which are not used for reading emails, web browsing and other activities that could increase the risk of infection. The best defense for financial institutions is a combined web security solution with real-time content scrutiny of every packet of outgoing and incoming web content.

» SPAMfighter News - 4/29/2015