Banking botnets persist despite takedowns

In order to provide organizations insight into the most insidious and pervasive banking botnets currently being used to target financial institutions and their clients, Dell SecureWorks released at RSA Conference 2015 its annual Top Banking Botnets threat analysis.

This report outlines the inner workings of each bank botnet and provides key indicators for each of them so that organizations can help protect themselves from these threats.

Key highlights include:

  • In addition to traditional banking websites, targets of the banking Trojans included websites related to corporate finance and corporate payroll services, stock trading, social networking, email services, phone companies, employment portals, entertainment portals and dating portals.
  • Crypto currency like Bitcoin was a new addition to banking botnet targets in 2014.
  • Attackers used banking Trojans to target more than 1,400 financial institutions across more than 80 countries.
  • More than 90 percent of all Trojans targeted financial institutions located in US, followed by the UK, Germany, Italy, Spain and Australia.
  • Attackers began avoiding countries where international transactions are more difficult and require local intervention to launder the money. As a result, cyber attacks increased against banks and other organizations in Asia, where institutions tend to have weaker account security in place.
  • Botnets increasingly rely on hidden network services such as Tor or the Invisible Internet Project (I2P), which resist surveillance and takedowns.
  • Dyre, Bugat v5 (also known as Dridex), and Vawtrak (a Gozi variant) emerged after the Gameover Zeus and Shylock takedowns.
  • Dyre and Bugat v5 incorporated private spam mailers, deviating from the “spam as a service” model used by other botnets.

For more details, download the report (registration required).