Cyphort Issues Special Report On the Most Dangerous Financial Malware Threats

SANTA CLARA, Calif.--(BUSINESS WIRE)--Cyphort, the next generation Advanced Persistent Threat (APT) defense company, today released a special report titled ‘2015 Financial Malware,’ that analyzed the top eight types of financial malware cybercriminals are using today to target banks and electronic payment systems. Through its research, Cyphort Labs has identified Zeus, SpyEye, Torpig, Vawtrak, Bebloh, Shylock, Dridex and Dyre as the most dangerous malware threats.

Although financial malware has been around for more than a decade, it is quickly evolving in sophistication. Newer versions often feature stealthy command-and-control channels, designed to steal account credentials, according to the Verizon 2015 Data Breach Investigations Report. Based on Verizon’s forensic investigations, five malware events occur every second, and financial services firms experience an average of 350 malware events every week.

The most dangerous Financial Malware threats have resulted in the theft of hundreds of millions of dollars and infected tens of millions of users. They include:

1. Zeus—The most successful banking malware that has infected tens of millions of computers worldwide since it debuted in 2007. With its capabilities, financial service professionals consider Zeus to be the most severe threat to online banking.
2. SpyEye—Is a Trojan horse that’s infected about 1.4 million computers worldwide. Attackers use SpyEye to steal banking information in two ways: Keylogger application and the bot’s ability to take screenshots on the victim’s machine.
3. Torpig—Torpig is a botnet spread by a Trojan horse called Mebroot that infects Windows-based PCs. This botnet is used to steal targeted login credentials to access bank accounts and financial systems. Detection is difficult because Torpig hides its files and encrypts its logs. Once Torpig gains access, it scans the infected PC for account data and access credentials.
4. Vawtrak—Is a sophisticated and dangerous, backdoor banking Trojan able to spread itself via social media, email and file transfer protocols. This rather new Trojan has a unique feature of being able to hide evidence of the fraud by changing the balance shown to the victim on the fly.
5. Bebloh—Is banking malware used to steal targeted login credentials, intercept online banking transactions, and breach financial systems. Typically the attacker steals the user’s login credentials and subsequently steals specific amounts of money from the user’s account. The attacker protects his identity by collecting the money through an online “money mule.”
6. Shylock—Is known for targeting login credentials for European banks via Man-in-the-Browser exploits. Shylock has infected at least 60,000 computers running Microsoft Windows worldwide. The attackers behind Shylock have an advanced targeted distribution network that allows them to infect victims in selected countries through multiple channels.
7. Dridex—Relies on phishing to carry out malicious activities. It has executed malicious code on victim PCs via executable attachments, and Microsoft Word documents containing macros that download a second-stage payload, which then downloads and executes the Trojan.
8. Dyre—Dyre relies on phishing to carry out malicious activities. It often uses malicious PDF attachments that can exploit unpatched versions of Adobe Reader. The emails may use the misspelled subject line "Unpaid invoic" as well as the attachment "Invoice621785.pdf." Dyre uses infected victim PCs to harvest credentials for bank accounts and other online services.

“Hackers continue to target financial services organizations because they control large amounts of money and collect the greatest amount of personal information from consumers,” said Dr. Fengmin Gong, Cyphort’s co-founder and chief strategy officer. “Dealing with damage from evasive financial malware is one of the biggest challenges facing banks and financial services firms today. Traditional anti-virus and anti-malware applications miss sophisticated APT attacks. With the release of this report, Cyphort hopes to continue to raise awareness of the dangers financial malware presents so that corporations gain a deeper understanding of the importance of continually monitoring their networks.”

Cyphort’s innovative software solution detects these top financial Trojans, as well as other advanced persistent threats, prioritizes remediation and automates containment. To learn more about Cyphort’s next generation APT defense, visit www.cyphort.com or visit us at Financial Services ISAC Fall Summit, October 25-28, 2015 in San Diego (booth #21).

To make sure your organization is protected from financial malware, Cyphort recommends the following steps:

• Keeping your system and applications patched in a timely fashion goes a long way in protecting you from infection. You know it already, now you need to make sure you do it! Most of the modern OS and applications offer automatic updates, power to the defenders.
• Cyber surfers should be very vigilant in visiting sites with busy offering and popups. When you do need to visit them, doing so from a non-Windows platform may reduce your chance of infection, at least until the bad actors start to target non-Windows endpoints more.
• Financial Institutions should adopt the new defense paradigm with a continuous monitoring, diagnostics, and mitigation approach; implement education and threat intelligence sharing so that employees are warned off of infection websites.

To read the full Cyphort Financial Malware Report, visit: http://go.cyphort.com/Financial-Malware-Report-15-Page.html

About Cyphort

Cyphort is an innovative provider of Advanced Threat Protection solutions that deliver a complete defense against current and emerging Advanced Persistent Threats, targeted attacks and zero day vulnerabilities. Cyphort’s unique software solution delivers complete Next Generation APT defense; correlating threats from Web and Email, as well as internal vectors for lateral spread and post breach activity detection. The addition of correlation and context for each threat plays a key role in helping prioritize responses and containment actions. The purpose-built integrations to existing enforcement solutions (Firewalls, Proxies etc.) allows customers the ability to extract maximum value from IT assets without compromising the security of an organization. Cyphort is a privately held company headquartered in Santa Clara, California. For more information, please visit www.cyphort.com and follow us @Cyphort.