Banks Warned About ‘Cutting Edge’ Financial Malware

Banks and other financial institutions have been warned about the increasing threat posed by more advanced and sophisticated pieces of financial malware.

Attackers have new malware, and new techniques, such as managing the Trojans through blogs, according to a report from NSS Labs, which examines the evolution of financial malware threats during the third and fourth quarters of last year.

Cutting Edge

The report warns that there has been a great deal of innovation in financial malware of late, with the emergence of new malware suites such as Hesperbot and Beta Bot.

This has been coupled with the arrival of new techniques, such as replacing command and control (C2) servers with blogs. According to NSS Labs, cyber criminals have “switched to using Yahoo! blog sites to communicate with botnet malware such as Taidoor. Using benign-looking blog pages – instead of traditional ‘command and control’ (C2) servers – makes it harder for victims to uncover Taidoor’s presence on networks.”

According to research vice president Dr. Ken Baylor, financial malware is at the cutting edge of botnets and financial crime technology. He said that updated malware threats are employing SSL to encrypt their communications with C2 servers in order to better conceal the type of data they are stealing, as well as the new instructions they receive.

And he warned that there is a growing pattern of new financial malware Trojans that first appear in Europe, and then propagate outwards to US banks and account holders. For example last September  the Hesperbot Trojan was first spotted by ESET researchers as it was using a domain that purported to belong to the Czech Postal Service.

“The trend continues of new Trojans emerging via targeted campaigns in Europe and then spreading throughout Europe before reaching US banks,” wrote Dr Baylor in the report.

Best Countermeasures

And Dr Baylor believes that banks have to improve their internal security measures to deal with the evolving threat landscape.

Specifically, he believes that banks need to better invest in more advanced anti-fraud risk engines to better pinpoint potentially fraudulent transactions, as banks now need a multi-layered approach to tackling account fraud.

“Rapid development of new malware platforms such as Hesperbot requires banks to have in-depth security rather than rely on traditional patterns of attack,” warned the report. “Newer bots are using Secure Sockets Layer (SSL) for communication with their C2 servers.”

Another problem has also come from the leaking of the Carberp source code, which “will likely give rise to new generations of Carberp malware.” Trusteer discovered in June that the source code is being offered on underground forums for as much as $50,000 (£30,446).

Banks also should conduct regular risk assessments to make sure they are keeping ahead of these evolving risks, said NSS Labs, not just to meet compliance rules, but to “avoid crippling losses in an innovative banking malware environment.”

Dr Baylor pointed out that financial institutions should “invest in modern antifraud risk engines to detect user‐level anomalies between customers’ historical transactions and current transactions under review.”

What do you know about Internet security? Find out with our quiz!