Banking malware is in ontwikkeling en transformeren in een van de grootste bedreigingen van de malware scene, ondanks de internationale, gezamenlijke inspanningen ten behoeve van de rechtshandhaving en cybercriminaliteit experts. A new report released by Dell Secure Works Counter Threat Unit (CTU) perfectly illustrates the growth of banking malware, and particularly banking botnets.
The report focuses on 2015 and provides detailed, in-depth analysis on the nearly impeccable banking botnet structure, and the emergence of botnet-as-a-service and mobile botnets.
Botnets-as-a-service and Mobile Botnets Entered the Market
This model (botnet-as-a-service) has gained popularity throughout 2015, with more malware actors renting subsets of their botnets for other malicious operations such as:
- DDoS (distributed denial-of-service-) aanvallen;
- Click fraud;
- Crypto currency mining;
- gerichte aanvallen.
Meer over Mobile Trojans
Bovendien, mobile botnets have also shown increased usage for a range of malicious activities, including DDoS, klikfraude, and impersonation attacks. Niettemin, according to the research, the demand for the ‘regular’ botnet-as-a-kit service is still bigger, simply because it gives cyber criminals the chance to fully control and monitor the malware’s operation.
Banking Botnets 2015: Old versus New
Image Source: https://www.secureworks.com
Researchers have observed that several botnets from 2014 continued to function. Echter, new additions entered the botnet infrastructure:
2015 also saw an increased activity from several other botnets such as Qadars, Tinba, Gozi Neverquest. Overall, banking botnets showed unprecedented activity throughout the past year, with Ramnit and Bugat’s reappearance after they were taken down in 2014.
Gelukkig, botnet takedown operations didn’t stop, despite cyber criminals’ resilience. Last year witnessed increased collaboration between law enforcement and security vendors, all struggling to seize botnets’ servers and infrastructures. Only one success, echter, was recorded, and it was the success takedown of the infamous Dyre, after Russian authorities raided the offices of a movie distribution company located in Moscow.
Banking Botnets 2015: Kenmerken
Banking botnets usually are sophisticated in structure and implement various features. Even though botnets typically aim at obtaining financial information and using compromised systems for financial gain, they target personal information as well. Email credentials are often harvested in botnet-powered operations. Throughout 2015, banking botnets reached a new high point; most of them were observed to integrate backup command and control solutions via backup DGA (domain generation algorithm).
Bovendien, most botnets now use compromised routers as proxy servers to hide the real command and control servers, take advantage of p2p networks to bypass monitoring, en, niet verrassend, use Tor and I2P to resist disclosure.
Banking Botnets 2015: targets
Financial institutions and banks continued to be a primary target for banking botnets. Echter, criminals showed interest in corporate finance and payroll services and stock trading organizations, mainly situated in developed regions with wealthy residents. Researchers observed malware actors targeting countries with weak account protection and difficulties in international transactions. belangwekkend, criminals were also interested in countries that required local interference in terms of money laundering. Met andere woorden, primary targets for 2015 were banks and various financial institutions in the Asia-Pacific region, the Middle East, and Eastern Europe.
Meer over Banking Malware
Banking Botnets Delivering Ransomware
2015 saw an interesting turn of events – banking botnets were observed to deliver not only banking Trojans but also ransomware pieces. Dell’s CTU team explains the shift with the expanding need of organized cybercrime groups to find new ways to steal money from their victims. That simple explanation also illustrates the intensity in mobile malware and botnet-as-a-service.
Kijk even naar Dell CTU’s report.