Tag Archives: Banking Trojan

G7 sets common cyber-security guidelines for financial sector – Part II

16 October 2016

On Tuesday the Group of the Seven industrial powers agreed on guidelines for protecting the global financial sector from cyber-attacks. At the same time, reports about a new trojan called Odinaff appeared in the media. Financial institutions all over the world have been attacked in the past 9 months. And also SWIFT users. For technical details please see the excellent post ‘Odinaff: New Trojan used in high level financial attacks’ published in the Symantec Blog.

The G7 cyber-security guidelines have come just at the right time. Or, perhaps too late? From the Symantec report one learns that the technology used by the trojan is not new at all. For example, payloads hidden in password secured rar-files have already been used in the past.

It almost seems as though the cyber security groups of the banks haven’t learned from the past: Password protected attachments are potentially dangerous, and should be blocked in the first instance. Never deliver those files to the end-users!

In addition, cyber-security awareness campaigns for end-users had not been effective or had not taken place. ‘One’s mind is the best weapon’, hence well-trained people are the most effective preventive measure in the protection against cyber-attacks.

Have a good weekend.

Consumers cut off from progress in endpoint protection?

23 January 2016

The Dridex banking Trojan is back from the ashes like the Phoenix. In his post ‘Dridex malware adopts redirection attacks to target high-value UK banking customers’, published on 20 January 2016 in security blog GrahamCluley, David Bisson clearly shows that the Trojan attacks banks and end users with terrifying speed.

How can end users protect themselves?

‘As for ordinary users, maintaining an updated anti-virus solution and refusing to click on suspicious links will go a long way towards protecting your life savings from low-life criminals.’

To be honest, the advice to keep the anti-virus solution up-to-date creates a false sense of security. Let me give you a current example.

Last Tuesday I got an email with an attachment containing the malware ‘VirTool:Win32/CeeInject.GF’. I uploaded the attachment to VirusTotal for inspection and found that only 8 of 54 anti-virus solutions identified the malware, although the malware or a variant was first published about 9 month ago:

Table 1: Result of first scan

Table 1: Result of first scan

These are definitely not the heavyweights in the consumer market. 7 hours later only 12 of 54 anti-virus solutions identified the malware. For the development in the next days see the following table:

Table2: Changes in identification rate

Table2: Changes in identification rate

In the worst case consumers were unprotected for about 2 days. Moreover, up to yesterday evening 22 of 54 anti-virus solutions had still not identified the malware.

Advanced endpoint security tools could deal definitely better. Unfortunately the vendors of such solutions focus on the private businesses.

In the latest issue of the Cyber Intelligencer Michael Applebaum writes:

‘What the industry desperately needs is rigorous, scientifically validated third-party testing of endpoint security technologies, across a range of real-world scenarios. Invincea has been prominently calling for this and we hope to see progress in 2016 by reputable third parties.’

Even more than the industry the consumers need decision-making aids in how to protect effectively against malware. At the moment they are not participating in the progress in technology at all.

As always the user is the first and best line of defense. ‘Check twice before you click on whatever links or attachments’, is the best possible advice.

Have a good weekend, and, don’t rely too much on your anti-virus solution!