After an analysis of almost 1,000 configurations from banking malware samples, security researchers have found out that cybercrooks are now targeting 1,467 financial organizations with banking Trojans. Diving deep into the findings, it is revealed that the majority of the banks targeted are located in the United States.
The security company Symantec found that based on Trojan activity during 2014, the list of targets found on configuration files of malware had about 1,994 domains where 95% of them belong to finance institutions. Among the targets found, there seems to be a volume of banks located in the US that are the primary targets. Followed in second and third place or institutions located in the UK and Germany, respectfully.
So far, this newly uncovered information has not leaked any specific banking or company names. However, it is clear that banking Trojans are the culprits aiming at these targets and steadily increasing their activity and reach.
Banking Trojans have long been a major force in compromising banking systems so attackers could make off with a nice heist without ever showing their face. It is the new age bank robbery scheme, one that only requires a sophisticated malware threat in the form of a Trojan and a clear target that may have vulnerabilities that the Trojan can easily exploit.
Among the Trojans suspected to target nearly 1,500 financial institutions around the world, Mebroot is one that includes almost 1,200 targets in its configuration file. Mebroot was found to be initially shared with the cybercriminal community, while other banking Trojans, such as Bebloh, Cridex, Carberp, Dyranges, Shylock and others, have only accounted for 100 or so targets in their configuration files. To boot, the banking Trojans with the smaller amount of targets were not shared and offered through cybercriminal markets.
Another takeaway learned from banking Trojans like Snifula, is how such a malicious threat increased its activity growing its list of targets from just 8 organizations located in Japan to 37 for institutions confined to regional banks during the middle of 2014.
In 2014, according to multiple sources including Symantec, banking malware was responsible for compromising nearly 4.1 million user systems. As you can imagine, we suspect this number to grow greatly with the outbreak and discovery of newly aggressive banking Trojans.