Story image

TrickBot malware ramps up attacks against ANZ financial firms

01 May 2017

Attackers behind the TrickBot Trojan have been taking their tactics to the next level, researchers from IBM X-Force have uncovered.

Recent attacks against Australia, New Zealand, the UK, Ireland, Germany and the US indicate that attackers have been adding new redirection attacks specifically targeted towards financial institutions that other attackers generally don’t touch.

Attacks against Australia, New Zealand, the UK and Germany became most active in April, when the number jumped from 1-3 major campaigns per month to five campaigns in April alone.

The new targets include private banks, private wealth management firms, investment banking, retirement insurance and annuity companies.

Researchers note that the TrickBot has even targeted a bank that complies with Sharia law - which is odd because the law prohibits such things as interest fees and some types of business investment as part of Islam.

IBM X-Force believes that TrickBot operators are using the countries as a base for increasing spam runs with the aim of infecting more endpoints. The attackers may then move into an attack phase. “In terms of its attack types, TrickBot is quite similar to Dyre. Its signature moves are browser manipulation techniques that enable the malware to implement serverside webinjections and redirection attacks,” researchers say in a blog.

The malware works by deploying a browser-hooking technique that intercepts HTTP traffic before it is displayed to the user.

Researchers also expect that TrickBot will eventually become a powerful financial malware family; even as popular as the Dridex Trojan.

The Dridex Trojan is well-known for targeting the financial organisations.It currently accounts for 11% of financial malware attacks, well behind the Zeus, Gozi and Ramnit malware.

According to researchers 39% of TrickBot attacks affected the UK, 33% affected Germany and 3% affected New Zealand.

Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Managing data to comply with privacy regulations - Micro Focus
It’s crucial for organisations to be able to access, understand, and accurately classify the data they have so they know how to treat it.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.
The impact of bringing biometrics to the door
"Despite the benefits of biometrics, there have been impediments to its broader enterprise adoption."