Despite growing security measures, malware and Trojans are not only growing in number, but are also increasing in sophistication. Malware authors constantly seek new ways to use existing and/or unpatched zero-day vulnerabilities to create the next breed of cybercrime techniques. A recent blog post by Kafeine, a notable security researcher, makes reference to an undocumented vulnerability in Adobe Flash that targets different combinations of Internet Explorer versions running on a variety of operating systems, including Windows, Mac and Linux.
Attacks against unpatched vulnerabilities are popping up regularly and sometimes take months or even years for software publishers to patch. Armed with this knowledge, fraudsters rely on these time gaps when they design new techniques that are capable of stealing customer credentials and performing fraudulent transactions such as transferring money to new destinations — often without the victim being aware that anything is amiss.
To top it off, cybercriminals are aware of the various fraud prevention technologies many organizations deploy and try to use this knowledge when designing new attack mechanisms to circumvent their existing fraud controls. For example, fraudsters can bypass various forms of authentication by using social engineering campaigns to convince users to divulge their credentials.
IBM’s Findings on Malware
The following are extracts from our latest infographic, as observed in the last quarter of 2014 by the IBM Security Trusteer research team. The infographic examines six of the most prevalent malware strains and attack techniques and their effect on popular operating systems and Web browsers. The higher the percentage, the more susceptible the operating system or Web browser is to the effect of the individual malware.The first example of note is Bugat, which is known to steal user credentials, overcome various two-factor authentication methods and counter additional security measures on infected devices. Bugat specifically targets Firefox, Internet Explorer and Chrome, with very slight percentage variations between the three, as can be seen below. As for its effect on various operating systems, Bugat primarily targets Windows XP, Windows 7 and Windows Vista. Interestingly, Windows Vista lags behind the other operating systems, currently holding a single-digit market share as compared to the other two. Nevertheless, it still provides a fertile ground on which this specific malware can operate.
An additional point to note is the relatively low effect on the latest Windows operating systems, Windows 8 and Windows 8.1. One possible explanation is the fact that Microsoft has introduced numerous built-in security improvements into these operating systems, including an application reputation system and protection from boot-time rootkits. Additionally, there are a number of low-level security improvements that let these operating systems manage memory in a more secure way, including features that make security vulnerabilities harder to exploit.
Another interesting example is Zeus, which was first identified in 2007 and is specifically designed to steal online banking credentials. Despite the fact that the original Zeus kit is no longer developed, data shown below clearly demonstrates that this malware strain has remarkable distribution and a widespread effect on the various operating systems. One thing to note is the effect on Zeus on the Opera browser, as applied to the mobile channel. This is not the first sighting of known PC-grade malware code being reused for new attack methods using a mix of original and borrowed techniques. In this instance, Zeus is attacking mobile devices with users accessing their online banking platforms via Opera in what is known as Zeus-in-the-Mobile.
While this information refers to the most prevalent malware strains and their immediate effect on the most popular operating systems and Web browsers, one cannot afford to remain stagnant. Cybercriminals are constantly attempting to find new ways of either persuading users to divulge their credentials or merely stealing them in a variety of sophisticated methods while performing fraudulent transactions on their behalf. This is exactly where Trusteer’s suite of cybercrime prevention products comes into play.
The IBM Security Trusteer cybercrime prevention architecture comprises multiple adaptive layers of protection at the endpoint and Web application layers, powered by a Web-based threat intelligence platform policy and configuration management application and malware forensic services. The IBM Security Trusteer management application provides organizations with control over IBM’s deployment and visibility into real-time threat information. This lets security and IT professionals configure IBM’s protection layer to meet specific business requirements in today’s changing threat landscape while minimizing capital and operational expenses and maximizing the effectiveness of threat protection.