Despite growing security measures, malware and Trojans are not only growing in number, but are also increasing in sophistication. Malware authors constantly seek new ways to use existing and/or unpatched zero-day vulnerabilities to create the next breed of cybercrime techniques. A recent blog post by Kafeine, a notable security researcher, makes reference to an undocumented vulnerability in Adobe Flash that targets different combinations of Internet Explorer versions running on a variety of operating systems, including Windows, Mac and Linux.

Attacks against unpatched vulnerabilities are popping up regularly and sometimes take months or even years for software publishers to patch. Armed with this knowledge, fraudsters rely on these time gaps when they design new techniques that are capable of stealing customer credentials and performing fraudulent transactions such as transferring money to new destinations — often without the victim being aware that anything is amiss.

To top it off, cybercriminals are aware of the various fraud prevention technologies many organizations deploy and try to use this knowledge when designing new attack mechanisms to circumvent their existing fraud controls. For example, fraudsters can bypass various forms of authentication by using social engineering campaigns to convince users to divulge their credentials.

IBM’s Findings on Malware

An additional point to note is the relatively low effect on the latest Windows operating systems, Windows 8 and Windows 8.1. One possible explanation is the fact that Microsoft has introduced numerous built-in security improvements into these operating systems, including an application reputation system and protection from boot-time rootkits. Additionally, there are a number of low-level security improvements that let these operating systems manage memory in a more secure way, including features that make security vulnerabilities harder to exploit.

Another interesting example is Zeus, which was first identified in 2007 and is specifically designed to steal online banking credentials. Despite the fact that the original Zeus kit is no longer developed, data shown below clearly demonstrates that this malware strain has remarkable distribution and a widespread effect on the various operating systems. One thing to note is the effect on Zeus on the Opera browser, as applied to the mobile channel. This is not the first sighting of known PC-grade malware code being reused for new attack methods using a mix of original and borrowed techniques. In this instance, Zeus is attacking mobile devices with users accessing their online banking platforms via Opera in what is known as Zeus-in-the-Mobile.

While this information refers to the most prevalent malware strains and their immediate effect on the most popular operating systems and Web browsers, one cannot afford to remain stagnant. Cybercriminals are constantly attempting to find new ways of either persuading users to divulge their credentials or merely stealing them in a variety of sophisticated methods while performing fraudulent transactions on their behalf. This is exactly where Trusteer’s suite of cybercrime prevention products comes into play.

The IBM Security Trusteer cybercrime prevention architecture comprises multiple adaptive layers of protection at the endpoint and Web application layers, powered by a Web-based threat intelligence platform policy and configuration management application and malware forensic services. The IBM Security Trusteer management application provides organizations with control over IBM’s deployment and visibility into real-time threat information. This lets security and IT professionals configure IBM’s protection layer to meet specific business requirements in today’s changing threat landscape while minimizing capital and operational expenses and maximizing the effectiveness of threat protection.

More from Advanced Threats

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data

Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The Ramnit Trojan, in particular, is out for a shopping spree that’s designed to take over people’s online accounts and steal their payment card data. IBM…

Detections That Can Help You Identify Ransomware

One of the benefits of being part of a global research-driven incident response firm like X-Force Incidence Response (IR) is that the team has the ability to take a step back and analyze incidents, identifying trends and commonalities that span geographies, industries and affiliations. Leveraging that access and knowledge against the ransomware threat has revealed tools, techniques and procedures that can often be detected through the default Windows event logs (WELs). In particular, the X-Force IR team has identified several…

How to Report Scam Calls and Phishing Attacks

With incidents such as the Colonial Pipeline infection and the Kaseya supply chain attack making so many headlines these days, it can be easy to forget that malicious actors are still preying on individual users. They're not using ransomware to do that so much anymore, though. Not since the rise of big game hunting, anyway. This term marks ransomware actors' shift away from attacks against individual users and towards operations targeting large enterprises, noted CNBC. But attacks like phishing and…