Report Offers a Detailed Look at How a Consumer Banking Trojan Can Infect a Company
Imperva, Inc. (NYSE:IMPV) committed to protecting business-critical data and applications in the cloud and on-premises, unveiled its latest Hacker Intelligence Initiative (HII) Report: “Phishing Trip to Brazil.” This new report, published by the Imperva Application Defense Center (ADC), offers a detailed look at a cyber attack targeting consumers using a banking Trojan, and shows how consumer-centric cyber crimes can compromise the enterprise. The report also demonstrates that despite potential anti-malware defenses, attacks that target individual employees can easily enter the enterprise network.
To conduct this report, the Imperva ADC evaluated 14 different command and control (C&C) servers comprised of more than 10,000 records across almost 5,000 different IP addresses.
The major findings in the report include:
- The majority of infections found occurred during “office hours,” leading to the conclusion that the infected computers were being used for business.
- At least 17 percent of infected machines were directly attached to enterprise networks, showing the ease with which cyber-attacks targeting consumers still put enterprises at risk.
- The consumer-centric cyber crimes used malware that rely on social engineering to infect the victim. A legitimate-looking email containing a link to a zipped file is sent to the victim. Once the victim extracts the file and knowingly or unknowingly clicks the executable, the targeted person is infected. The malware then starts to monitor user activity. After the user connects to a business site, in the case of the report, a Brazilian bank, the malware intercepts session data, which it then sends to the cybercriminals.
- Cyber criminals are extremely adept at compromising user credentials, which they then leverage for fraud or further attacks.
“Our research underscores that work life and personal life intersect, and when an employee receives a suspicious email from a vendor they trust, like a bank, they are more likely to open it. Unfortunately, if an employee reads one of these emails on a home computer while connected to an enterprise Virtual Private Network (VPN), they are opening up their employer to a potential attack,” said Amichai Shulman, co-founder and Chief Technology Officer, Imperva. “With malware evolving faster than antivirus protection, companies should shift their focus from detecting malware to directly monitoring and protecting enterprise data, applications, and user accounts. With the prevalence of Bring Your Own Device (BYOD) and remote working, data and file activity monitoring are the best way to protect against compromise of sensitive enterprise information.”
Other key findings from the report include:
- The cyber crime campaigns were not conducted by just one group of criminals operating behind the scenes. It appears that there are several groups of criminals, with varying technical and social engineering skills, all leveraging the same underlying malware. This illustrates how cyber crime itself has become an industry.
- Some of the C&C servers were found on legitimate websites that had been hijacked, while others were found on servers that were set up specifically to provide C&C functionality.
- The report focused on malware originating from Brazil, targeting Brazilian banks, but similar exploits are possible in other locations and industries.
The Imperva ADC is a premier research organization for security analysis, vulnerability discovery, and compliance expertise. ADC research combines extensive lab work with hands-on testing in real world environments to enhance Imperva products, through advanced data security technology, with the goal of delivering up-to-date threat protection and unparalleled compliance automation. The ADC regularly conducts research on the evolving threat landscape, including the HII report and the Web Application Attack report.[su_box title=”About Imperva®” style=”noise” box_color=”#336588″]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.