Cybercriminals target SMB bank accounts

Web and smartphone apps, a market which is emerging and largely unregulated, are ideal guises for criminal activity, new Blue Coat report warns.

Cybercriminals have ramped up attacks on the bank accounts of small and midsize businesses (SMBs), and tailor-made Trojans are the weapon of choice, according to a report by Trustwave's SpiderLabs.

The Web Hacking Incident Database report by Trustwave's SpiderLabs examined 158 publicly reported incidents in the first half of this year. The analysis excluded many small web defacement attacks listed on since they would skew the data.

It noted a "steep rise" in online attacks against financial institutions this year, particularly against accounts held by SMBs.

The report also found an adjacent rise in the use of client-side banking Trojans, the most popular being the infamous Zeus malware. The trojans monitor and steal customer account information and can alter transfer request data.

Stealing information is the chief motivation for hackers, according to the report, followed by Web site defacements and the injection of malware.

The report said that often hackers would make their way into a Web site to collect information or deface it, and, while they were there, plant malware. That malware will then compromise other computers, helping them achieve their goal in other locations.

The Web Hacking Incident Database report claims ideological warfare is the primary motivation for Web defacements and denial-of-service (DoS) attacks. The report cited the recent attacks against the UK's Daily Telegraph by an alleged Romanian hacking group after the newspaper published articles identifying "gypsies" and "Romanians".

In July, the prominent London carbon credit trading platform of the European Climate Exchange was also defaced by a "hacktivist" group, which posted material attacking cap and trade agreements. The Web sites of several South Korean government agencies and private firms were defaced and crippled by DoS attacks in the same month.

"We found that the majority of [incidents] were of a political nature, targeting political parties, candidates and government departments, often with a very specific message related to a campaign," the report stated. "Others seem to have a cultural aspect."

The report comes as 71 Australian Web sites were defaced in a spate of attacks lodged on website last week.

While many of the affected websites have been repaired, some remain crippled by the full page defacement.

Trustwave's SpiderLabs blamed the prevalence of defacements on lax web application monitoring and logging.

SpiderLabs said a resistance to public disclosure hinders the fight against cyberattacks and notes that organizations should focus on repairing vulnerabilities rather than only removing implanted malware.

This story was first posted in ZDNet Australia.


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All