Cybercrims target SMB bank accounts
Cybercriminals have ramped up attacks on the bank accounts of small to medium businesses (SMBs), and tailor-made trojans are the weapon of choice, according to a report by Trustwave's SpiderLabs.
(Trojan horse image by Darcy McCarty, CC2.0)
The Web Hacking Incident Database report by Trustwave's SpiderLabs examined 158 publicly reported incidents in the first half of this year. The analysis excluded many small web defacement attacks listed on Zone-H.org since they would skew the data.
It noted a "steep rise" in online attacks against financial institutions this year, particularly against accounts held by SMBs.
The report also found an adjacent rise in the use of client-side banking trojans, the most popular being the infamous Zeus malware. The trojans monitor and steal customer account information and can alter transfer request data.
Stealing information is the chief motivation for hackers, according to the report, followed by website defacements and the injection of malware.
The report said that often hackers would make their way into a website to collect information or deface it, and, while they were there, plant malware. That malware will then compromise other computers, helping them achieve their goal in other locations.
The Web Hacking Incident Database report claims ideological warfare is the primary motivation for web defacements and denial-of-service (DoS) attacks. The report cited the recent attacks against the UK's Daily Telegraph by an alleged Romanian hacking group after the newspaper published articles identifying "gypsies" and "Romanians".
In July, the prominent London carbon credit trading platform of the European Climate Exchange was also defaced by a "hacktivist" group, which posted material attacking cap and trade agreements. The websites of several South Korean government agencies and private firms were defaced and crippled by DoS attacks in the same month.
"We found that the majority of [incidents] were of a political nature, targeting political parties, candidates and government departments, often with a very specific message related to a campaign," the report stated. "Others seem to have a cultural aspect."
The report comes as 71 Australian websites were defaced in a spate of attacks lodged on website Zone-H.org last week.
While many of the affected websites have been repaired, some remain crippled by the full page defacement.
Trustwave's SpiderLabs blamed the prevalence of defacements on lax web application monitoring and logging.
SpiderLabs said a resistance to public disclosure hinders the fight against cyber attacks and notes that organisations should focus on repairing vulnerabilities rather than only removing implanted malware.