Trojan malware attacks against business targets have rocketed in the last year, as cyber criminals alter their tactics away from short-term gain and in-your-face ransomware attacks towards more subtle, long-term campaigns with the aim of stealing information including banking information, personal data and even intellectual property.
Figures from security company Malwarebytes Labs in a new report suggest that trojan and backdoor attacks have risen to become the most detected against businesses – and the number of trojan attacks has more than doubled in the last year, increasing by 132 percent between 2017 and 2018, with backdoors up by 173 percent.
Malwarebytes classifies trojans and backdoors separately, describing a trojan as a program "that claim to perform one function but actually do another", Meanwhile, a backdoor is defined as "a type of trojan that allows a threat actor access to a system by bypassing its security" and gaining access to systems undetected.
Attacks using spyware — malware that gathers information on a device and sends it to a third-party actor — have also jumped hugely, up by 142 percent in the same period.
"When you say spyware, people think of how it's been around for a decade or more and it's old and boring — but it's really effective and it's really come back into fashion with the rise in attacks on businesses and a thirst for data exfiltration," Chris Boyd, lead malware intelligence analyst at Malwarebytes told ZDNet. "Despite its potentially mundane trappings, spyware is quite a big deal again"
In contrast, file-encrypting ransomware attacks have only risen by 9 percent over the course of the same period.
A particularly prolific information-stealing campaign throughout 2018, and into 2019, came in the form of the Emotet trojan, which among other things, steals data, monitors network traffic, can move through networks, and is capable of dropping other trojans onto infected systems.
Emotet is dangerous in of itself but the ability to install other malware onto compromised systems makes it a real menace — and those behind the campaign are intentionally attempting to spread it to business targets, warns the report.
The paper also points to TrickBot as a particularly prolific trojan — in part, being helped along because it's a secondary payload dropped by Emotet.
Like Emotet, TrickBot is constantly being updated with with new capabilities, with the malware recently adding the ability to steal passwords and browser histories from victims in a move that improves TrickBot's ability to gather the information needed for those behind it to secretly traverse across networks and work towards the ultimate goal of stealing sensitive data.
That targeted data is more than just simply personal information and banking details – with Malwarebytes warning that consultancy firms are the primary target for trojan campaigns.
For cyber criminals, breaching one of these could provide a treasure trove of data, not just about the companies and their clients, but it could potentially provide them access to intellectual property or other secrets.
Trojan malware attacks aren't a new phenomenon, but organisations underestimate cyber criminals deploying them at their peril.
"It's almost going a little bit old-school," said Boyd. "The stuff we thought was boring or a bit old hat still works really well"
READ MORE ON CYBER CRIME
- How one hacked laptop led to an entire network being compromised
- Global hacking campaign targets critical infrastructure CNET
- Data breaches, cyberattacks are top global risks alongside natural disasters and climate change
- Cyberattacks are becoming more clever than ever, here's what to look for TechRepublic
- Cyber security: Hackers step out of the shadows with bigger, bolder attacks