Go Back

Why Vawtrak v2 could be the next major banking Trojan

December 15, 2016

Neira Jones, Non-Executive Director Cognosec, Partner Global Cyber Alliance and industry influencer shares her thoughts on the evolution of banking Trojans and digital transformation in the finance sector in our new white paper.

Think more like a criminal…

This came to my attention through the excellent report published by cyber threat intelligence provider Blueliv, and made me think that whilst we all have seen the statistics related to the various types malware and the innovative methods criminals use to get to their targets, basic security principles are rarely followed, in favour of quick time to market or other economic imperatives.

Indeed, all the recent spectacular cyber attacks on banks and other infrastructure providers shouldn’t have come as a surprise: all were caused by lax security and governance practices at some point in the value chain. And we should worry: with the world population now reaching 7.4 billion and Gartner predicting that there will be 6.4 Billion Connected “Things” in use by the end of 2016 (24 Billion by 2020), it is undeniable that human behaviours are changing at a staggering pace.

Consumer adoption of different modes of interaction (mobile devices, wearables, IoT, etc.) and different channels (websites, social networks, TV and other media, etc.) suggests the need for speed and modern infrastructures. And yet the cybercriminals are years ahead of the mass market, having adopted robust supply and demand operating models and realized the value of industry-wide information sharing while the rest of us were trying to figure out what we should tweet.

As the world becomes increasingly mobile and digital, the challenges faced by businesses and their security and fraud professionals must not be underestimated. Indeed, the more and the faster we connect, digitise, innovate and share information, the more risks and threats are introduced as criminals also connect, digitise, innovate and share information. More than a third of global online transactions are now mobile; it is frightening to see that most companies do nothing to protect their mobile apps (or indeed their APIs). We have also recently seen how the IoT can be harvested to launch massive DDoS attacks.

It is undeniable that the hyper-connected world has brought with it the demise of the traditional network perimeter, which we all knew very well how to defend. It is no longer sufficient to batten down the hatches: looking outside the traditional perimeter for behaviours and anomalies as well as learning from and collaborating with others are now essential elements of modern threat intelligence.

The evolution of cybercrime and the increased sophistication of attackers, who are constantly developing efficient methods of distributing, sharing and monetising their efforts show us that organisations still need to fix the basics and organise themselves more effectively to combat threats. In other words, whilst trying to keep pace with technology advancements, businesses haven’t kept up pace with criminals and are still, in the main, reluctant to share information across industries and sectors to strengthen our defenses as a whole.

I wanted to work with the Blueliv Threat Intel Labs team to dig deeper into the notion of collaboration within the industry. Experts on Vawtrak v2, this is their view of the biggest challenge currently facing organisations across all sectors:

“We’ve seen this happen again and again. Traditional firewalls, IDS, and antivirus mechanisms cannot keep up with the techniques developed by the threat actors. DGAs (Domain Generation Algorithms) defeat the purpose of blacklisting in firewalls, different techniques (such as packers, a type of software used to obfuscate the entire malware binary), are being developed faster than AV firms can develop counter-mechanisms to detect them. The only solution left to try and combat this menace is to do as they do; share information.”

What we can learn from drunken Russians: it’s all about trust and cooperation…

I know very well that attribution is a very difficult (and sometimes dangerous) thing, so I’m not pointing fingers… I simply couldn’t resist the translation for Moskalvzapoe (defined by Blueliv as two different words; ‘Moskal’ which is an ethnic slur for Russian, and Zapoe, which means drunk.), the organized cybercrime gang allegedly behind the crimeware-as-a-service distribution of the Vawtrak v2 malware…DOWNLOAD THE FULL WHITE PAPER