A recent report by Lookingglass Cyber Solutions suggests that approximately 18 of world’s largest banks are operating with systems infected with serious malware. Lookingglass conducted a study on 24 banks and discovered that most of banks were infected with malicious infections, including Conficker, DNSChanger, and Gameover Zeus, BlackHole Exploit Kit, and Fake AV.
Since January, the research team tracked more than 104 malicious IP addresses, out of which the month of March had 42 million infected IP addresses, with 40 percent of them having multiple infections. A prominent thing that came out of the study is that despite cleaning their systems, most banks are struggling with Conficker worm attacks, and the infected machines are not public facing systems.
Researchers also were able to track “tens of thousands” of machines infected by Flashback in March, said Derek Gabbard, CEO of Lookingglass. “Even after three years, there was a very substantial Conficker infection. Nothing surprises me anymore as I was never surprised to see things we thought were old and dead crop back up.”
Besides Conficker, the researchers found several DNSChanger infections, and expect to see more infections than what was observed. Cutwail botnet was also found guilty of infecting some machines. The entire activity was carried out by collecting information from different sources, including blacklist blockers, spam lists, feeds from threat intelligence providers, and open source lists.
Just like other sectors, financial sector is progressively falling victim to the malware attacks. After all, there is so much to gain from this sector. Looking at the current scenario, most organizations do not take cyber threats seriously. But the good news is that financial services companies are substantially faster than others when it comes to remediation.
Malware, Trojans, and viruses are sharpening their fangs and trying to penetrate wherever possible. Earlier this week, we got a Kindsight Security Labs report stating that about 14 percent of home networks got infected with malware in second quarter of this year. 13 percent of home networks showed evidence of infection, with 9% infected by high threat level malware such as a botnet, rootkit or a banking Trojan and 6% of households infected with a moderate threat level malware such as spyware, browser hijackers or adware. Kindsight also discovered the Flashback Trojan infecting thousands of Mac OS X systems.
Prior to that, Maplesoft reported a security breach of its administrative database. The security breach was conducted using a Trojan attack with the Zeus Trojan, where the perpetrators used the customer data to spread malware and asked customers to install a malicious “security patch” on behalf of the company. Talking about the DNSChanger, it took such a long time to get rid of it. Threatening users of internet shutdown since 2011, DNSChanger was much of a trouble for internet users. Not only anonymous threats, but FBI also gave several warnings to flip the kill switch that could disrupt the entire Internet. Luckily, when the D-day arrived on July 09, ISPs decided to keep all users online, including the infected ones.