New research from Symantec reveals that while ransomware continues to earn the lion’s share of attention (particularly as of late with WannaCry), financial threats are in fact 2.5 times more prevalent according to Symantec detection data.
Other key findings from Symantec’s research:
Attackers study their victims’ network: The Dridex downloader checks for financial software packages before attackers manually access the computer to carry out fraudulent transactions; other threats wait until the end of the month, when many businesses make bulk transactions, before adding their own fraudulent transaction or modify existing ones.
Financial institutions targeted directly: 38 percent of the financial threats were detected in business locations, rather than retail customers. Even though such attacks are harder to carry out and take longer to prepare, they yield a much higher profit.
Social engineering takes center stage: Attackers adapt quickly to new markets when current targets become saturated, too well protected or are no longer easily defrauded. The end user remains the weakest link in the chain, which means even the strongest technologies are susceptible to social engineering attacks.
Asian markets most targeted by financial malware infections: Japan saw a spike in infections last year, with 37 percent of global detections, up from 3 percent in 2015 – by comparison, the U.S. made up 6 percent of global detections. Symantec saw a large increase in financial Trojan detections across Asia with Japan, China and India notably gaining places in the top 10 list.
The United Kingdom and Germany were also among the top ten countries targeted globally by financial Trojans. This shows that the attackers are expanding to new markets that are less saturated and less protected. On the other hand, the UAE ranked 33 in the global list.