Emerging Threats

Symantec Financial Threats report gives consumers security tips

Authored by a Symantec employee


It’s tax season, so our finances are top of mind for many of us. Cybercriminals are thinking about our money, too. After all, most cybercrimes are committed for monetary gain. According to the Symantec report titled “Financial Threats 2015,” cyber thieves are developing stronger attacks on banks and other institutions to try to access our hard-earned money. Here’s an inside look at the top threats financial companies faced in 2015, plus tips on keeping your own bank accounts secure.

Targeted Institutions

Financial institutions of all shapes and sizes are vulnerable to cyber attacks—from small local banks to global giants — with the United States, Germany, and India being home to the most targeted financial institutions. Every year they are bombarded by hundreds of financial Trojans, typically designed to steal log-in credentials. Although the report found that the number of detected Trojans has dropped, their scope has increased

Highbrow Spam Attacks

Like the sophisticated companies and institutions that guard our money, the attacks cybercriminals are devising against them are growing more sophisticated, too. The underground community of financial fraudsters is well organized, offering for sale or rent a long list of malware kits and other methods to defraud their targets.

The number one tactic cyber attackers use to gain a foothold in financial institutions is by sending malicious spam email attachments. Currently the Dridex financial Trojan is one of the most serious financial threats, distributed through massive spam email campaigns. The cybercriminals send millions of seemingly authentic emails daily, which are cleverly disguised as financial emails with document attachments such as invoices, receipts, and orders that appear to be from companies with high name recognition. To make these emails more plausible, the attackers even follow a typical workweek schedule, only sending emails Monday through Friday, and taking a break during year-end holidays.

Once opened, the attachments prompt users to enable a malicious macro, which then allows the Dridex Trojan to be installed.

Dridex: Man-in-the Browser (MitB)

Dridex can perform many functions, but the most important ones are to steal a victim’s banking credentials and add their computer to the Dridex botnet.

Dridex steals credentials via MitB attacks, following a webinject. Dridex injects its malicious code into its target’s Web browsers whenever they are opened. The malware then waits for the victim to initiate an online banking session. When the user logs on to a site, Dridex tries to steal the log-in credentials by capturing online forms data, logging keystrokes, or taking screenshots.

10 Ways to Protect Your Own Financial Information

The Dridex Trojan is just one of seven common financial Trojans detected in 2015. But you can apply the following tips to help protect your own financial accounts against malware attacks.

  1. Choose a strong security solution that also protects and scans for malicious emails, such as Norton Security Deluxe. Keep it, other software, and your operating systems updated.
  2. Delete any suspicious-looking emails you receive, especially if they contain links or attachments.
  3. Follow your instincts. If you receive an email notification that appears to come from a legitimate organization but your instinct tells you something isn’t right, verify the issue with the organization in question first by visiting their website or calling the customer service phone number on their website. Do not use hyperlinks or call contact numbers within the questionable email.
  4. Beware any email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that the email is genuine and from a trusted source, do not enable macros and instead immediately delete the email.
  5. Use strong passwords for all your accounts and enable advanced account security features, such as two-factor authentication (2FA), if available.
  6. Sign up for log-in notifications whenever available. And always log out of your session when done.
  7. Monitor your bank statements regularly for suspicious activity.
  8. Exercise caution when conducting online banking sessions, especially if the behavior or appearance of your bank’s website changes.
  9. Notify your financial institution of any strange behavior while using their service.
  10. Immediately change your online banking account passwords using an uninfected system if you suspect a Dridex infection. Then contact your bank to alert them to look for any potentially fraudulent transactions.

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the LockMan Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome and Android are trademarks of Google, LLC. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced and/or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other company names and product names are registered trademarks or trademarks of each company.