Old school but effective, hackers shift from in-your-face ransomware to much more subtle attacks.
Trojan malware attacks on business targets have rocked in the past year, as cyber criminals alter their tactics away from short-term gains and on – the-spot ransomware attacks to more subtle, long-term campaigns aimed at stealing information including banking information, personal data and even intellectual property information.
Figures from the security company Malwarebytes In a new report, the number of trojan and backdoor attacks has increased to the highest among companies–and the number of trojan attacks in the past year has more than doubled, increasing by 132 percent between 2017 and 2018, with backdoors rising by 173 percent.
Malwarebytes separately classifies trojans and backdoors, describing a trojan as a program “that claims to perform one function but actually performs another, “meanwhile, a backdoor is defined as “a type of trojan that allows a threat actor to access a system bypassing its security “and gaining undetected access to systems. Attacks using spyware — malware that collects information on a device and sends it to a third-party actor — also jumped enormously, increasing by 142 percent during the same time. ”
When you say spyware, people think about how it’s been for a decade or more and it’s old and boring— but it’s really effective and comes back to fashion with the rise in business attacks and a thirst for data exfiltration, “said Chris Boyd, lead malware intelligence analyst at Malwarebytes. ” Despite its potentially mundane trappings, spyware is again quite a big deal “In contrast, ransomware file encryption attacks have only increased by 9 percent over the same period.
A particularly prolific information-stealing campaign was launched in 2018 and 2019 in the form of the Trojan Emotet, which, amongst other things, steals data, monitors network traffic, can move through networks and is able to transfer other Trojans to infected systems.
Emotet is dangerous in itself, but the ability to install other malware on compromised systems poses a real threat— and those behind the campaign deliberately try to spread it to business targets, the report warns.
The paper also points to TrickBot as a particularly prolific trojan-partly because Emotet is a secondary payload. Like Emotet, TrickBot is constantly being updated with new features, with the malware recently adding the ability to steal passwords and browser history from victims in a move that enhances TrickBot ‘s ability to collect the information needed to secretly traverse networks and work towards the ultimate goal of stealing sensitive information.
This data is more than just personal information and banking details –Malwarebytes warns that consulting companies are the primary target for Trojan campaigns. Infringement of one of these could provide a treasure trove of data for cyber criminals, not only about companies and their customers, but could also give them access to intellectual property or other secrets.
Trojan malware attacks are not a new phenomenon, but organizations underestimate cyber criminals at their risk of deploying them. ” It’s pretty much going a bit old school, “Boyd said. ” The things we thought were boring or a little old hat still works fine “