Don’t Blink! TrickBot Now Targets 10 German Savings Banks
IBM X-Force researchers following the development
of the TrickBot
Trojan noted that the malware is rapidly adding new targets and attack
capabilities and has now officially advanced into Germany. The most recent
additions to TrickBot’s configurations target 10 savings banks in the European
country.
At this time, TrickBot is configured to use serverside
webinjections on the targeted banks. Although TrickBot’s initial
configurations featured only one bank in Germany, that has since changed. Now,
with a total of 10 banks on its attack roster, it is clear that the malware’s
operators invested in adapting spam and infection tools, as well as the
webinjection attacks, to German-speaking customers.
The fact that TrickBot is only targeting savings
banks raises the possibility that the criminals operating it have found a
vulnerability common to those banks’ digital platforms or transaction
authorization processes. The German bank targets are reminiscent of GozNym’s
launch in Poland, during which the Trojan targeted numerous banks in the
country, many of which were co-operative banks. GozNym itself has been targeting
banks in Germany since August 2016.
Cybercrime in Germany
Germany, a founding member of the European Union
(EU), is the largest national economy in Europe and the fourth
largest economy by nominal gross domestic product (GDP) in the world.
According to a Center for Strategic and International Studies (CSIS)
report, cybercrime taxes the global economy with about 0.8 percent in
relation to GDP. Germany suffers twice that rate — 1.6 percent. Since the
country’s GDP was $3.84 trillion in 2015, cybercrime in the country may outpace
its annual growth, which was 1.5 percent in 2015. This could potentially amount
to $61.4 billion in losses.
In 2014, KPMG estimated that cybercrime losses in
the country exceeded
$58 billion in two years. Additionally, a Ponemon Institute study conducted
in 2015 ranked
Germany second on the list of countries where businesses see the highest
losses from cybercriminal attacks. German companies lost an average of $7.5
million in each attack.
X-Force researchers indicated that members of
German underground and Dark Web forums prolifically discuss banking and payment
card fraud. The German underground is also replete with traders and peddlers of
crimeware, accomplice searches, cybercrime services and fraud commodities sold
by local criminals or Russian-speaking actors.
This post was part of my work with IBM X-Force.
Read the complete post here.
Comments
Post a Comment