The Cridex Banking Trojan is wreaking havoc in Europe, especially in Germany. Hackers are implementing the traditional phishing methodology to trick victims into compromising their banking information. The Cridex malware has now officially overtaken the ZeuS Trojan and its clones thanks to the recent activity spike.
Six different URL schemes are being used to cover-up the spam campaigns. The malicious mails are masked with graphics and text from German commercial giants such as Telekom (almost half of the infected URLs), Volksbank, Vodafone and also NTTCable.
The use of such well-known companies as bait improves the chances of success, as users are less suspicious and usually don’t mind clicking on the malicious links. The Cridex Banking Trojan URLs mentioned above are usually disguised as invoices or banking password renewal requests.
Email Spear Phishing has been a staple cybercrime technique for over a decade.
People receive the malicious email to their inboxes from the fraudsters. The emails, which usually look authentic and relevant, contain malicious links that lead to rogue websites. A variety of techniques are then used to cause the potential victim to click on the contaminating source, which infects the computer’s registry and installs malware.
More complex Spear Phishing attacks can involve sophisticated malware that can exploit vulnerabilities in the browser or even the operating system (OS). A very common issue CISOs and Information Security executives have to deal with is the Cross-Site Scripting (XSS) vulnerability, which is still not being addressed even by many high-profile establishments.
XSS attacks, promoted via Spear Phishing techniques, can be stopped and avoided. Platforms and applications must be produced in a Secure Software Development Life-Cycle (sSDLC). This can be achieved by implementing Static Application Security Testing (SAST) tools, especially Source Code Analysis (SCA) that can be very effective.
SCA is a unique way to secure software. Examining the Source Code helps locate issues and vulnerabilities at a very early stage of the development process, making it easy to fix the problems. Production times are significantly shortened and lesser resources are wasted in the process. Full testing automation is also achievable with this method.
Banks and e-commerce websites should take extra steps to be protected since the Cridex Trojan “specializes” in recording keyloggers (keyboard entries). This can have extremely damaging results – interception of transactions, harvesting of private data for future use and also the installation of spyware for real-time tracking.
The CYREN Global View Lab 2013 Report states that the number of Phishing websites increased by 264% last year. The number of infected URLs also rose by 131% during 2013. It’s also worth mentioning that while spam levels are decreasing, the number of targeted raids is on the rise. Security is more than just elaborate safety policies. Secure your product.
Source – Cridex Banking Trojan