14 DAY TRIAL // During 2015, security vendor Symantec saw a decline of banking trojans, recording a 73% decrease from the numbers it detected in the previous year.
Although the steep decline, security researchers don't see a reason to celebrate, since while the figures have gone down, the sophistication level of the malware employed in the attacks and their social engineering campaigns has gone up.
Symantec notes that malware operators continued to rely on spam campaigns to distribute their malware, primarily using malicious file attachments to spread their payloads.
At the top of the list were Microsoft Office documents packed with automated macro scripts that executed after the user was tricked into activating macro support via clever social engineering messages embedded in the file itself. These messages are needed since macros come disabled by default for all Office files.
The good news is that Microsoft introduced a new feature for Office 2016 users, which allows enterprise network admins to block macros from connecting to the Internet and retrieving any sort of content.
Dridex was 2015's most dangerous banking trojan
In its Financial Threats 2015 report, Symantec also analyzed 656 banking trojans and discovered that they targeted 547 different banks in 49 countries.
Analysis results showed that the most dangerous banking trojan was Dridex, which included malicious code allowing it to target 315 different institutions. Second was Citadel, follewed by Zeus, Snifula, Dyre, Bebloh, Shifu, and Carberp.
The most targeted bank was located in the US and was targeted by 513 trojans. Broken down by country, the US saw the most attacks from banking trojans, followed by Germany, India, Japan, the UK, Canada, Italy, France, Australia, and Russia.
Of course, this data is somewhat irrelevant, since some banking trojans are specifically built to target banks only in one country. One such example is Shifu, which was active for most of the time in Japan, and only recently was updated to target UK users.
