Online Banking Trojans Stealing $152K per Incident on Average from Organizations
Blue Ridge / Secure AppGuard Enterprise Would Have Prevented All of These Attacks
The anti-virus/spyware software from Symantec, McAfee, Trend Micro, and others, on the victims’ computers, failed to detect these silent attacks.
“…commercial banking customers have roughly two business days to spot and dispute unauthorized activity if they want to hold out any hope of recovering unauthorized transfers from their accounts…”
- Washington Post
1 out of 5 Enterprise Victims Recovered Nothing
On average, Enterprise Victims Recovered Half Initial Losses
This List Consists of Victims that Notified The Washington Post
Victims that did not authorize the Washington Post to list their organization’s name were listed by industry instead.
|
Online Banking Trojan Victims
|
Date
of Theft
|
Amount
Stolen
|
| PATCO CONSTRUCTION
|
7-May-09
|
$588,000
|
| HOLDIMAN MOTORS
|
15-Jun-09
|
$60,000
|
| BULLITT COUNTY, KY
|
22-Jun-09
|
$415,000
|
| RESTORATION CHURCH
|
2-Jul-09
|
$37,000
|
| SLACK AUTO PARTS
|
3-Jul-09
|
$74,000
|
| SYCAMORE COUNTY SCHOOLS
|
9-Jul-09
|
$300,000
|
| FERMA CORP
|
17-Jul-09
|
$447,000
|
| SIGN DESIGNS
|
23-Jul-09
|
$99,000
|
| MCCONNELL EXCAVATING LTD | 23-Jul-09 | $30,000 |
| MARKETING
|
24-Jul-09
|
$267,900
|
| LEISURE
|
24-Jul-09
|
$49,000
|
| BANKING
|
30-Jul-09
|
$89,300
|
| REAL ESTATE
|
30-Jul-09
|
$53,650
|
| MARIAN COLLEGE
|
5-Aug-09
|
$189,000
|
| WEDDING SERVICES
|
6-Aug-09
|
$102,321
|
| LUMBER
|
7-Aug-09
|
$53,571
|
| FOOD SERVICES
|
11-Aug-09
|
$75,000
|
| SAND SPRINGS SCHOOLS
|
12-Aug-09
|
$150,000
|
| RELIGIOUS SERVICE
|
14-Aug-09
|
$44,642
|
| SANFORD SCHOOL DISTRICT
|
19-Aug-09
|
$117,000
|
| EDUCATION
|
21-Aug-09
|
$200,000
|
| KRUEGER BEARINGS
|
21-Aug-09
|
$36,270
|
| HI-LINE SUPPLY
|
24-Aug-09
|
$55,000
|
| REAL ESTATE
|
25-Aug-09
|
$25,000
|
| PHYSICIAN
|
26-Aug-09
|
$40,000
|
| DAIRY PRODUCTION
|
27-Aug-09
|
$251,000
|
| FOOD SERVICES
|
28-Aug-09
|
$16,655
|
| DAIRY PRODUCTION
|
31-Aug-09
|
$135,600
|
| DOWNEAST ENERGY
|
2-Sep-09
|
$200,000
|
| PUBLISHING
|
4-Sep-09
|
$360,000
|
| EVERGREEN CHILDREN'S ASSN
|
9-Sep-09
|
$30,000
|
| TELECOMMUNICATIONS
|
10-Sep-09
|
$113,625
|
| CONSERVATORSHIP
|
10-Sep-09
|
$86,000
|
| SYSTEMS ENGINEERING
|
11-Sep-09
|
$294,000
|
| AUTOMOBILE SALES
|
14-Sep-09
|
$85,000
|
| GENLABS INC.
|
16-Sep-09
|
$436,000
|
| DESIGNER GOODS
|
18-Sep-09
|
$84,000
|
| MEDLINK GA
|
18-Sep-09
|
$44,000
|
| STEUBEN ARC
|
22-Sep-09
|
$200,000
|
| LANDFILL SERVICES CORP.
|
22-Sep-09
|
$150,000
|
| HEATING AND PLUMBING
|
22-Sep-09
|
$80,970
|
| STAFFING
|
25-Sep-09
|
$319,000
|
| REAL ESTATE
|
30-Sep-09
|
$342,000
|
| RELIGIOUS SERVICE
|
30-Sep-09
|
$146,000
|
| SHIPPING
|
30-Sep-09
|
$117,260
|
| PEASE DEVELOPMENT AUTHORITY
|
30-Sep-09
|
$100,000
|
| ST. ISIDORE'S CATHOLIC CHURCH
|
30-Sep-09
|
$87,000
|
| UNITED METHODIST CHURCH
|
30-Sep-09
|
$33,300
|
How Banking Trojans Infect Enterprise Computers and Conduct Fraudulent Bank Transfers
A banking Trojan infests the computer of an employee that conducts online banking for her employee in numerous ways:
- Open a tainted document (e.g., PDF, Word, Excel, etc.) from someone she knows, or presumably so.
- Browse a legitimate website that has been secretly hacked to infect visiting computers.
- Play a spiked music or video file
- Be tricked into installing fake security software
- Open an email attachment with an embedded malicious executable
- Insert an infected USB thumbdrive
Most of these actions precipitate a drive-by download attack, whereby a vulnerability or programming mistake in the application used to perform the above action is exploited to coerce that application into downloading a temporary malicious executable into user-space (e.g., My Documents, Desktop, etc.) and launching it. This assesses the computer and then downloads and installs the appropriate permanent malware. Some attacks do not use a temporary malicious executable but coerce the attacked application into directly performing these actions. Other attacks originate from an infected USB thumbdrive.
The Banking Trojan either steals login credentials or it hijacks online banking web browsing sessions. At opportune times, without the employee noticing anything, the Banking Trojan (e.g., Sinowal, URLzone, Zeus, etc.) makes numerous money transfers smaller than $10K each to “money mules”, many of whom are unwitting participants of work-from-home job scams. The “money mules” transfer the money to overseas accounts, keeping a commission for themselves.
Sophisticated Banking Trojans Circumvent Two Factor Authentication
“The fraudsters were able to slip past two-factor authentication used by Ferma's bank, which requires that -- in addition to their user names and passwords -- customers enter a unique code from a supplied USB key fob that generates a new six-digit code every 60 seconds.” (source) [link: http://voices.washingtonpost.com/securityfix/2009/09/cyber_theives_steal_447000_fro.html]
How AppGuard Enterprise Protects an Enterprise from Banking Trojans
AppGuard Enterprise is centrally managed computer protection software. It protects computers from completely unknown or NEW (i.e., zero-day) malware. Anti-virus/spyware software from Symantec, McAfee, Trend Micro, and other vendors that rely on virus signatures and other patterns, are limited to detecting only known or OLD malware. Lab tests by Cyveillance showed them missing 71% of malware samples discovered within a month of the evaluation. AppGuard Enterprise protects computers without virus signatures, heuristics, complex rule-sets, or useless, confusing user-prompts.
 |
Stops drive-by download attacks intent on installing Banking Trojans by suppressing unknown executable launches from user-space (i.e., user-space whitelisting) |
 |
Places at-risk applications under guard, preventing attackers from morphing them into rogue software or doing so to other applications or critical resources within the PC. |
 |
‘Privacy mode’ prevents cyber criminals from using attacked applications to steal or ransom important content in designated folders. |
More information on how AppGuard Technology stops zero-day malware attacks, including Banking Trojans, can be found in this white paper (no registration required).
Take a closer look at AppGuard Enterprise to see why it provides more effective protection, for far less effort than alternatives that aspire to stop Banking Trojans and other zero day malware attacks.
Blue Ridge Endpoint Security Offerings
| AppGuard | AppGuard Enterprise | Managed Endpoint Security | EdgeGuard | |
|---|---|---|---|---|
| Protection Against | ||||
| Vulnerable Software Applications |  |
 |
|
|
| Infected USB Devices | |
|
|
|
| Drive-by Download Attacks | |
|
|
|
| Set-Up Protection in Minutes | |
|
|
|
| NEW Master Boot Record (MBR) Attacks (separate install) | |
|
|
|
| Control | ||||
| User-Space White List Application Control | |
|
|
|
| All Policies Supersede User Admin Rights | |
|
|
|
| Application Control (system-wide) | |
|
||
| USB Drive Read/Write Control | |
|
|
|
Assess/Remediate 3rd Party Security Software
|
|
|
||
| Assess/Remediate Microsoft Patches | |
|
||
| Assess/Remediate PC Configuration Settings | |
|
||
| Lock / Update 3rd Party Software Preference Files | |
|
||
| Self-Quarantine of Non-Compliant PC | |
|
||
| Network Access Protection (NAP): Policy Driven Trigger of Network-based Quarantine | |
|
||
| Location Aware Policies | |
|
||
| Custom Script (Assess or Modify PC) | |
|
||
| Audit | ||||
| Protection Event Logs | |
|
|
|
| Policy Event Logs | |
|
|
|
| Audit, Compliance, and Remediation Event Logs | |
|
||
| Central Management | ||||
| Centralized Policy Management | |
|
|
|
| Secure, Automated, Remote Agent Policy Updates | |
|
|
|
| Secure, Automated, Remote Agent Software Updates | |
|
|
|
| Centralized Event Database | |
|
|
|
| Managed Security Service | |