Warning on cyber threat from financial ‘trojans’

The annual assessment of the biggest cyber threats to UK businesses has been released, the first to be produced jointly by the National Crime Agency (NCA) and the newly formed National Cyber Security Centre (NCSC), which has dealt with 188 high-level attacks in the UK in its first three months

Along with industry partners from multiple sectors, the two agencies are calling for increased collaboration between industry, government and law enforcement in the face of a growing and fast-changing threat.

The report says the past year has been punctuated by global cyber attacks on a scale and boldness not seen before. This included the largest recorded cyber heist, when $81m (£66m) was stolen from Bangladesh Bank by targeting the bank's SWIFT system, the largest distributed denial of service (DDoS) attack and the biggest data breach ever revealed.

The report discusses the trend of criminals imitating the way suspected nation state actors attack organisations such as financial institutions, and the risk posed by the ever-increasing number of connected devices, many of which are not always made secure by manufacturers or users.

It also highlights increased levels of aggressive and confrontational cyber crime, particularly through DDoS attacks combined with extortion, and ransomware, which encrypts victim computers and demands a ransom in return for restoring control to the user.

In the wake of the attack on Bangladesh Bank, the report says financial trojans (malware used to take over systems) have become more targeted and less visible. It cites the group behind the banking trojan Dridex, which has appeared in a new version which seems to target the back-office infrastructure of financial companies, with potential targets including a range of payment systems. The volumes of spam in this campaign were much lower than previous Dridex campaigns, suggesting a move towards a more targeted approach, possibly inspired by the high financial returns of the Bangladesh Bank heist.

Additionally, other financial trojans have started to come back into prominence. Ramnit returned in summer 2016, specifically targeting six major UK banks and Trickbot targeted banks in the UK, Australia and Germany, which may share links to the previously disrupted Dyreza trojan. In both cases, the trojans had previously been subject to substantial law enforcement disruption in 2015, further illustrating the resilient nature of top banking trojans.

The report states: ‘The back-end systems and associated services of larger institutions will continue to be a target. If successful, an attack could have a major and substantive impact upon a UK bank. The specialist skills required to accomplish such a targeted attack may eventually be offered as-a-service and consequently become available for sale in the wider cyber criminal community, as the traditional banking trojan methodology remains resilient and extant.’

Donald Toon, director for economic and cyber crime at the NCA, said: ‘We have worked with the NCSC and valued private sector partners to produce this assessment, setting out an up to date picture of threats to business including ransomware, DDoS and evolving financial trojans.

‘These threats demonstrate the need for a collaborative response across industry, law enforcement and government, with the ultimate aim of protecting customers and the UK economy.’

The report says current cyber threat trends are underpinned by three key features: technical expertise is not necessary to carry out attacks; a broadening attack surface and the increasing number of internet-connected devices leads to more opportunities for attackers; and threat actors are learning from, and using one another’s skills and capabilities.

Sheila Pancholi, technology risk assurance partner at RSM, said: ‘Within the last year, 65% of large UK firms have detected a cyber security breach or attack and this is likely to be the tip of the iceberg.

‘Too many businesses are either ignorant of the scale of the cyber threat, or unwilling to make cyber security an organisational priority. However, today’s report should help to raise awareness of the risks and encourage businesses to work collaboratively to protect themselves from harm.’

The National Crime Agency and the National Cyber Security Centre report, The cyber threat to UK business 2016/17, is here.

Pat Sweet |Reporter, Accountancy Daily [2010-2021]

Pat Sweet was the former online reporter at Accountancy Daily and contributor to the monthly Accountancy magazine, pub...

View profile and articles

Be the first to vote

Rate this article

Related Articles