Woburn, MA – August 11, 2016 –Kaspersky Lab announced today that the company’s products blocked 1,132,031 financial malware attacks on users, a rise of 15.6 percent compared to the previous quarter, according to the results of the company’s IT threat evolution Report for Q2. One of the reasons for the rise appears to be the collaboration between the authors of two leading banking Trojans: Gozi Trojan and Nymaim Trojan, pushing both into the top 10 ranking of financial malware.
Banking Trojans remain the most dangerous online threats. These malware are often propagated via compromised or fraudulent websites and spam emails, and after infecting users, they mimic an official online banking page in an attempt to steal users’ personal information, such as bank account details, passwords or payment card information.
According to the Q2 report, Turkey was the country most often attacked by this type of malware: 3.45 percent of Kaspersky Lab product users in the country encountered this type of online threat during the quarter. Russia was in second place, the target of 2.9 percent of online threats, followed by Brazil with 2.6 percent; however, the Olympic Games are likely to push Brazil up the attack list in Q3.
The main culprits were the Gozi and Nymaim banking Trojans, with the authors of both joining forces. The Nymaim Trojan was initially designed as ransomware, blocking access to users’ valuable data and then demanding a ransom to unblock it. The latest version includes banking Trojan functionality from Gozi source code that provides attackers with remote access to victims’ PCs. With the apparent joint effort regarding the distribution and cooperation of these malware, both Trojans were elevated into the top 10 list of financial malware. Gozi took second place with 3.8 percent of users whose security software triggered a financial malware detection, while Nymaim took sixth place with 1.9 percent. The list of financial malware continues to be led by Zbot as 15.17 percent of users hit by financial malware were attacked with this Trojan.
“Financial malware are still active and developing rapidly,” said Denis Makrushin, security expert at Kaspersky Lab. “New banking Trojans have significantly extended their functionality by adding new modules, such as ransomware. If criminals do not succeed in stealing users’ personal data, they will encrypt it and demand a ransom. Yet another example is the Neurevt Trojan family. This malware was used not only to steal data in online banking systems, but also to send out spam. We at Kaspersky Lab are responding to this situation by expanding and sharpening the way we detect and classify financial malware – so that we can block it even faster.”
Other online threat statistics from the 2016 Q2 report include:
- In total, during Q2 Kaspersky Lab products blocked 171,895,830 online attacks against users.
- Malware originated in 191 countries, although an overwhelming 81 percent came from only ten countries, led by the USA (35.4 percent), Russia (10.3 percent) and Germany (8.9 percent).
- 54,539,948 unique URLs were recognized as malicious by the company’s security solutions, a 17 percent decrease compared to the same quarter in 2015.
- Kaspersky Lab products detected 16,119,489 unique malicious objects: scripts, exploits, executable files, etc.
- The safest countries for online activity were Canada (15 percent), Romania (14.6 percent) and Belgium (13.7 percent), while the countries at highest risk of Internet infection were Azerbaijan (32.1 percent), Russia (30.8 percent) and China (29.4 percent).
To mitigate the risk of infection, users are advised to:
- Use robust security solutions and keep their software up to date.
- Regularly run a system scan to check for possible infection.
- Stay cyber-savvy while online--do not enter personal information into a website if you are at all unsure or even slightly suspicious of the source.
Read the full version of the Kaspersky Lab’s IT threat evolution 2016 Q2 report at Securelist.com.
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company founded in 1997. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.
Learn more at www.kaspersky.com.
For the latest in-depth information on security threat issues and trends, please visit:
Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter
Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter