Maxim_Kazmin - Fotolia

How did the Emotet banking Trojan lead to a rise in attacks?

A report on cybercrime shows a rise in banking Trojans, such as Emotet, targeting businesses over consumers. Malwarebytes' Adam Kujawa shares his thoughts on what's behind this shift.

In the recent "Cybercrime tactics and techniques: Q3 2018" report by Malwarebytes, banking Trojans were found to be the number one most detected malware for both businesses and consumers. Why have banking Trojans surged this year and how have they evolved over the past quarter?

We asked Adam Kujawa, director of malware intelligence at Malwarebytes, for his thoughts on what is driving this trend.

"While we're seeing a drop in cryptominers and a lack of interest in that area, we're starting to see a resurgence in things like spyware and banking Trojans -- basically malware that's used to steal information like passwords, usernames, credentials, financial information, Social Security numbers and really anything they can steal," he said.

"Banking Trojans have improved [recently]," Kujawa added. "We have seen additional evolution in their techniques by employing some of these NSA exploits from WannaCry and NotPetya; they're able to spread laterally through a network. The campaigns that we've seen pushing them have been pretty intense and heavy."

Kujawa continued, "In March, we saw a really massive push of [the] Emotet banking Trojan. Overall, the malware has been very versatile, but lately, we've seen it installing additional malware, like TrickBot and other banking Trojans and information stealers. In March and August, we saw big spikes of this particular malware. The bad guys are pushing it hard, and they have put their time and resources into developing it."

The Malwarebytes report states that the Emotet banking Trojan "is leading the charge in a resurgence of malware designed to steal financial information."

Appearing first in 2014, Emotet acted as an information stealer targeting European banking customers. It has since become one of the most prevalent banking Trojans for enterprise users, as it can self-propagate and spread across a network without any action from the user.

The rise in the Emotet banking Trojan targeting businesses is largely due to it containing a spam module that enables attackers to send malicious payloads en masse to email addresses found on the targeted system. Due to the success of the wide-scale distribution of Emotet and the addition of new banking Trojan families, Malwarebytes predicts that banking Trojan attacks will continue to increase and add new robust functions in the future.

The report also states that the detection of banking Trojans that targeted businesses increased by 84% from the previous quarter, and those found targeting consumers increased by just 27%.

The rise in banking Trojans targeting businesses over consumers is financially motivated, according to Kujawa.

"I assume that the payoff for stealing this type of information, for getting this kind of data and likely selling it on the black market -- as they have always done in the past -- is now more lucrative than trying to vet people with miners and mine cryptocurrency," he said.

Kujawa also noted how difficult it can be for software to detect Trojans, as this type of attack doesn't make as much noise as cryptomining. With the Emotet banking Trojan leading the resurgence of malware that is specifically designed to steal financial information, Malwarebytes recommends that business at high risk of attack implement extra security measures, such as two-factor authentication for account protection.

Dig Deeper on Threats and vulnerabilities

Enterprise Desktop
Cloud Computing