Banking Trojans are a form of banking malware originally designed to steal banking credentials.1 This malware has evolved over time to perform other functions like accessing emails from Outlook or serve as a precursor to a ransomware attack. The distribution of banking malware is usually carried out through spam emails, misleading the user into believing they have received an important document. This is where the name “Banking Trojans” comes from - a reference to the ‘Trojan Horse’ used by the Achaeans to enter the city of Troy during the Trojan war. This type of malware tries to hide from the user, making you believe that it’s some other type of legitimate software, but it actually hides malicious code.
Banking Trojans impersonate known entities using spam emails, and encourages the victim to download the attached file. In these campaigns, the attackers will generally use a visual basic scripting (VBS) file, a Microsoft Word file or an Excel file that when clicked – downloads the malicious code and installs the malware.
Another way your system could receive banking malware is through hacking. A recommendation or pop-up will appear normal to the user, telling them to disable their antivirus in order to install an update to their software. The user often doesn’t realise they are installing malware.2
What these strategies have in common is that they both rely on the user believing they are working with a legitimate file. Once infected, organisations have a hard time eradicating them from their network.
The challenge of responding to banking Trojans
Banking Trojans can be particularly challenging because the longer they are in a system, the more they will hide themselves. There have been some instances, reported by Beazley’s Breach Response Services, where an initial response appears to have contained the infection, but the malware reappears soon after. If your organisation is ever faced with a banking Trojan, you may need to work with forensics experts to contain the malware. This could involve deploying endpoint monitoring and a clean installation of the system. Depending on the properties and capabilities of the banking Trojan, you will need to consider whether a data breach has occurred.3
How to prevent an attack by banking Trojans
Antivirus is an important way to avoid all kinds of cyber-attacks. However, more sophisticated banking Trojans will often elude antivirus. So, here are Beazley’s top five ways to prevent banking Trojans:
Employees are the first line of defence. Run phishing campaigns to help employees recognise phishing attacks. Track the response rate and follow up with repeat offenders. Our healthcare cyber-security series is designed to keep cyber-security front-of-mind for healthcare workers.
2. Lock down Remote Desktop Ports
Close down RDP ports, or if that cannot be done, enable multi-factor authentication on the port. Change the RDP port from the default port and use a stronger password.
3. Multi-factor authentication
For any remote connection to the network or business applications, require a password and a second factor, typically a security code, making it more difficult for attackers to gain unauthorised access.
4. Least privilege doctrine
Banking Trojans thrive off administration level credentials. By only providing users with the least amount of privileges they need, organisations can help prevent further compromise of machines across the network.
5. Keep personal information off work computers
Warn employees not to store any personal login information on their computers, even through their browsers.
Cyber liability insurance
Make sure help is there when you need it – take out a cyber liability insurance policy. Nearly half of small businesses reported having cyber-security breaches or attacks in the last 12 months.3 Should your business experience an attack by banking Trojans or any other malware - you’re going to need experts to help you respond and contain the threat. Cyber liability insurance provides you with access to a team of breach specialists that can help you address risks and issues at pace. It can cover costs you might incur, far beyond your initial liabilities:
- Regulatory defence and penalties
- Cyber extortion
- Data breach notification
- Business interruption
- Fraudulent representation
- Forensic investigation
- PR consultants
To speak to one of our health and care insurance advisers about cyber liability insurance, call us on 0113 350 8712 or read more about cyber liability insurance here.
For more insights about cyber-security in the healthcare sector read the other articles in our series:
- Healthcare spotlight on cyber-security
- The evolution of business email compromise
- The threat of ransomware in healthcare