U.S. banks and their customers remained the top targets for financial malware in 2014, even as the infection rate for trojan-style attack software was cut in half, according to a new report from Symantec.
Infections caused by financial trojans finished 2014 down 53 percent from the end of 2013. But the actual drop is even more dramatic. The number of financial-trojan infections almost doubled from January to March, then skidded down over the course of the year to roughly a quarter of its peak.
Phishing emails, which remain a highly effective tool for cyberthieves to steal passwords and other financial credentials, also dropped 74 percent over the course of 2014.
The report, titled “The State of Financial Trojans 2014,” was released on Tuesday (March 3) and examined the nine most common financial trojans, which targeted 1,467 financial institutions in 86 countries.
But the U.S. remained the top target, both in terms of the level of trojan detection rates and the attack focus of cyberthieves. Symantec detected nearly a million U.S. computers compromised by trojans in 2014, while U.K. computers came in second with fewer than 400,000 infections, followed by Germany, Japan, India, Italy, Canada, Australia, France and Russia.
The most-targeted financial institution, which the Symantec report didn’t name, is located in the U.S. and was attacked with 95 percent of all trojans that the report analyzed. Each of the top nine targets worldwide was attacked with at least 40 percent of the trojans. Along with banks, those also included an unnamed U.S. “online payment service” (targeted by 45.8 percent of trojans) and an unidentified U.S. “auction platform” (which 43.6 percent targeted).
Attacks focused on stealing Bitcoin dropped over the course of 2014 as the value of the cryptocurrency fell, while fraudulent wire-transfer instructions jumped dramatically — enough that the FBI issued a warning about them. The dramatic drop in financial trojan prevalence was at least in part a result of a stepped up campaign of botnet takedowns by U.S. and European authorities.
“Malware author arrests often lead to an end of support situation for threat families, causing the malware’s usage to drop and shift,” the report’s author, Symantec researcher Candid Wueest, wrote in an accompanying blog post. “Cybercrime won’t disappear overnight, but the continued collaboration efforts between law enforcement and private industry will make it harder for cybercriminals to operate.”