IBM X-Force Threat Intelligence Report for 2017.pdf

Ursnif targets japanese banks and credit providers as

This preview shows page 18 - 20 out of 43 pages.

previously sporadic, more consistent. Ursnif targets Japanese banks and credit providers as well as e-commerce and popular cryptocurrency exchanges. TrickBot In terms of code updates and campaigns, TrickBot was one of the most consistent groups in 2017. During the third quarter of the year, when many people around the globe take summer vacation, other malware groups avoid wasting their efforts on emails that would not be opened before the malicious files were detectable and blocked. TrickBot, however, stood out as the one cyber gang that did not reduce volumes. It continued to distribute the malware through the Necurs botnet and via fake domains that were registered in order to target UK banks. TrickBot was second only to Gozi in terms of code updates and campaigns. TABLE OF CONTENTS A threat intelligence powerhouse Executive overview Network attack trends Malware shifts of 2017 and beyond Most-active financial malware 2017’s newcomers Notable or rising activity 2017’s goners What to expect in 2018? Ransomworm disruption Inadvertent insider incidents Insider-inflicted breaches Cybercrime and cryptocurrency The changing threat landscape Contributors About X-Force Footnotes I I ••
Image of page 18
-19- IBM X-Force Threat Intelligence Index 2018 Overall in 2017, TrickBot continued developing a global reach and building additional redirection attacks for many of its targeted entities. It regularly tests online banking procedures and continues to add to target lists. Specifically, it has added business banking, payment cards and cryptocurrency exchange platforms to those lists, which have grown to more than 1,000 URLs each. QakBot (aka QBot) QakBot 45 is an old financial Trojan that resurfaced in 2017. This gang-owned code has been around since 2009, at which point it was one of the only cybercrime operations that focused solely on US business banking accounts. QakBot activity has been active on and off through the years, but it came back in 2017 with the same focus on North American business banking. Its modular, multithread code is designed to enable network propagation, security evasion, online banking fraud and data exfiltration. QakBot works in limited scope. It is delivered in a targeted way by Emotet into already-infected endpoints. In 2017, X-Force observed QakBot in what might have been an operational glitch, causing mass Microsoft Active Directory lockouts 46 on compromised networks in an attempt to spread to other endpoints in the organization. Sporadic QakBot campaigns continue to target US financial entities. Necurs botnet still hitting hard The Necurs botnet, one of the biggest distributors of malware in 2016, 47 continued its reign in 2017 by distributing millions of emails containing malicious attachments in each of its aggressive campaigns. Despite a relatively inactive first quarter, 43 with the first rise in activity observed in late March 2017, Necurs campaigns sent millions of spam emails during the rest of the year. Over a two-day period in August, for example, X-Force research observed four separate Necurs campaigns spamming 22 million emails.
Image of page 19

Want to read all 43 pages?

Image of page 20

Want to read all 43 pages?

You've reached the end of your free preview.

Want to read all 43 pages?

  • Fall '18
  • Financial services, ........., Attack!, attack

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern