The banking trojan -- a type of malware used to steal credentials for bank accounts -- has been a staple of cyberthieves for years. However, ransomware, which has proven both easy to use and highly successful, has started eroding its popularity.
In a typical banking trojan attack, a robber mounts a phishing campaign to entice a target to open an attachment containing the malware, or to click on a link that triggers its surreptitious delivery to the victim's computer. Once the trojan is installed, the thief can leverage it to obtain banking credentials and make withdrawals from the mark's account.
There recently has been a significant move to ransomware as the malware of choice for online thieves, noted Andy Feit, head of threat prevention product marketing at Check Point.
"What we've seen in the last three of four months is this major move by the hacker community to install ransomware on machines," he told TechNewsWorld. "Ransomware is a big money maker right now. When something catches on, the hackers' social networks get fired up, and everybody starts to move to it."
Banking malware requires massive adaptation from bank to bank, according to Check Point security researcher Gad Naveh. There is no generic attack weapon. That contrasts with ransomware, which cybercriminals can adapt easily without any special developer input. All that needs modification is the ransom note, which can be done -- albeit crudely -- with Google translate.
More importantly, with ransomware it's easier for thieves to get their hands on a mark's money than with a banking trojan.
Typically, cybercrooks transfer money siphoned from a bank account to a mule account for conversion into a cash equivalent, such as a Western Union transfer.
"Banking fraud systems can silently raise a red alert to catch the attacker trying to get the cash or just block the transfer," Naveh explained. "The ability to trace movements of funds, or physical pick up, creates a real risk for the attacker."
By comparison, victims make ransomware payoffs in bitcoin. External third parties can not interrupt transfers of the digital money.
"Bitcoin wallet shuffling allows the transaction to remain untraceable by the authorities, and changing bitcoin into money is as easy as going to an ATM," noted Naveh.
"With all these advantages, it is easy to understand why ransomware is generating such a significant profit for its perpetrators," he observed. "This trend is rising rapidly and we can expect it to grow even further."
Security software is supposed to protect devices from malicious actors but sometimes, in its exuberance to protect a machine, a security application actually can make it more vulnerable to attack.
That situation occurs when a browser encounters an encrypted data path. With an unencrypted connection, security products can scan the data stream, and if they determine there's nothing malicious in it, pass along the data. The security software can't do that when the stream is encrypted, because it can't make heads or tails of what's in the stream.
To address that problem, security software typically breaks the connection and impersonates the website the browser is trying to contact.
"The way it does that often ends up making it so the browser no longer knows if the remote site is safe and trustworthy," explained Lance Cottrell, chief scientist at Ntrepid.
That ordinarily would trigger a browser alert. To circumvent that, however, the security software installs a certificate the software can sign. The problem with that approach is that it leads the browser to accept all connections as valid, even when they may not be so.
Security software makers can avoid the problem, Cottrell noted.
"There are ways to design these systems so you don't have to break SSL. You're much better off building your scanning into the browser itself," he told TechNewsWorld.
"Inside the browser, you can inspect the data and look at the data before it's encrypted in the first place," Cottrell explained, "so you don't have to break the SSL security model."
Online advertising is cooking. Ad revenue jumped to US$27.5 billion during the first six months of 2015, a 19 percent increase compared with the first half of 2014, according to the Interactive Advertising Bureau.
Unfortunately, as ad revenues increase, so does ad fraud. This year, fraud is expected to cost Internet pitch people $7.2 billion, according to the Association of National Advertisers. That's almost a billion dollars more than in 2015, when ad fraud was pegged at $6.3 billion.
In an attempt to make a dent in those losses, the Trustworthy Accountability Group last week launched an initiative to fight criminal activity in the digital advertising supply chain. Through the program, companies can be certified against fraud after they complete some rigorous antifraud requirements.
"There's a lot of technologies that have come out to battle ad fraud, but there really hasn't been a centralized standard of best practices," said Sydney Goldman, marketing manager for Engage:BDR, one of the first companies in the industry to commit to the new certification program.
"With this program, people can say, 'We're following these rules that everyone else is following, and so what we're doing is legitimate,'" she told TechNewsWorld. "This isn't an immediate fix, but we're hoping that in the next year or two it will drastically cut down fraud."