About Thawte

News

Elaborate Trojans aimed at financial industry

The worldwide financial sector continues to be a primary target for cyberattacks as findings from a new report have shown that increasingly elaborate malware variations like the "Game Over" Trojan leave banks and other institutions with weak or inadequate security measures vulnerable to fraud. One key findingwas that over 600 financial institutions - primarily large banks in developed countries - were targeted by Trojans. However, the findings also suggested that industries beyond the banking sector were increasingly being subjected to cybercriminal attacks.

Following the 2007 development of the sophisticated Zeus Trojan, the code of which was and leaked in 2011, a surge in malware development geared specifically toward large-scale theft emerged. The configuration files of these Trojans contain target URLs along with rules and modifications to be applied to targeted web pages through man-in-the-browser attacks, a technique that involves an application hooking into a web browser and manipulating data before it is displayed to the end user. The report observed that these new financial Trojans are designed to facilitate fraudulent transactions across a variety of services.

Strong security lacking among institutions
According to PC World, security strategist Sian John stated that there are sufficient measures banks can take to protect networks and sensitive data. Strong authentication, PIN pads and not requiring customers to input full passwords can mitigate the risk of data theft. Unfortunately, as the report noted, security initiatives performed by financial institutions are often insufficient to protect against modern financial Trojans and as long as enterprises continue to employ weak security measures, large-scale financial fraud will remain a lucrative endeavor for attackers.

Large banks are not the only ones that should take heed. The report also observed that these new variants are being utilized in greater numbers against industries that traditionally have not been subject to cyberattacks.

"[B]usiness to business banking, the trading houses and clearing houses, as well as emerging markets which haven't had internet banking previously," are all within attackers' cross hairs, said Johns.

While no security solution is foolproof, keeping networks and software applications equipped with the latest encryption tools remains the best way to keep information safe. Protect your data by visiting Thawte - the leader in certification - and see what SSL option is best for you.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +27 21 819 2200
Fax: +27 21 819 2950

Thawte is a leading global Certification Authority. Our SSL and code signing digital certificates are used globally to secure servers, provide data encryption, authenticate users, protect privacy and assure online identifies through stringent authentication and verification processes. Our SSL certificates include Wildcard SSL Certificates, SAN /UC Certificates, SGC SuperCerts and Extended Validation SSL Certificates.

What is an SSL Certificate Which SSL Certificate is Right for Me? Why Choose Thawte?