#Starmoney business deutsche bank install
The lure, shown in Figure 1, is personalized in its greeting and references a "Bill to Control."įigure 2: Malicious Microsoft Word document with macros that, when enabled, install Dridex botnet 144 Instead, it is primarily being used in smaller targeted attacks and, in the case of the September campaign described below, contains injects for Swiss banking institutions. The Dridex banking Trojan continues to appear across regions, though at much lower volumes than we observed in 2015 and the first half of 2016. Similarly, whether or not the campaigns are personalized, banking Trojans have been responsible for considerable losses and, as described later, can still prove effective with more typical spamming approaches. Although not detailed here, Nymaim, for example, is another banking Trojan that we have observed being distributed in German-speaking regions. However, it is worth noting that actors can easily swap out payloads, so the presence of one threat does not preclude the appearance of another in rapid fashion. In German-speaking regions, banking Trojans like Dridex and Ursnif are accompanying these personalized campaigns. Recently, though, we have observed larger scale personalized attacks that increase the effectiveness of email lures while still targeting larger groups of users. Threat actors have historically had to choose between distributing malware at scale and personalizing attacks such as we see in spear phishing. While the malware circulating in German-speaking regions in Europe is diverse, much of the impact on individuals and organizations can be traced to two major families: banking Trojans and ransomware. Earlier this year, for example, several hospitals in Germany were forced to reschedule operations and shut down a variety of connected equipment when they were hit with ransomware infections. Losses go far beyond the direct costs of paying a ransom or dealing with fraudulent transactions, however. Ransomware alone is expected to count for a billion dollars of this total in 2016 while banking Trojans, responsible for billions in losses over the last several years, continue to show new information and credential stealing capabilities. Laden with banking Trojans and ransomware, these campaigns often require much more sophisticated protection than common sense.īy some estimates, global losses and costs associated with cybercrime annually reach into the trillions of dollars. Recently, Proofpoint researchers have observed numerous email campaigns targeting German-speaking regions, particularly Germany and Switzerland.
Threat actors, though, are testing the allgemeinbildung of German-speakers with personalized lures and social engineering to deliver ransomware and banking Trojans even in regions that have already experienced large-scale distribution of malware like Dridex. "Common sense" is an oft-prescribed remedy for email-based malware threats: Don't click on unknown links, don't enable macros in documents from unknown senders, don't even read emails from unknown senders.