In 2014, security researchers identified the Emotet banking trojan designed to penetrate into its victim’s computer systems and steal sensitive and private information. The malware was the first of its kind and had other functionalities, such as evading detection by anti-malware products, spamming and delivery services, and worm-like capabilities that helped it spread to other connected computers.
The destructive power of the Emotet banking trojan was so huge that the Department of Homeland Security concluded that it was one of the most destructive malware in history due to its high cost of clean up per incident, which the department estimated to be upwards of $1 million. Today, the Emotet banking trojan continues to cause havoc to computer systems and poses a major risk to veterinary practices around the world. In the past few years, there have also been many variants of banking trojans that have been targeting both government and private institutions. Some of these banking trojans have also been weaponised to be more potent than the Emotet banking trojans, and chances are cybercriminals will use them against your veterinary practice.
What is a Banking Trojan?
Any computer program that is designed to maliciously gain access to confidential information stored or processed through online banking can be classified as a banking trojan. In most cases, these banking trojans mostly target clients of banking institutions because cybercriminals realized that it was difficult to attack the institutions themselves. Therefore, the pivot to attacking and stealing data from customers of banking institutions is a more viable path for cybercriminals.
In most cases, banking trojans appear as a legitimate piece of software until they are installed in a computer system. Once installed, cybercriminals quickly gain access to your files and systems. They can also be able to log activities on your devices. The access also gives them special abilities to make unauthorized transactions, steal victims’ identities, or withdraw client funds to attackers’ accounts.
Once a banking trojan program is executed, it is able to copy itself onto the victim’s computer, create an installation folder and set registry entries which gives them the ability to search for specific cookie files relating to personal finance stored on the computer by banking websites. These programs can also execute a number of operations, communicate with cybercriminals’ servers, log keystrokes, steal information stored on a clipboard, send files remotely, e.t.c.
Unfortunately, when used against institutions, these attacks are very difficult to stop, partly because online banking, whether through a mobile phone or a computer, is less secure than in-person banking. Therefore, there is always a risk of getting compromised and hackers getting away with your personal information.
How is Banking Trojan Spread
The primary form of banking malware spread is through malspam, a method that involves infecting one computer, ransacking through the users’ contact lists to find their emails, and then sending itself to the entire list using your credentials. This method was popularized by the Motet banking trojan but has become popular in the malware family, especially newer versions of banking trojans. In most cases, this method of spreading the banking trojan has been found to be very effective as the email looks less spammy and originates from trusted sources. Clicking URLs or downloading attachments from such emails installs the banking trojan, which repeats the process of going through your contact list and repeating the spread.
When a network is attacked, banking trojans can also spread by brute force, whereby they try to log in to systems by guessing passwords. For instance, if an HR department uses “123456” as their password, the program is programmed to run multiple password tries, and such a password can easily be broken, allowing cybercriminals to gain access to personal information and banking details.
Phishing emails have also been found to be very effective in running banking trojan campaigns. Cybercriminals are able to send phishing emails with malicious attachments or links that download these banking trojans. When clicked, the malicious software is downloaded; it quickly infects computers and networks and spreads.
Impact on Veterinary Practices
As a practice owner, chances are you will become a target of cybercriminals using the banking trojans due to the assumed control you have over your practice’s network. Your veterinary practice is also likely to fall victim to such attacks, especially if they charge their clients through an online platform or use online services to bill them.
Veterinary practices that use third-party payment gateways are also likely to become targets of these cybercriminals. In their case, they are likely to be targeted by a banking trojan looking to extract all their customers’ banking details. A successful cyberattack targeting a payment gateway could result in customers of veterinary practices losing their money through transactions carried out by cybercriminals.
Therefore, it is important for veterinary practices to put in place measures to address banking trojans and other types of malware. Preventive measures such as staff training on how to handle emails, installing anti-malware programs, and your computer systems being updated regularly can cut down the risk of falling victim to such attacks.
Clint Latham