Banking Trojans on the rise in Canada – Dridex, Kronos and Zeus among those detected

Canada has been hit by several major banking Trojans targeting businesses and citizens alike. Six different malware variants have been uncovered by security researchers, including Dridex, Zeus, Kronos, Gootkit, Ursnif and Vawtrak.

Security firm Proofpoint detected the surge in banking Trojans directed at Canada, adding that while it was not uncommon for threat actors to target Canadian businesses and residents, the "volume and diversity" of the recent campaigns indicate a notable rise. Hackers are believed to be using mainly malicious Microsoft Word documents in spam emails to infect users' systems.

Proofpoint Threat Operation Centre VP Kevin Epstein told IBTimes UK: "Like the other major industrialised nations, Canada is a wealthy country with a robust banking system and widespread adoption of automation and online services for banking, social media, productivity, and many other activities. From banking Trojans to ransomware to info stealers and other forms of cybercrime, Canada is a logical target; like historical bank robbers, cybercriminals go where the money is."

Proofpoint highlighted that the businesses and/or individuals that have been infected with these malware campaigns "are likely to have (potentially large) amounts of money stolen from their bank accounts if they log in to their online banking system while the malware is active".

The Dridex campaign, which according to Proofpoint, has been linked to losses of at least $40m (£30m) in the US and the UK, was not issued by the recently- revived Necurs botnet. Epstein, however, refrained to comment on the source of this particular campaign, stressing that, "Positive attribution isn't definitive at this time, only negative attribution; it was conclusively not distributed via the Necurs botnet."

Epstein also pointed out that all campaigns observed by the firm "relied on unsolicited email (spam)" as a distribution method. Spam email campaigns have become one of the most popular and effective means of distributing malware and ransomware to unsuspecting victims.

"All malware is dangerous to business productivity and finance. While Banking Trojans (technically a subcategory of malware) can ruin a small business by siphoning funds, other types of malware such as information stealers, ransomware, remote access Trojans (RATs), and more can disrupt business operations instantaneously, or take down larger entities through theft of intellectual property," explained Epstein.

He added that users can take a few simple security measures, in order to avoid falling victim to such malware attacks. He suggested the adoption of the two-factor authentication system when using online banking and endorsed multi-layered defence systems "including modern targeted attack protection, network defences, and endpoint protection". Lastly, Epstein highlighted the importance of user education. He stressed: "Users need to be trained to steer clear of emails from unknown senders and those with attachments and links from anyone but verified, known senders."