According to the Monthly Report on Online Threats in the Banking Sector for the period 19 May-19 June 2014, a peak in malware activity was registered in Brazil. Kaspersky Lab technology blocked 87,776 attempts to launch malicious programs in the country, which is four times higher than Russia, which stands in the second place.
The FIFA World Cup officially kicked off on 12 June, although cybercriminals were closely following events in Brazil long before that. Phishing sites exploiting the World Cup theme began appearing en masse in March of last year. In January 2014, spam mailings were registered that simulated lottery wins for World Cup tickets, but which actually contained Trojans. As a result, by April, Brazil ranked first in the number of financial malware attacks and since then the number has almost doubled. After the tournament the practice of stealing money using adware programs offering pay-for-view broadcasts from "the best camera" was widespread – substantial amounts of money were withdrawn from users’ accounts, but they received nothing in return.
The rest of the financial cyber-threat picture has not changed much compared to the previous reporting period. Trojan-Spy.Win32.Zbot, Trojan-Banker.Win32.Lohmys and Trojan-Banker.Win32.ChePro remain among the most widespread malicious software. The most notable change was the departure of Trojan-Spy.Win32.Carberp from the threat rating. Its place was taken by Trojan-Banker.Win32.Shiotob, a Trojan sent via spam messages that is capable of monitoring browser traffic and intercepting user credentials.
One of the most memorable incidents during the reporting period took place at the beginning of June, with law enforcement agencies from the US and Europe involved in an operation to take down the major Gameover Zeus botnet. The botnet was used to steal credentials, as well as to spread Cryptolocker ransomware, which encrypts user data and demands a ransom for the decryption key. The damage attributed to this botnet is estimated by the FBI to be $100 million, and its alleged author, a certain Evgeny Bogachev, is among the top ten most-wanted cybercriminals in the US.
“As well as fans, the World Cup attracted cybercriminals interested in the payment details of football enthusiasts. As expected, the attackers took advantage of the hype surrounding this major global event and began targeting users through a variety of channels. It is likely that in the aftermath of the championship cyber activity in Brazil will normalize, having a knock-on effect on the global distribution of threats. However, that is no reason to lower your guard – summer is a time when people make all sorts of purchases, entering billing information on lots sites, and, of course, that data is of particular interest to criminals,” commented Yuri Namestnikov, Anti-Malware Expert, Kaspersky Lab.
The monthly report about online threats targeting the banking sector is compiled within the framework of the Kaspersky Intelligence Service, part of the Kaspersky Fraud Prevention platform.