Reports of 2.2 billion malicious attacks on computers and mobile devices in 2015's first quarter and an evolving Dyre Wolf malware threat are reminders of the continuing need for financial institutions to remain vigilant.
In an epic quarter, Moscow-based security firm Kaspersky Lab released the "IT Threat Evolution Report for Q1 of 2015." It discovered 2.2 billion malicious attacks blocked during the quarter on computers and mobile devices. That doubles the amount detected in Q1 of 2014.
In a "good news, bad news scenario," Kaspersky Lab experts detected that mobile threats are declining but are still dangerous. During the quarter, 103,072 new malicious mobile device programs were discovered, which represents a 6.6% decline from Q1 of 2014. However, mobile malware seems to be evolving toward monetization as malware writers design SMS Trojans, banker Trojans and ransomware Trojans capable of stealing or extorting money and users' financial data. This category of malware accounted for 23.2% of new mobile threats in Q1 of 2015. Kaspersky also detected 1,527 new mobile banking Trojans, 29% more than in Q1 of 2014.
During the same time period, Kaspersky Lab also published a report on Carbanak, opening up a new era of advanced, persistent threat (APT) attacks in the cybercriminal world – a set of stealthy and continuous computer hacking processes. Carbanak, which is considered one of the most successful criminal cyber criminal campaigns ever, is responsible for an estimated 100 financial organization hits and a total of close to $1 billion stolen directly from banks.
Kaspersky Lab also confirmed it exposed a threat actor that surpassed anything known to date in terms of complexity and sophistication of tools: The Equation Group. Its first known sample dates back to 2002, and it is still active. It can infect hard drive firmware, use an "interdiction" technique to infect victims and mimic criminal malware.
In addition, security researchers at Santa Clara, Calif.-based Seculert recently reported a new version of Dyre Wolf that is able to evade sandbox detection tools.
In April, IBM revealed The Dyre Wolf scheme, a sophisticated bank funds transfer scheme that used a mixture of phishing, malware and phone calls to appropriate large sums of money from U.S. companies. The Dyre Wolf campaign used a combination of malware and social engineering and remained undetected by the majority of anti-virus products. IBM Security Services called it "one of the most effective banking Trojans active in the wild because of its feature-rich capability," and the Eastern European gang of cyber-criminals apparently has the type of expertise and backing to steal "upwards of a million dollars from unsuspecting companies."
Dyre is also the foundation of one of the top banking botnets, according to a recent report by managed security firm Dell Secureworks.
This newly discovered version of Dyre malware has the ability to elude analysis, according to Seculert, by checking how many processor cores are on a machine.
"While this is not the only way to avoid sandboxes, the attackers behind Dyre decided to pick this specifically known and openly available technique," Securlert said.
A security sandbox is basically a protected, virtualized environment for executing and running foreign or unknown code to detect malware. Several security tools are currently available that offer sandboxing as a technique for detecting and blocking malicious code. This version of Dyre that Seculert observed relies just on the processor core counting technique to make a determination of whether it is running in a sandbox, Seculert CTO and Co-Founder Aviv Raff, said in a blog. If it discovers the machine has just one core, it immediately terminates on the system it has infected before it is spotted.
The news comes amidst other reports that reveal dangerous new vulnerabilities involving ransomware and a new WordPress flaw that continues to catch many IT departments by surprise.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
