fbpx

What is a banking trojan and how do you stop one?

banking trojan

Zeus, SpyEye, Emotet. What do those names mean to you? As much as they sound like Marvel supervillains, they’re all examples of high-profile banking trojans.

Emerging in the mid-noughties, banking trojans have morphed into one of the most dangerous SME cybersecurity threats. But what are banking trojans? And how can you protect your business from them?

What is a banking trojan?

A banking trojan is a particularly nasty form of trojan horse malware that aims to give cybercriminals access to networks and confidential information stored in online banking systems.

Banking trojans typically come in two forms:

  1. Backdoor trojans: Use backdoors in your system to circumvent security measures and gain access to your computer.
  2. Spoofers: Steal user credentials by creating a fake version of a financial institution’s login page.

How do banking trojans work?

A banking trojan works in much the same way as the mythological wooden horse from which it draws its name. A typical banking trojan looks and behaves like legitimate software until you install it. Once it’s on your device, it shows its true colours.

Cybercriminals use banking trojans to:

  • Steal banking credentials
  • Make unauthorised transactions
  • Siphon funds to the attacker’s account

Did you know that 47% of UK SMEs feel more threatened by cybercrime since the cost of living crisis began? Find out more in our latest report.

Why are banking Trojans so dangerous? 

Banking trojans are a particularly hazardous form of malware for several reasons. Firstly, they’re usually well disguised as legitimate software, which makes them difficult to detect for anyone who isn’t a cybersecurity expert.

Secondly, they cause significant damage. In a worst-case scenario, a banking trojan can give cybercriminals total access to your bank accounts, which could spell financial ruin.

How do you know when you’ve been hit? 

Although it can be challenging to spot a banking trojan, it’s not impossible. Like any malware attack, there are a few telltale signs to look out for:

  • New or unexpected forms appearing in your bank accounts
  • Poor device performance
  • Slow or broken applications
  • Missing files
  • Unexpected pop-up windows 
  • Tasks running independently
  • Spam originating from your email accounts
  • Your anti-virus or anti-malware software stops working

It’s important to note that none of these are conclusive proof that someone’s successfully hacked your system. Think of them as signs that suggest something isn’t quite right. So, if you’re in any doubt, it’s time to call the professionals.

What can you do to protect your business?

Thankfully, protecting your business against banking trojans and similar forms of malware is relatively straightforward. Beyond investing in reliable threat monitoring software, we recommend following these six simple steps.

Use multi-factor authentication 

Multi-factor authentication (MFA) is a security measure that requires you to provide two or more verification methods to sign into an application. Instead of asking for your username and password, MFA demands additional information such as:

  • A randomly generated PIN code sent by SMS
  • A piece of memorable information known only to you 
  • Your thumbprint

The idea behind MFA is simple: the more locks you have on the door, the harder it is for an intruder to break in. Think of it as adding a cyber deadbolt, a door chain lock, and some cameras to keep the bad guys out.

Train staff how to spot the signs

Human error is responsible for as much as 90% of cyber breaches, and it’s easy to see why. Few of us are cybersecurity experts, and if you aren’t aware of what a cyber threat looks like, you’re much more likely to find yourself on the receiving end.

Cybersecurity training can bridge this knowledge gap. Training helps staff recognise, understand, and mitigate the threats they face. What this training looks like depends on your business and the knowledge within it. For some, it’s a case of starting from scratch and covering the basics; for others, it’s about addressing specific weak spots.

Patch software regularly 

Patching your software is the simplest way to improve your business’s cybersecurity. Even the best software can develop vulnerabilities, suffer a breach, or become outdated. Software developers release security patches to ensure cybercriminals don’t have an easy route into their clients’ systems.

It's easy to install these patches. You can check your system for updates every few days or activate the auto-update setting on all company devices.

Use a password manager 

Many banking trojans use keyloggers – programs that record your keystrokes so cybercriminals can steal your PIN or password. Using a password manager, which doesn’t require you to type anything, instantly overcomes the threat of keyloggers.

Only download files from trusted sources

This might seem obvious, but if you’re unsure about the origin of a file or piece of software, don’t download it. Set clear rules throughout your business to ensure people only download software from trusted sources, such as Microsoft, Google, or Apple stores. This helps to minimise your exposure to compromised software and malware.

Use all the security features offered by your bank

Banks offer a range of security features. Use them! If your bank provides MFA for sign-in (virtually all of them do), use it. Many business-oriented banks also have app stores full of free or low-cost cybersecurity features. Use them, too. These little extras are often the difference between cyber safety and falling victim to a banking trojan.

Banking trojan examples to watch out for

Zeus

Active since 2007, cybercriminals use Zeus to target Microsoft Windows and steal financial data. It quickly became one of the most successful pieces of malicious software in its class, affecting millions of systems worldwide and giving rise to a host of similar threats. After a brief lull in 2010, when the creator reportedly retired, we’ve seen an uptick in Zeus variants since the source code went public. 

SpyEye

Once touted as the successor to Zeus, SpyEye established itself as one of the most dangerous banking trojans in the early 2010s. SpyEye enabled its creators to steal sensitive information from its victims’ bank accounts, including account credentials, credit card information, and PIN numbers. Its Russian creator was sentenced to nine-and-a-half years in prison in 2016.

Emotet

Emotet is a banking trojan that spreads primarily through email. These emails often use familiar branding and convincing wording to trick the victim into clicking on a malicious link. Emotet has gone through a few iterations since emerging in 2014, in an attempt to circumvent modern detection methods.

Don’t suffer the same fate as Troy

Understanding the threat banking trojans pose and adopting appropriate countermeasures are integral to safeguarding your financial information in today’s digital landscape.

Simple, inexpensive malware prevention tips – like updating your software regularly, using a password manager, and educating staff – help protect your business against banking trojans and other malware strains, too.

Want to know more about the threats facing small businesses? Check out our new research report on SMEs and the cost of living crisis.

SME cost of living crisis

Practices for maintaining cyber security every business owner should know

As the span of regulations, risks, and budget evolves and your business grows, the maintenance of cyber security shouldn’t just be an afterthought – it should be part of the bedrock of your organisation.

The Cisco 2020 CISO study demonstrated that cyber security remains a high priority among executive business leaders, with an increase in investment for security automation technologies as the scale of complexity increases. 

While it’s helpful to have an automated security team in place to combat cyber attacks, there are several steps you can take as a business to protect yourself:

Strict access control (Zero Trust)

Zero Trust is a holistic information security framework and an essential component of cyber security. Rather than assuming all people and systems operating within a secure setting should be trusted, it relies on constant verification before granting access. 

This can be implemented through a series of steps. Firstly, data access should be managed by a multi-factor authentication (MFA) system. Only 27% of businesses are making use of an MFA system. 

Secondly, employees should be prompted to update devices to combat existing vulnerabilities, and user access to data management applications should be managed through central policies.

The Cisco report demonstrated that more than half of respondents noted that mobile devices are becoming an increasing challenge to defend. It suggests a zero-trust strategy as the best way to remedy this.

Updating regularly

This report showed that 46% of organisations were faced with incidents as a result of unpatched vulnerabilities. This means that a software provider issued an update in response to an issue but an employee failed to run the update.

Breaches to data management environments can cause hefty losses of data, and when patches are rolled out it is crucial to apply them immediately to limit the timeframe in which the vulnerabilities can be exploited.

Monitoring implementations

When cyber security practices are being continually developed and regulated, it becomes important to regularly monitor connectivity on the network or data applications to review how well the security measures are faring. 

Detection utilities should always be managed and routinely updated so that when incidents do arise, they can be properly investigated. Many small and medium-sized businesses have found CyberSmart’s monitoring app helpful for this purpose. It can be installed on any device and up-to-date information on every device’s security status is available through a centralised dashboard.

Centralise security essentials

The biggest factor in the growing challenge of propagating adequate cyber security is the level of complexity as a business scales. When an organisation utilises multiple security solutions, centralising them in an integrated platform reduces the complexity which makes it easier to manage, update and review security essentials. The benchmark found that 42% of respondents were more inclined to give up on maintaining adequate cyber security due to its complexity.

CyberSmart offers several ways for the cyber security of even smaller businesses to thrive, and our Cyber Essentials and Cyber Essentials Plus certification takes complexity into consideration and simplifies the process.