New report: Financial CyberThreats Q4 2015

You can now download the full report about Financial CyberThreats (Q4 2015) carried out by ElevenPaths’ Analyst Team. It`s available at ElevenPaths web.

Phishing
A group of 14 countries are on the receiving end of 88.42% of all phishing attacks. The remaining 11.58% is distributed among 167 different countries. Mexico, United States and Brazil accounts suppose almost half of the worldwide detected attacks, followed by Germany and Canada.

Figure 1. Percentage of total phishing attacks – Distribution by country in Q4 2015.

Mexico have shown the biggest percentage of phishing attacks of the entire year, even surpassing the percentage from Germany in the last period which was the most attacked country at that moment.
New Zealand was the country that suffered more phishing attacks per user over the course of Q3 2015 and now has been displaced by Mexico which shows an alarming increase of users affected by phishing.

Figure 2. Percentage of users affected by phishing – World.

Phishing messages targeting the financial sector (banks, payment systems and online shops) accounted for 43.38% in this period, an increase of 13.19 % compared with the data analyzed in Q3 2015.
In the online payment sector, PayPal, Visa, American Express and MasterCard continue to be by far the most targeted entities, just as in 2013 and 2014.

Regarding e-commerce targeted by phishing attacks, during the first months of 2015 one of the most remarkable trends was the big increase of attacks against Steam (on-line game distributor and social networking platform developed by Valve Corporation) users. Although the numbers for Q3 showed a decrease in such attacks, during this last period it has suffered an astonishing increase, from 17.59% in the past period to 41.79% in Q4 2015. A logical explanation for this increase could be the Christmas season and the raise of activity in the online gaming world, from the increase in purchases to the growth in the number of players interacting with Steam.

Banking malware
The number of infections of the Zeus Trojan and its variants keeps decreasing for the third period in a row during this year.

Although the Dyre Trojan decreases its percentage (representing the 19.21% of all the infections performed by banking Trojans in Q4) it keeps being the lead actor in the banking malware area.

Figure 3. Banking malware global distribution by families in Q4 2015.

During this year several new families of Point of Sale Malware have appeared: LogPOS, Punkey, FighterPOS, BernhardPOS, GamaPOS, ModPOS and so on until the approximately number of 26 known malware families included in this category (our heuristic engine identifies several samples with similar functionality that do not belong to any given family).

Figure 4. Geographical distribution. Generic POS verdict (Trojan-Spy.Win32.POS) | Q4 2015.

Mobile malware
Continuing the trend observed during the last few years Android has been the most affected platform in this period too. The platform is targeted by 99.78% of all samples detected on any mobile platform. At the end of 2014 this figure was 99.41%.

Figure 5. Mobile banking trojans geographic distribution.

Russian Federation alone takes the 86.50% of infected users, followed distantly by the rest of countries. Germany, Italy, France, Poland and Austria are the most infected European countries.

The deadline for our Latch and Sinfonier contests has been extended!New Whitepaper "Scope, scale and risk like never before: Securing the Internet of Things" by Telefónica and ElevenPaths Analyst Team