Financial Botnets Go Beyond Banking to Hit Payroll, HR Portals
Recent takedowns force criminals to keep their botnets modest, target smaller banks and compromise other types of networks for financial gain.San Francisco—As corporations team up with cops to take down criminals' networks, the operators behind banking botnets have expanded beyond major financial institutions to hit smaller banks as well as other targets, such as corporate accounting and payroll systems, according to a report released here on April 22 at the RSA Conference by managed security firm Dell Secureworks. The Dyre botnet, for example, appeared following the takedown of the Gameover Zeus botnet, evolving from a rudimentary banking trojan to advanced modular malware used in more than 20 campaigns targeting more than 432 financial institutions. In May 2014, the FBI, security firms and international law enforcement moved against the Gameover Zeus botnet and took down the operation that had compromised approximately 500,000 to 1 million computers and caused an estimated $100 million in damages. Since the takedown, bot operators have begun to change their tactics, Pallav Khandhar, senior security researcher with Dell Secureworks, told eWEEK. "After the Gameover Zeus takedown, they have definitely learned a few things," he said. "They are using anonymizing services to hide their infrastructure, and they are also targeting accounting and payroll services and even social networking."
Overall, the top-13 banking botnets targeted more than 1,400 financial institutions, according to the report.