Information security (infosec) analysts are seeing a major shift from modern ransomware strikes to old-fashioned Trojan attacks. According to the most recent edition of Microsoft’s Security Intelligence Report (SIR), hackers are using Trojan-style attacks more than ever, and this uptick in activity is largely due to an increase in potential vectors.
Dangers Hidden in Trojan Attacks
Whereas the most spectacular hacks that have made headlines over the last two years have been related to ransomware attacks against hospitals and even police department, the Microsoft SIR study indicates that Trojan attacks on average users climbed by more than 57 percent over the second half of 2015.
In Windows computers and tablets, the following Trojans have been detected by SIR analysts:
- Win32/Colisi
- Win32/Dorv
- Win32/Dynamer
- Win32/Peals
- Win32/Skeeyah
- Win32/Spursint
Every other malware detection being reported by Microsoft’s security products these days is a Trojan. This is a major infosec concern due to the diversity of Trojan delivery methods.
New Avenues of Malware Attack
The new generation of Trojan attacks seeks to take advantage of the machine-to-machine (M2M) protocol, the Internet of Things (IoT) and smartphone assistants such as Apple Siri, Google Now, and Microsoft Cortana. Infosec researchers are also worried about smart home automation devices such as the Amazon Echo and Google Home.
One of the most worrisome attacks was recently reported by McAfee Labs and identified as Trojan Acecard. The attack surface, in this case, is an Android smartphone; the vector is a phishing script that invites victims to try a new app or a video, which in reality enables a script to run in the background. The next time the user accesses the Google Play digital marketplace, the malicious script prompts the user to take a selfie of their driver’s license and uploading it for credit card verification. In reality, the selfie is going to attackers who will use it for identity theft.