CYBER BITESIZE - Threat #2: Trojans

Apr 12, 2018


By: Michael Shuff, PA & 7Safe marketing lead 

Trojan 

What is it?

A Trojan is a type of malware used to gain access to your systems and data. Users are typically tricked into loading and executing Trojans disguised as legitimate programs, although they can also be spread through viruses and worms. Once activated, they can spy on you, steal your data, and set up backdoor access to your system. One of the most prevalent is the Zeus banking Trojan and its many variants.

Some of the main purposes of Trojans include:

Backdoors, downloading of other files and programs, steal information, gain remote access, initiate ransomware, launch a Distributed Denial of Service (DDoS) attack.

However, the lines between malware types are becoming increasingly blurred and it is not uncommon for a piece of malware to begin as a Trojan and then demonstrate worming or virus capabilities.

Why is it a threat?

Trojans give malicious parties access to a victim’s accessible data – both personal and corporate. They can infect other devices connected to the network if the malware includes worm functionality.

Trojans are a big threat thanks to the low levels of user awareness about infection methods such as phishing and drive-by downloads [Note: we will cover worms, phishing, and drive-by-downloads in future Bitesize Cyber articles]. Trojans can also be distributed through legitimate sources that have been compromised, as was the case in the recent distribution of the CCleaner software which contained a Trojan. Piriform, who market CCleaner as “the number-one tool for cleaning your PC”, said in a press release this year that an estimated 2.27 million people used the affected software.

How common is it?

In 2016, Kaspersky published the 20 threats that accounted for 96.6% of all online attacks detected. 15 of these were identified as Trojans – see Table below:

Table 1: Malware Web Attacks

Table 1: The percentage of all malware web attacks recorded on the computers of unique users;  Source: Kaspersky Security Bulletin: Overall Statistics for 2016, p.26

The Verizon 2017 Data Breach Investigation Report states that banking Trojans are “… still omnipresent and ever evolving” threats.

Is there a financial impact?

Yes – see above. Trojans facilitate crimes such as bank fraud and the theft of IP and sensitive data.

Can you defend against it?

Yes. Patch operating systems and web browsers (drive-by downloads can install spyware, remote-access software, key-logging software and Trojans that are capable of extracting information from computers in seconds), add-ons and plug-ins, including Java, Flash and Adobe Acrobat. Run regular antivirus scans using up to date signatures. Monitor for suspicious activity using log files and SIEM technologies with heuristic/behavioural techniques such as file emulation (sandbox testing) and file analysis.

Staff training is another way to defend against Trojans. 7Safe offers professional nationally-accredited training courses built from first-hand experience within the field, which can give staff the confidence to conduct preliminary investigations or responses to Trojan behaviour in a given infrastructure. Specifically, the Security Operations Centre Analyst (SOCA), Cyber Incident Responder (CSIR) and Malware Investigator (CMI) courses can be highly beneficial.

What should you do if it happens to you?

Disconnect the affected systems immediately and run antivirus (AV) software to remove the malware if it can be detected. Bearing in mind that many Trojans can easily evade AVI and host intrusion technologies, continue scanning your computer network, cloud services and mobile devices for signs of malware. Call in professional cyber incident responders and threat hunters to detect and remove the hard to find instances of Trojans.

Who can best deal with it?

Experts in cyber security incident response and threat hunting. 7Safe’s Cyber Security Incident Responders and Threat Hunters are specialists in identifying and responding to cyber-attacks and breaches, including those caused or facilitated by Trojan-like malware. Being able to identify and eradicate malicious software beyond the capabilities of anti-virus tools and understanding the extent of any damage or data loss is a skill which takes years of experience and training, so for peace of mind it is always advisable to call in an expert.

What 7Safe’s expert says:

Trojans are a major nuisance at best and can cause devastation if they go undetected – they’re used by hackers to take control. This type of threat can often be removed with modern security software but when your system has been compromised, you are wise to call in the experts to find all instances.”

#   #   #  

Follow this link to Cyber Bitesize - Threat #3: Worms

Need help with Cyber Security Incident Response?

It’s not a matter of if, but when. In 2017, 74% of British businesses said that cyber security is a high priority for their senior management, with 49% of those having experienced an attack or breach within that year. Despite this, only 11% have a formal cyber security incident management process or response capability in place.

We provide Cyber Security Incident Response (CSIR) services to organisations who would like to prepare for or are suffering from a cyber-attack or breach. We offer four-tiers of retained service to deliver peace of mind, and in the event that an incident is currently taking place we can be deployed on-demand. Our Cyber Threat Hunting (TH) services are integrated with our retained CSIR service tiers.

Trojan
"Trojans give malicious parties access to a victim’s accessible data – both personal and corporate. They can infect other devices connected to the network if the malware includes worm functionality."