igor - Fotolia
Symantec's annual study, entitled The State of Financial Trojans 2014, showed a marked transition of attacks from U.S.-based to Asia-based enterprises (as predicted in its 2013 study). Takedowns -- made possible by collaborations between law enforcement and the security industry -- as well as the gradual adoption of stronger security measures, lead to a 53% decrease in infections.
According to Symantec, few innovations in financial malware have been made in the last year. Rather than explore new families of malware, Infostealer.Dyranges being the exception for 2014, the company said criminals opted to teach an old dog new tricks.
"Most attackers relied heavily on man-in-the-browser attacks through Web injects," the Symantec report states. "They perfected and automated proven techniques, expanded to newer regions like Asia, and went after specialties in local markets like the Boleto Bancário payment system in Brazil."
Because cybercriminals are using existing malware samples and exploit kits such as Styx, Angler, and Nuclear, it has been easier for security vendors to detect and stop infections.
However, financial Trojans are increasingly being used for espionage beyond the financial services industry. According to recent research from IBM, Citadel last year joined this offshoot group after it was identified in attacks on Middle Eastern petrochemical companies.
"This is the first time we've seen Citadel used to target nonfinancial organizations in a targeted/APT-style attack," Dana Tamir, director of enterprise security at IBM's Trusteer business group, wrote in a blog post, noting that the first reported attacks were in September. "[Citadel was used] to potentially access corporate data, steal intellectual property or gain access to secured corporate resources, such as mail systems or remote access sites."
Zeus seems to be the only Trojan on the rise, as infections have decupled in the past two years.
"Zeus' many variants and offshoots, such as Gameover and Citadel, are still responsible for the most financial Trojans infections by far," the Symantec report states. "This cluster of families grew from 400,000 detections in 2012 to nearly 4 million in 2014."
Former formidable threats Cridex and SpyEye have seen an 88% and an 87% decrease in infections, respectively, since 2012. Phishing emails have also been on the decline -- experiencing a 74% drop since 2014 -- but Symantec emphasized that social engineering threats are still a viable risk.
Learn more about how traffic-sniffing Emotet banking malware attacks financial institutions
Find out how new malware like Vawtrak blocks enterprise security software