It’s almost that time of the year to file taxes in Portugal, so John opens the email he received asking him to submit his taxes. It’s from a bank he trusts, so he follows the instructions in the email and proceeds to download the attached PDF. Little did he know that when he clicked the links in the email body, the Lampion trojan was downloaded from an online server. Once downloaded, the computer disk details, any open computer windows, the clipboard contents, and his banking credentials can be accessed by this trojan. The Lampion trojan is malware that uses anti-debug and anti-VM techniques, which makes it difficult to analyse manually or in a sandbox environment.
The subject of these phishing emails was about Rendimento de Pessoas Singulares, which is Portugal’s annual tax declaration. Such emails are becoming more common, and they’re primarily aimed at the Portuguese government and the financial sector.
Meanwhile in a neighbouring country…
Aware of recent phishing emails, George from Germany attempts to access his banking application via a corporate mobile device. He launches the app, which requests access permission for security reasons. The app bears the bank’s logo, which he recognises. Normally, any banking application does not request permission in this manner; since George assumes the applications are secure, he allows it to run with his credentials. Once the credentials are provided, a masked Hydra trojan drops a DEX file, which is later deleted to avoid detection by antivirus software. The credentials are then sent directly to the dark web where the information is extremely vulnerable. This trojan can turn on Wi-Fi, access contacts, and even send messages over the internet.
When Avira, a software company mainly known for its antivirus solutions, detected Hydra and attempted to get to the bottom of it, it discovered that the trojan had an archive containing the icons of almost every banking application, implying that those banks are on its radar.
Why are banks and banking applications the most popular target for hackers? The answer is obvious: They contain money and data, both of which are extremely valuable to hackers. It’s possible that your employees access their banking applications via devices connected to the corporate network. How often do they stay out of trouble? You can’t limit their access because it’s necessary—banks handle everything from salaries to tax filing. But how can you monitor if employees inadvertently open malware-infected emails? And the Brazilian Lampion trojan, which can excellently masquerade itself, is currently on the rise. So, even if you check other computers in the network, it’s almost impossible for antivirus software to detect its presence.
Employees should be educated on the latest trends in cyberattacks as well as the difference between a genuine email and a phishing email. They should be taught to think twice before they click on any link, and always ensure they have a vault to store their files and refrain from keeping them on their desktops. But even with all the training in the world, someone can still make a mistake.
Since the onset of the pandemic, the adoption of banking applications has been on the rise due to the fear of spreading infection via cash transfer. Have you ever wondered how many apps have access to your bank accounts? You can order something online by simply clicking a link and transferring money to a retail store. Have you ever wondered how secure the bank’s connection is?
In the finance industry, which is always vulnerable, it’s critical to employ an endpoint management system in addition to an antivirus solution to shield organisations. Employing an endpoint management system that has antivirus capabilities built-in is an added advantage.
How can employing an endpoint management solution safeguard your organisation?
- Sandbox your browsers:
Browsers are an integral part of the workstation. You can’t always stop employees from accessing different sites, but you can containerise them. When you compartmentalise browsers, untrusted sites can still be opened without effecting the organisation and without retaining data or downloads. With browser security as an addition to endpoint management, you can easily block web-based threats.
- Block EXE downloads:
Make sure you invest in a good endpoint management solution that supports blocking executables. This restricts the downloading of any executables that often come with phishing emails.
- Keep OSs up to date:
Apply OS updates and other patches to all your endpoints regularly as soon as they’re available to prevent hackers from exploiting vulnerabilities.
- Restrict applications:
Allow access only to trusted sites and secure applications. When it comes to both laptops and mobile devices, you can always opt for application restriction. You can block applications that you deem untrustworthy and safelist select applications that you trust to ensure maximum safety.
- Employ a self-service portal:
You should only install applications from a recognised store like Google and refrain from installing them via links. In an office environment, you can use a software self-service portal with which you can allow applications that you trust to be installed.
- Ensure the antivirus software you use is regularly updated:
In the banking industry, software updates are essential. If you don’t do this on a regular basis, you may fall victim to update malvertisements, which can be used to spread trojans, as was the case with the SUNBURST malware.
- Scan regularly:
By performing an inventory scan regularly, you can sweep for malicious links or executables that may have been accidentally downloaded.
- Run antivirus scripts:
Running an antivirus script before deploying software ensures you’re safe from trojans.
Wondering which endpoint management solution can provide all of the above? Try Desktop Central now to use all these features and more.