{"id":8030,"date":"2022-03-22T16:18:20","date_gmt":"2022-03-22T16:18:20","guid":{"rendered":"https:\/\/cybersmart.com\/?p=8030"},"modified":"2022-03-22T16:18:20","modified_gmt":"2022-03-22T16:18:20","slug":"what-is-a-banking-trojan-and-how-do-you-stop-one","status":"publish","type":"post","link":"https:\/\/cybersmart.com\/blog\/what-is-a-banking-trojan-and-how-do-you-stop-one\/","title":{"rendered":"What is a banking trojan and how do you stop one?"},"content":{"rendered":"
Zeus, SpyEye, Emotet. What do those names mean to you? If you guessed characters from the latest instalment of the Marvel superhero franchise, you\u2019d be wrong (although, great guess). In fact, much as they sound like supervillains, they\u2019re all high-profile banking trojans.<\/span> Let\u2019s start by addressing what a banking trojan is. A banking trojan is a particularly nasty form of trojan horse, one designed to gain access to confidential information processed by online banking systems. <\/span> As we\u2019ve already mentioned, a banking trojan is a type of trojan horse. And, as the name suggests, it works in much the same way as the<\/span> Greek mythological horse<\/span><\/a>. A trojan horse will look and work like a legitimate piece of software until it\u2019s installed on a device. However, once it\u2019s installed, it can be used to access files and systems, steal data or credentials, and even control the host device.<\/span> A banking trojan performs the same tasks, only it\u2019s aimed solely at causing financial damage. It can steal your banking credentials, make unauthorised transactions, or withdraw funds to the attackers\u2019 accounts.\u00a0<\/span><\/p>\n There are a couple of reasons that banking trojans are an exceptionally dangerous form of malware. First, there\u2019s the problem that they\u2019re usually very well disguised as legitimate software, which makes identifying them tricky for anyone who isn\u2019t a cyber expert. <\/span> A banking trojan might be difficult to spot, but it\u2019s not impossible<\/span>. <\/span>There are a few telltale signs to keep an eye out for.<\/span><\/p>\n It\u2019s important to note that none of these things <\/span>necessarily<\/span><\/i> mean you\u2019ve been successfully hacked, but they could be clues that something isn\u2019t right. So, if in doubt, call in the professionals.\u00a0<\/span><\/p>\n As with many cyber threats, the consequences of a successful banking trojan attack can be severe. But, the steps needed to protect your business are all relatively simple.<\/span><\/p>\n Multi-factor authentication <\/span><\/a>(MFA) is a security tool that requires you to provide two or more verification methods to sign into an application. Instead of just asking for your username and password, MFA adds some extras, like a randomly generated pin code sent by SMS, a thumbprint, or a piece of memorable information known only to the user.\u00a0<\/span><\/p>\n The idea behind MFA is very simple: the more locks you have on the door, the harder it is for an intruder to break in. Think of it as adding a cyber deadbolt, a door chain lock, and maybe some cameras for good measure to keep the bad guys out.<\/span><\/p>\n Research shows that as much as <\/span>90% of cyber breaches<\/span><\/a> can be put down to human error. It\u2019s not difficult to understand why. Very few of us are cybersecurity experts and if you aren\u2019t aware of what a cyber threat looks like, you\u2019re much more likely to fall foul of them. <\/span> What this training looks like will differ depending on your business and the knowledge within it. For some businesses, it\u2019s a case of starting from scratch with the very basic stuff. Meanwhile for other firms, addressing specific weak spots will be much more effective.\u00a0<\/span><\/p>\n To learn more about the hows and whys of staff security training, we recommend you <\/span>read this<\/span><\/a>.<\/span><\/p>\n Patching<\/span><\/a> (or regular updates in plain English) is the simplest thing you can do to improve your organisation\u2019s cybersecurity. Over time, even the best software develops vulnerabilities, suffers a breach, or simply becomes outdated<\/span>.<\/span> And, to ensure cybercriminals don\u2019t have an easy route into their clients\u2019 businesses, software developers release security patches. <\/span> Many banking trojans use a keylogger \u2013 a program that records your keystrokes so cybercriminals can steal your PIN or password. By using a password manager, which doesn\u2019t require you to type anything, you make keyloggers useless.\u00a0<\/span><\/p>\n This should go without saying, but if you\u2019re at all unsure about the origin of a file or piece of software don\u2019t download it. And ensure this rule is followed throughout your business.\u00a0<\/span><\/p>\n Finally, use all the security features your bank offers. If your bank offers MFA (virtually all of them do) for sign-in, use it. Many business-oriented banks also have app stores full of free or low-cost cybersecurity features so, you guessed it, use them. These little extras could be the difference between being successfully hacked or not. <\/span>
\n<\/span>
\n<\/span>Since they emerged in the mid-noughties, banking trojans have morphed into one of the most dangerous cyber threats out there. But what are they? And how can you protect your business?\u00a0\u00a0<\/span><\/p>\nWhat is a banking trojan?<\/b><\/h3>\n
\n<\/span>
\n<\/span>Banking trojans typically come in two forms. One uses a \u2018backdoor\u2019 to gain access to the victim’s computer, while the other copies a victim\u2019s credentials by spoofing a financial institution’s login webpage.<\/span><\/p>\nHow do they work?<\/b><\/h3>\n
\n<\/span><\/p>\nWhy are banking Trojans so dangerous?\u00a0<\/b><\/h3>\n
\n<\/span>
\n<\/span>Second, there\u2019s the damage they can do. A successful banking trojan attack can be financially ruinous for the victim: in the worst-case scenario, it gives a cybercriminal total access to your bank accounts and money.\u00a0<\/span><\/p>\nHow do you know when you\u2019ve been hit?<\/b>\u00a0<\/span><\/h3>\n
\n
What can you do to protect your business?<\/b>
\n<\/span><\/h3>\nUse multi-factor authentication\u00a0<\/b><\/h4>\n
Train staff how to spot the signs<\/b><\/h4>\n
\n<\/span>
\n<\/span>The best way to beat this is through training. Training can help your staff better recognise and understand the threats they face. And, more importantly, learn how to counter them.\u00a0<\/span><\/p>\nPatch software regularly\u00a0<\/b><\/h4>\n
\n<\/span>
\n<\/span>The trouble is, this is only as effective as the number of customers who regularly update their operating systems and software. Fortunately, doing so is simple. All it requires is that you check for updates every few days or just turn on the auto-update setting for all company devices.<\/span>
\n<\/span><\/p>\nUse a password manager\u00a0<\/b><\/h4>\n
Only download files from trusted sources<\/b><\/h4>\n
Use all the security features offered by your bank<\/b><\/h4>\n
\n<\/span>
\n<\/span>Protecting your business on a budget is tricky. Calling in the experts or investing in the latest tools is expensive. So what can you do? CyberSmart Active Protect secures your business around the clock with no need for costly consultants, tools or an in-house team. <\/span>Try it today<\/span><\/a>.<\/span><\/p>\n