19 Oct Meet Gozi: The Number 1 Financial Malware
Posted at 11:20h in IT Security, Ransomware, Security & Hacking, Technology News, Uncategorized
Gozi (Ursnif) is a notorious and widely distributed banking trojan. It is so widely distributed that, according to IBM, it makes up 25% of all malicious activity targeted towards financial institutions, it is a threat that has been on the landscape for multiple years. Previous breaches have heavily targeted the healthcare sector, which led to the compromise of data associated with 3.7 million patients costing $5.55 million.
Over time attackers utilizing Gozi are continually modifying their techniques in order to avoid detection. The malware itself has featured heavily since 2007 and now after over a decade after it was first found, it as seen as the most prevalent financial malware:
Typically the threat actor distributes this malware in low-volume targeted attacks, as opposed to mass spam mail campaigns. By utilizing this tactic, they are able to stay under the radar and spend their time crafting convincing, well-executed emails and maximize the chance that the email will be opened and the packet downloaded.
The attackers move swiftly from domains and IP addresses, not only for each campaign but for each individual email, making it almost impossible to block. The campaigns themselves are launched weekly in order to dupe more victims and generate more money for attackers.
The malware is typically distributed using malicious spam email campaigns, which feature a Microsoft Word file which acts and the payload downloader. Hackers attempt to make the email seem like it is part of an existing thread in the hopes to increase its legitimacy and open rate. The emails are usually well crafted and written – something that is not typical for most mass-email campaigns.
The word file comes with an embedded VBA which is executed when the word document is closed. This is smart as by only activating once the document is closed it can bypass some sandbox systems which are activated only when documents are opened.
What Does Gozi Do?
Gozi is able to inject itself into Windows operating systems web browsers, allowing hackers to monitor browsing activity and hoover up data and credentials that are put into forms.
- Audience Reporting Explained: How Do I Use it for My Business? - July 2, 2020
- What is Realtime Reporting in Google Analytics & What’s the Real Business Benefit? - June 29, 2020
- What is the Difference Between Business Continuity & Disaster Recovery? - April 2, 2020
- The Best WFH Business Software Solutions for Remote Employees - March 30, 2020
- Covid 19 Contact Form - March 23, 2020
- Power BI: Desktop vs Pro vs Premium - March 17, 2020
- 10 Benefits of Microsoft Power BI - March 16, 2020
- What is Power BI? - March 13, 2020
- Rethinking the Customer Journey: Micro Moments for digital marketing in 2020. - March 9, 2020
- Google Ads Audiences and Signals Explained - January 31, 2020