The banking Trojan known as Tinba, which has been linked to attacks against bank and credit card accounts in the U.S., Canada, the U.K. and Europe, is now being used to target customers of some of Russia's top banks and payments providers, according to researchers within the counter threat unit of cybercrime intelligence firm Dell SecureWorks.
Brett Stone-Gross, a senior security researcher at Dell SecureWorks who helped write a new report about Tinba's shifting attack targets, says the finding illustrates that "cybercrime is definitely global."
In an interview with Information Security Media Group, Stone-Gross notes: "Tinba is unusual, because we typically see banking Trojans targeting western institutions. This one is targeting Russian targets. One reason why we may see this shift could be, in part, due to the hostility between the Ukraine and Russia."
In addition to Russia, Tinba attacks are also now shifting to Asia, Stone-Gross notes. "A lot of these regions haven't been targeted as much in the past," he says. "So, these regions may not have implemented some of the same security measures that are in place at a lot of the banks in the Western world. It may be easier for cybercriminals to steal money from these bank accounts, and they may be more able to hire translators to assist them with understanding the language and the way financial institutions operate in those parts of the world."
The more targeted Tinba's attacks become, the more malware administrators have to know about regional differences in banking practices and software systems, he contends. "It definitely tells us that the administrators of the malware have to know how the particular institutions in those regions operate, how the security measures are implemented and how they can avoid or evade those measures," Stone-Gross says.
What's more, Tinba's relatively small size - 25 kilobytes, compared to 250 kilobytes for most banking malware - could make it tougher to detect, Stone-Gross says. Tinba is lightweight and portable, yet still possesses the same capabilities of other malware strains, he adds.
During this interview (see audio link below photo), Stone-Gross also discusses:
- How multifactor authentication can help banking institutions thwart threats Tinba poses for their customers;
- Tinba's link to other well-known banking Trojans;
- Why Tinba's use and distribution cannot be linked to one particular botnet.
Stone-Gross has more than 10 years of experience in computer security and specializes in malware analysis, reverse engineering and attack attribution. He has collaborated with many leading security experts to disrupt large-scale cybercriminal operations, including botnets that were used for financial theft, click-fraud, spam and fake antivirus software. Before joining Dell SecureWorks, he worked at Lastline, Citrix Online and the Los Alamos National Laboratory.