How Trojans steal credentials and attack cloud services

The cloud is not impervious to cyberattacks, says Malwarebytes CEO Marcin Kleczynski, and Trojans can expose piles of personal data while disrupting business.

How trojans can attack cloud services

Trojans: It's a term we don't often hear as frequently as other buzzwords in cybersecurity, but it's probably the first term that a lot of people learned in the late 90s, early 2000s. TechRepublic met with Malwarebytes CEO Marcin Kleczynski to discuss the state of the union of trojans, how do these behave now, and how is it different than in the past. Below is a transcript of their interview.

Kleczynski: It's such a broad term, Trojan. It's one of the first, as you said, many consumers and businesses learn. It encompasses so many different aspects. From hijacking to spyware. Trojan is really a delivery mechanism. It's one where you can get a piece of malware or a Trojan through a drive-by download. You're visiting a website and all of a sudden that website has an exploit, and suddenly you have something on your machine.

We've seen a pretty significant rise. Almost 100% increase in 2017 with regards to banking Trojans, for example. These criminals are moving away from the traditional ransomware attacks over the last two years, and moving more into going after banking details and credit card details, locally on end points. Putting a Trojan on those end points, whether through a drive-by or a user just willingly does it with a phishing link, which downloads a power point, we've seen a pretty big uptick in that recently.

Patterson: What about browser based Trojans or Trojans that attack cloud services? Let's say I don't keep a lot of data locally, but I'm pretty dependent on the cloud. Do I have reason to be afraid? Or are there ways I can mitigate these types of attacks?

Kleczynski: Great question. I think the primary task of a lot of these Trojans is to get user credentials for websites, for cloud services. Especially if you don't have two-factor authentication. Another method of basically authenticating with that cloud service. These credentials can be sold for dollars, for hundreds of dollars, for thousands of dollars. It really depends on what kind of service it is, who the criminal is, reputation, and so on. But they're going after pretty much anything on that end point. If it's credentials for your online backup service. If it's your email credentials. Whether you give them willingly or the Trojan steals them unwillingly, they can go for a lot of money. Having two factor authentication and a good solid antivirus will take you a long way.

SEE: Cheat sheet: Two-factor authentication

Patterson: Speaking of antivirus products, we don't want to plug your company too much. But when I look at things that I might find on a local work station, that might be Windows Defender or something like Windows Defender. I know I may have to run something like this, but what specifically am I looking for? How do I know, or at least have assurances, that after I've run some software, my machine is clean?

Kleczynski: That's a great question. At a high level, a lot of the traditional security providers like Windows Defender, Microsoft's product, use signatures as the primary detection mechanism. They've had to have seen the Trojan, the malware, before. As you and I both know, with the state of malware out there today that's just not effective.

Many next generation antivirus providers, ourselves included, we really look for machine learning. Again, I know these are all buzzwords, but trying to train on the data that has been around for decades, and using that to detect malware. Not having seen it before, but really trying to proactively detect it on the zero day, which means the day it comes out. Before the criminal even picks up their keyboard, we're detecting the malware.

Also see

Image: iStock/buchachon