US leads Europe for malicious websites, banking trojans still at large

According to a new report from German security company G DATA, more malicious websites were hosted in the US in 2015 than in any other country, originating around 57 per cent of recorded attacks.

China, Hong Kong, Russia and Canada are also major hosts of malware, though Europe is little in evidence, only Germany and Italy making the top seven and accounting for just six per cent between them.

Overall, the number of websites categorised as being 'evil' has risen by 45 per cent, emphasising how attacks from the web represent one of the biggest and growing threats facing computer users.

It also shows that there has been an increase in malicious websites purporting to be gambling portals, up from 13th place in the rankings to first in just six months, accounting for 18.7 per cent of malicious sites. In second place are blog sites on 12.9 per cent followed in third by technology and communications sites on 12.8 per cent.

There has been a shift in the methods of attack on banking targets, with the banking Trojan Swatbanker, which was responsible for the highest number of averted attacks in the first half of 2015, having almost completely disappeared from the picture in the second half.

A new piece of malware called Sphinx - a variant of the ZeuS banking Trojan - contributed to a rise in attacks in the second half of the year but was short lived. By December attack levels were back up to July levels due to the Dridex banking Trojan being distributed in emails supposedly containing invoices.

"In the beginning of the second half of 2015, it initially appeared that attacks by banking Trojans had been significantly reduced," says Tim Berghoff, security evangelist at G DATA. "In fact, Swatbanker, a previously dominant Trojan, almost completely disappeared from the picture. However, in December, our researchers found that Dridex was responsible for a huge wave of attacks through phishing emails, showing that banking Trojans are clearly still a major concern".

English-speaking countries continue to be the main target of banking Trojans with 80 per cent of all target sites identified as located in English-speaking countries. Two major waves of attacks related to APT28 and the Hacking Team incident can, say the report's authors, likely be traced back to attack tools used at the government level that have been adapted by cyber criminals.

The full report is available from the G DATA website.

Photo Credit: andriano.cz/Shutterstock