BAE Systems Detica reveals that Shylock malware is firmly targeted at the UK

Cyber criminals are targeting the UK with one of the world’s most sophisticated pieces of malware. BAE Systems Detica has found that the Shylock malware is one of the fastest growing threats posed by cyber criminals today, and its creators have built a platform over the last two years that allows them to commit large scale targeting and theft of sensitive banking data.

The criminal gang operating the malware is currently targeting a small number of geographic regions and worryingly the UK has been a priority target. Detica’s research shows that the malware is being distributed through compromised legitimate websites, and from a sample of over 500 identified, 61% of them were UK websites. Furthermore, over three-quarters (80%) of the banks being targeted over the past two years have been UK banks.

The research also illustrates the advanced techniques the Shylock malware creators have used to remain undetected by traditional security defences. There are even clues which suggest the operators are working a five-day week, indicating that these are professional and well-organised criminals.

Shylock is typical of the increased shrewdness of cyber attackers over the past year, which has seen a shift towards ‘drive-by’ or ‘watering hole’ attacks rather than conventional phishing e-mails. The shift underlines the agility of cyber attackers to adapt when previously successful avenues are closed off by improved security.

David Bailey, CTO, cyber security at BAE Systems Detica said that the revelations are a reminder that the UK is a prime target for damaging cyber attacks.

"Counteracting the threat posed by Shylock will rely on co-operation from multiple entities including the security research community, industry groups, the finance sector, and international law enforcement. Raising awareness of how the threat actors operate is the first step in this process," he said.

In order to help raise awareness of the malware, Detica is not just highlighting the criminals’ techniques but also providing actionable intelligence which allows organisations to identify compromises, and law enforcement to pursue the perpetrators.