Southeast Europe – cybercrime's newest scene?

Not surprisingly, Bulgarian banks and insurance companies plan to increase spending on security technology

bulgarian street
Juan Antonio F. Segal (Creative Commons BY or BY-SA)

Improving the level of IT security is the top investment priority for Bulgarian financial institutions. A large majority, 67%, of Bulgarian banks and insurance companies plan to increase their spending on security technology next year, according to a survey conducted by in October 2015. The second investment priority is automation of key customer services, but only 33% are planning to spend part of their budgets in this direction.

The focus on IT security outlined by is not surprising in the light of the recent changes on the cyber security scene.

In August 2015 the technology site announced that the dangerous Trojan malware Gozi/ISFB had included nine Bulgarian banks among its targets. The first version of the Gozi Trojan adapted to infect users in Bulgaria was detected by IBM Security X-Force analysts.

Gozi/ISFB infects the computers of banking clients while they surf the Internet and then attacks their online banking profiles. This is how the malware captures information about bank transfers, passwords and personal data. Previous versions of this malware mainly attack users in the U.S., U.K. and some African countries, as well as Saudi Arabia and the Persian Gulf.

Also in August 2015 IBM Security X-Force researchers discovered an interesting Romania-focused configuration of the Tinba v3 Trojan, which exclusively targets 12 Romanian banks.

Cybercriminals are increasingly interested in Southeast European (SEE) countries and Bulgaria in particular, even if English-speaking countries, because of their common language, can be more attractive targets.

This raise the questions: "What has changed in the world of cyber security?" and "Why have cybercriminals changed their preferences?"

According to Michael Paier, ‎General Manager South East Europe at IBM, obsolete IT infrastructure is one of the main reasons which makes organizations targets of cyber attacks. "IT Infrastructure is immature – according to IDC, organizations across SEE still use less-effective and obsolete IT infrastructures which makes them vulnerable to cyber attacks," said Michael Paier in an interview for

In addition, Paier pointed out that improving the level of IT security requires something more than increased spending. "Many organizations are heavily investing in securing their networks, yet the number of attacks is rising and so is their scale and the damage they cause. One of the key reasons for that is that the majority of security investments in SEE are expected to be directed toward basic security solutions only," said Paier. The best defense today is to revamp our approach to security, and move towards a unified analytics- and intelligence-driven collaborative fight against cybercrime, he said.

This story, "Southeast Europe – cybercrime's newest scene?" was originally published by CIO Bulgaria.

New! Download the State of Cybercrime 2017 report