In 2018, 889,452 users of Kaspersky Lab solutions were attacked by banking Trojans, an increase of 15.9% compared to 2017, when over 767,000 users were hit. The growth partially occurred due increased activities of only one banker, according to an analysis of the financial threat landscape by Kaspersky Lab.
Attacks with banking Trojans or ‘bankers’ are among the most popular for cyber criminals as they are focused directly on financial gain. This kind of malware steals credentials for e-payment and online banking systems from victims, intercepting one-time passwords, and then sending the data to the attackers behind the Trojan.
Of 889,452 attacked users, almost 25% were corporate ones, a figure that has remained fairly consistent for the last three years. According to Kaspersky Lab experts, the reason behind this is clear: while attacks on consumers will only provide access to banking or payment system accounts, successful hits on employees can also compromise a company’s financial resources.
The collected data also shows that Russia became the most targeted nation in 2018, accounting for over 22% of global users attacked with banking malware. It is followed by Germany (with a share of over 20%) and India (almost 4%).
“When it comes to individual users, we can say that 2018 didn’t give them much respite from financial threats. Our data shows that infamous bankers are still there, increasing their attacks and hunting for money. Of particular interest was the RTM banking Trojan, whose explosive growth pumped up the figures for 2018. We therefore urge users to be cautious when conducting financial operations online from PCs. Don’t underestimate the professionalism of modern cybercriminals by leaving your computer unprotected,” said Oleg Kupreev, security expert at Kaspersky.
In 2018, the share of financial phishing decreased from 53.8% to 44.7% of all phishing detections, still accounting for almost a half of overall detections.
Around one in five attempts to load a phishing page blocked by Kaspersky Lab products is related to banking phishing.
The share of phishing related attacks to payment systems and online shops accounted for almost 14% and 8.9% respectively in 2018. This is slightly less (single percentage points) than in 2017.
The share of financial phishing encountered by Mac users slightly grew, accounting for 57.6%.
In 2018, the number of users attacked with banking Trojans was 889,452 – an increase of 15.9% in comparison with 767,072 2017.
24.1% of users attacked with banking malware were corporate users.
Users in Russia, Germany, India, Vietnam, Italy, US and China were the most often attacked by banking malware.
Zbot and Gozi are still the kings when comes to most widespread banking malware family (over 26% and 20% of attacked users), followed by SpyEye (15.6%).
Android banking malware
In 2018, the number of users that encountered Android banking malware more than tripled to 1,799,891 worldwide.
Just three banking malware families accounted for attacks on the vast majority of users (around 85%).
Russia, South Africa, and the United States were the countries with the highest percentage of users attacked by Android banking malware.
Financial Cyber Threats in Singapore and South East Asia
Data from Kaspersky Lab revealed that Singapore recorded a relatively high mobile banking malware infection at 0.14%, compared to its neighbours: Philippines (0.06%), Indonesia (0.08%), and Thailand (0.10%).
Malaysia has the highest number of detected mobile banking attacks in Southeast Asia (0.40%), followed by Vietnam (0.19%).
Compared to 2017, users attacked by mobile banking malware and Singapore’s rank among nations with the highest number of users attacked by mobile banking malware, both fell in 2018. The percentage of users attacked by mobile banking malware fell from 0.16% to 0.14%, and the country is placed at 38th spot in 2018, as compared to 17th spot in 2017.
“As a famous financial hub in the region and a home to highly-connected citizens, Singapore has become an obvious target for attackers. It is encouraging that the number of users attacked by mobile banking malware has fallen last 2018, but everyone should not be complacent. It is crucial for financial institutions, service providers, and all Singaporeans to beef up their vigilance and improve their online habits, especially as this country steadily transforms into a cashless society,” Yeo Siang Tiong, General Manager of Southeast Asia at Kaspersky Lab said.
In order to protect themselves from financial phishing, Kaspersky Lab experts advise users to take the following measures:
Websites can be a front for cybercriminals, with the sole purpose of harvesting your data. To stop your confidential details from falling into the wrong hands, if a site seems suspicious or is unfamiliar, do not enter your credit card details or make a purchase.
To help prevent financial fraud, a dedicated security solution on your device, with built-in features, will create a secure environment for all of your financial transactions. Kaspersky Lab’s Safe Money technology is designed to offer this level of protection to users and provide peace of mind. Use reliable security solutions for comprehensive protection from a wide range of threats, such as Kaspersky Security Cloud and Kaspersky Internet Security.
To keep your credentials safe, it is important to apply the same level of vigilance and security across all of your devices – whether desktop, laptop or mobile. Cybercriminal exploits have no boundaries, so your security needs to be just as widespread to minimize the risk of your information falling into the wrong hands. Use a reliable security solution for storing valuable digital data, such as Kaspersky Password Manager.
For business, Kaspersky Lab experts advise the following:
Invest in regular cybersecurity awareness training for employees to educate them not to click on links or open attachments received from untrusted sources. Conduct simulated phishing attack to ensure that they know how to distinguish phishing emails.
Leverage advanced detection and response technologies, such as Kaspersky Endpoint Detection and Response, part of Threat Management and Defense solution. It makes it possible to catch even unknown banking malware and gives security operation teams full visibility over the network and response automation.
Provide your security operation center team with access to Threat Intelligence so it remains up to date with the latest tactics and tools used by cybercriminals.