Last year 773,943 Kaspersky customers were attacked by banking trojans, down from 889,452 in 2018, but the percentage in the coporate sector that were attacked went up from a quarter (24 to 25 percent) to a third (35.1 percent).
Almost every third attempt to visit a phishing page blocked by Kaspersky products was related to banking phishing (27 percent). Financial phishing increased from 44.7 percent of all phishing detections to 51.4 percent. Phishing-related attacks on payment systems and online stores accounted for almost 17 percent and 7.5 percent respectively, consistent over the past two years, while financial phishing of Mac users fell slightly to 54 percent.
In an email to SC Media UK Oleg Kupreev, security expert at Kaspersky commented: “While the overall number of attacks on bankers decreased in 2019, the growing interest for corporate users’ credentials indicates we are not yet seeing respite from financial threats. ...While we are in the current peak of remote working during the coronavirus pandemic, it is especially important to not underestimate criminals’ desire for stealing money.”
Based on reports from Kaspersky’s client base, Russia remained the nation most attacked by banking malware in 2019 (30 percent of attacks) followed by Germany ( seven percent) and China (three percent).
Android banking malware attacks fell to just over 675,000 from around 1.8 million, with Russia, South Africa, and Australia the most attacked by Android banking malware.
Kaspersky experts advise businesses take the following measures against financial threats:
Invest in regular cybersecurity awareness training for employees to educate them not to click on links or open attachments received from untrusted sources. Conduct a simulated phishing attack to ensure that they know how to distinguish phishing emails.
Leverage advanced detection and response technologies as part of the Threat Management and Defence solution.
Use mobile protection solutions or corporate internet traffic protection to ensure employees’ devices are not exposed to financial and other threats.
Provide your security operation center team with access to Threat Intelligence so it remains up to date with the latest tactics and tools used by cyber-criminals.