Financial Malware Attacks On The Rise, Warns Kaspersky

Security specialist Kaspersky Lab has warned that the number of consumers hit by financial malware is significantly rising.

Its research found that financial malware is now extremely dangerous, and corporate environments are among the prime targets.

In May Kaspersky Lab had also warned mobile banking trojans were one of the most rapidly-developing pieces of malware.

Financial malware

It said at the time that it had witnessed a “worrying amount of attacks” carried out on more than 300,000 users, with a type of malware designed to steal credentials and money from users’ bank accounts.

But now Kaspersky Lab has found that 430,000 consumers faced malware designed to steal finances, cryptocurrencies and web-money services in the first half of 2019.

This is a 7 percent over the previous year, in the number of users being hit by financial malware.

Over a third (30.9 percent) of those affected are corporate users – double the figure discovered in the first half of 2018 (15.3 percent).

Kaspersky said that its “data on new samples of these threats constantly demonstrates that malware aimed at stealing funds is active and extremely dangerous, especially when it comes to corporate environments – since most corporate networks usually rely on connected devices, and if one is compromised then the whole entity may be under threat.”

It warned that typical attack vectors for malware are spam emails and phishing web pages. The latter usually appear to be legitimate websites, yet in fact are created by threat actors in an attempt to steal credentials, bank card details or other types of sensitive information.

Indeed, during the first half of 2019, Kaspersky researchers have detected more than 339,000 phishing attacks from web pages disguised as landing pages of large banks.

So which are the most popular banking Trojan families that were used to attack corporate users?

Well four-in-ten (40 percent) financial threats on corporate users came from the RTM banking Trojan. This was followed by the Emotet banking Trojan at 15 percent.

The Trickster banking Trojan rounds up the top three identified malware, with 12 percent of discovered threats, said Kaspersky.

For private consumers the situation was found to be different. The Zbot malware (26 percent), which steals credentials with the option of remote control by threat actors, was the most popular. This was followed by RTM and Emotet.

“We expect to see a rise in the number of attacked users in the second half of 2019,” said Oleg Kupreev, security researcher at Kaspersky. “Usually, we see a rise in malicious activity after the holiday season, when people are using their devices less than usual and therefore are less likely to fall a victim to threat actors.”

Best practice

“We urge everyone to be extra careful with all banking and finance-related operations that they perform online and remain vigilant,” said Kupreev.

Kaspersky advise corporate to ensure cybersecurity awareness training for staff, particularly those who are responsible for accounting.

It also advises installing the latest updates and patches, banning the installation of programs from unknown sources, and the implementation of EDR solutions such as Kaspersky Endpoint Detection and Response.

For private users Kaspersky recommends that they always install security updates as soon as possible; do not install software from unknown sources (and turn off this option for mobile devices); and use a reliable security solution, such as Kaspersky Total Security.

In April this year a report from security firm Arxan Technologies, found insecure coding practices in wide use in mobile financial applications, including retail banking apps, indicating what researchers said was a “systemic” issue.

Do you know all about security? Try our quiz!