Banking Trojans Increasingly Target Corporate Users
Financial phishing has increased in frequency and accounted for more than half of all phishing detections last year, Kaspersky says.
In 2019, cybercriminals switched focus from crypto-currency mining to digital trust and privacy issues, but financial threats persisted: threat actors continue to attempt stealing victims’ money, despite no major incidents being reported by the financial industry.
Last year, financial phishing accounted for 51.4% of all phishing detections, an increase from the 44.7% share it saw during the previous year. The security firm detected 467,188,119 phishing attempts in 2019.
Additionally, banking phishing accounted for 27% of all blocked attempts to visit phishing pages last year, Kaspersky says.
Phishing-related attacks on payment systems accounted for roughly 17% of attacks, while those targeting online stores for over 7.5% of attacks in 2019. According to Kaspersky, financial phishing encountered by Mac users accounted for 54% of the phishing attempts aimed at this category of users.
The security firm also says that 773,943 Windows users were targeted by banking Trojans last year, with roughly one-third of them (35.1%) being corporate users. People in Russia, Germany, and China were targeted the most.
Most of the attacks (approximately 87%) involved just four banking malware families, namely ZBot, RTM, Emotet, CliptoShuffler.
The number of Android users hit with banking malware dropped to around one-third compared to the previous year: 675,000 in 2019 vs 1.8 million in 2018. Users in Russia, South Africa, and Australia were targeted the most.
“Financial phishing is one of the most popular ways for criminals to make money. It doesn’t require a lot of investment but if the criminals get the victim’s credentials, they can either be used to steal money or sold,” Kaspersky says.
Related: Corporate Workers Warned of ‘COVID-19 Payment’ Emails Delivering Banking Trojan
Related: New Variant of Gustuff Android Banking Trojan Emerges
Related: Phishing Attacks: Best Practices for Not Taking the Bait
More from Ionut Arghire
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Atlassian Warns of Critical Jira Service Management Vulnerability
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Malicious NPM, PyPI Packages Stealing User Information
Latest News
- US Downs Chinese Balloon Off Carolina Coast
- Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
- Feds Say Cyberattack Caused Suicide Helpline’s Outage
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
