Banking Trojans Increasingly Target Corporate Users
Financial phishing has increased in frequency and accounted for more than half of all phishing detections last year, Kaspersky says.
In 2019, cybercriminals switched focus from crypto-currency mining to digital trust and privacy issues, but financial threats persisted: threat actors continue to attempt stealing victims’ money, despite no major incidents being reported by the financial industry.
Last year, financial phishing accounted for 51.4% of all phishing detections, an increase from the 44.7% share it saw during the previous year. The security firm detected 467,188,119 phishing attempts in 2019.
Additionally, banking phishing accounted for 27% of all blocked attempts to visit phishing pages last year, Kaspersky says.
Phishing-related attacks on payment systems accounted for roughly 17% of attacks, while those targeting online stores for over 7.5% of attacks in 2019. According to Kaspersky, financial phishing encountered by Mac users accounted for 54% of the phishing attempts aimed at this category of users.
The security firm also says that 773,943 Windows users were targeted by banking Trojans last year, with roughly one-third of them (35.1%) being corporate users. People in Russia, Germany, and China were targeted the most.
Most of the attacks (approximately 87%) involved just four banking malware families, namely ZBot, RTM, Emotet, CliptoShuffler.
The number of Android users hit with banking malware dropped to around one-third compared to the previous year: 675,000 in 2019 vs 1.8 million in 2018. Users in Russia, South Africa, and Australia were targeted the most.
“Financial phishing is one of the most popular ways for criminals to make money. It doesn’t require a lot of investment but if the criminals get the victim’s credentials, they can either be used to steal money or sold,” Kaspersky says.
Related: Corporate Workers Warned of ‘COVID-19 Payment’ Emails Delivering Banking Trojan
Related: New Variant of Gustuff Android Banking Trojan Emerges
Related: Phishing Attacks: Best Practices for Not Taking the Bait