Reader Advisory

Some articles posted in The SlickMaster's Files may contain themes, languages, and content which may neither appropriate nor appealing to certain readers. READER DISCRETION is advised.

Thursday, November 04, 2021

Kaspersky expert says 2019 witnessed the start of banking Trojan outbreak in APAC

10/23/2021 5:03:00PM

Kaspersky has discovered that a banking-related Trojan outbreak has almost coincided with the start of the on-going novel Coronavirus pandemic, a sudden health plague that totally-changed the landscape of the world today. 

With COVID-19 putting a sudden shift in the regional ang global lifestyle, a significant uptick  of digital payment adoption has became one of the most evident aftermaths 

Several reports have already put the numbers to prove this trend, but how about its tangible effects on the cybersecurity landscape of the financial sector?

Vitaly Kamluk, Director of Global Research & Analysis Team (GReAT) for APAC at Kaspersky, discovered that following its analyzation of the increased the historical data from Kaspersky Security Network's (KSN), cashless payments in APAC have paralleled the rise of banking Trojans in the region. 
“Even before COVID-19, Asia Pacific has always been one of the leaders in digital payment adoption, driven by developed countries like China, Japan, South Korea and even India. This pandemic extended the use of this technology significantly further – particularly in still emerging economies in Southeast Asia and South Asia. As we all know, the lockdown restrictions forced everyone to shift their financial transactions online. But now, after analyzing the historical figures we have on financial threats, I also learned that there was another outbreak that started in early 2019 in APAC – banking Trojans,” said Kamluk.
Banking Trojans are considered one of the most dangerous malwares. They are known to steal money from users’ bank accounts through either obtaining access credentials or one-time passwords to online bank accounts or to manipulate the user and hijack control for the live online banking session from the legitimate owner. And because online payment usage has been on an all-time high and the still-needing-improvement consumer attitudes towards protecting their devices, banking Trojan is among the most impactful malware for home users. 

KSN's historical data analysis that span for a decade showed that South Korea was among the pioneer countries in APAC that has been victimized from banking Trojans on 2011-2012. However, since 2013, it showed significantly low relative numbers of infections and currently is at the bottom of the list of banking Trojans infected countries in the region. 

Meanwhile, most of other developed countries show low statistics of banking Trojans detection, too, while developing countries seem to have become and remain a hot spot for the criminals since 2019.
“Banking Trojans were not the biggest concern of many countries in APAC until 2019 when an outbreak of infections appeared in multiple countries at once. From then on there was no looking back. Our telemetry shows that this malicious threat has grown in terms of detections and reach. We see that it will continue to pose a significant threat to both financial organizations and individuals here as we continue to see more users and startups dipping their feet into the digital payments field,” added Kamluk.
For regional distribution, the Philippines tallied the highest number of unique users attacked in APAC at 22.26% of all banking Trojans discovered in the region, followed by Bangladesh (12.91%), Cambodia (7.16%), Vietnam (7.04%), and Afghanistan (7.02%).

Kamluk also listed the types of financial threat actors, based on analysis of almost 300 publicly reported financial sector cyber-incidents since 2007. These include:

Non-state actors (cybercriminals) – individuals or criminal groups seeking personal gains and illegal profit. Often interested in unauthorized access to sensitive payment processing systems, ATM networks, but also running blackmailing after DDoS or ransomware attack. The result of such attacks are either disruption of business operations or money theft.

State-sponsored – organized skilled hackers, more likely on a payroll. Their job is to sneak behind enemy lines at other nations’ sensitive networks to map assets, install malicious backdoors, and even to conduct massive financial heists in some cases.

Insiders – a day in the office of these threat actors involves stealing corporate intellectual property, either to resell for personal profit or to further the objectives of the nation-state that employs them. 
Multiple actors – a combination of the abovementioned types.

Unknown – this is not an attacker type by itself, it simply includes all cases where it wasn’t clear who was behind the attack.
“The proportion of the unknown has grown over time, which is an alarming trend. With the growth of the number of attacks, there seems to be an alarming trend of financial institutions becoming less and less capable of identifying who attacked them. The unknown, unidentified threat actors were behind 60% of the attacks in 2020, but this number will likely grow up to 75% this year,” Kamuluk commented.
To better secure companies and individuals against these known and unknown cybercriminals, Kamluk shares the following reminders:
  • For financial organizations and enterprises, in general:
  • Defend your perimeter with reliable vendor
  • Run cybersecurity drills
  • Verify your supply chain software
  • Monitor the latest trends and attacks [] 
  • Motivate staff to report suspicious findings and contacts
  • For individuals:
  • Update your software regularly
  • Pay attention to security software alerts
  • Be more suspicious in communication
  • Use complex passwords and 2FA
  • Use hardware digital wallets and diligently follow its security protocols
  • Install a reliable security solution for your devices – including mobile phones
Author: slickmaster | © 2021 The SlickMaster's Files

No comments:

Post a Comment

Feel free to make a comment as long as it is within the bounds of the issue, and as long as you do it with decency. Thanks!