In 2021, the financial threats landscape witnessed positive changes with the overall number of users affected by malware reduced significantly, including a 35% drop in PC malware. Still, financial organizations, as cybercriminals’ most lucrative targets, continue to face massive threats. According to Kaspersky’s new Financial cyberthreats in 2021 report, attacks are becoming increasingly corporate rather than consumer focused. In 2021, every third (37.8%) PC banking malware attack targeted corporate users, representing a growth of almost 14% since 2018.
While 2021 saw an expansion in threats to financial organizations on a global scale, there was a continuation of the downward trend of PC and mobile malware previously seen in 2020. In fact, the number of users who encountered PC malware decreased by 35% – from 625,364 in 2020 to 405,985 in 2021. As for the Middle East, the experts say that in the recent years the dynamic has changed: the region has not seen a little mass distributed banker and is close to becoming a safe zone for the private users. However, the attacks that are happening are more targeted and sophisticated then the ordinary ones.
Although the overall statistics look reassuring, the risk of cyberattacks is far from over, especially for corporate networks. Kaspersky experts report a continuation of this decade’s emerging trend of banking Trojans targeting corporate users. Between 2020 and 2021, corporate users’ share of banking malware attacks rose by almost 2% and increased a significant 13.7% points between 2018 and 2021.
Notably, in recent years the growth of corporate users’ share was slower than in pre-pandemic years. Kaspersky experts attribute this to the continuing shift towards remote and hybrid work modes. While the pandemic saw both the rise and fall of mandatory restrictions, many companies have decided to continue with remote or hybrid work models and not return to the traditional office work mode. During the pandemic, some organizations’ employees resorted to using home devices protected by consumer solutions, which are insufficient for working purposes. Because attacks detected on home devices are counted as ‘consumer’ threats, regardless of whether the device was being used for working on corporate networks, there is a likely possibility that cybercriminals are even more interested in corporate users than Kaspersky statistics reflect.
What is more, only four malware families were responsible for the attacks on about half of all affected users. While Zbot maintained its position as the number one used malware among financial cybercriminals, SpyEye surged from the eighth most common banking malware, at a 3.4% share in 2020, to the second most common at 12.2% in 2021. At the same time, Emotet (9.3%), described by Europol as “the world’s most dangerous malware”, saw a drop of five percentage points between 2020 and 2021. This coincides with law enforcement agencies’ global collaboration to obstruct the botnet’s infrastructure at the beginning of 2021, which limited Emotet’s activities for at least part of the year.
‘The growth of attacks on corporate users demonstrates that good security measures and high levels of security awareness are integral to the safety of organizations. Successful financial attacks directed at corporate users often impact the whole organization, not just a single user. And, from our experience, large botnets, such as Emotet, do not target particular users or companies but instead go for the low-hanging fruit, penetrating any organization that they can and later determining whether it is worth expanding its attacks further. Once a cybercriminal penetrates a corporate network, the whole system is at risk. The target does not even have to be connected to devices in the accounting or finance departments – by infecting any device on the same network, attackers can often access devices from those departments. To prevent such attacks from happening and spreading, organizations must make sure that users are aware of the risks that phishing emails or untrusted websites present,’ comments Oleg Kupreev, security expert at Kaspersky.