In 2021, the financial threats landscape witnessed positive changes with the overall number of users affected by malware reduced significantly, including a 35% drop in PC malware. Still, financial organisations, as cybercriminals’ most lucrative targets, continue to face massive threats.
According to Kaspersky’s new Financial cyberthreats in 2021 report, attacks are becoming increasingly corporate rather than consumer-focused. In 2021, every third (37.8%) PC banking malware attack targeted corporate users, representing a growth of almost 14% since 2018.
While 2021 saw an expansion in threats to financial organisations on a global scale, there was a continuation of the downward trend of PC and mobile malware previously seen in 2020. In fact, the number of users who encountered PC malware decreased by 35% – from 625,364 in 2020 to 405,985 in 2021.
Although the overall statistics look reassuring, the risk of cyberattacks is far from over, especially for corporate networks. Kaspersky experts report a continuation of this decade’s emerging trend of banking Trojans targeting corporate users. Between 2020 and 2021, corporate users’ share of banking malware attacks rose by almost 2% and increased a significant 13.7% points between 2018 and 2021.
PC malware attacks directed at corporate users
Notably, in recent years the growth of corporate users’ share was slower than in pre-pandemic years. Kaspersky experts attribute this to the continuing shift towards remote and hybrid work modes. While the pandemic saw both the rise and fall of mandatory restrictions, many companies have decided to continue with remote or hybrid work models and not return to the traditional office work mode. During the pandemic, some organisations’ employees resorted to using home devices protected by consumer solutions, which are insufficient for working purposes. Because attacks detected on home devices are counted as ‘consumer’ threats, regardless of whether the device was being used for working on corporate networks, there is a likely possibility that cybercriminals are even more interested in corporate users than Kaspersky statistics reflect.
What is more, only four malware families were responsible for the attacks on about half of all affected users. While Zbot maintained its position as the number one used malware among financial cybercriminals, SpyEye surged from the eighth most common banking malware, at a 3.4% share in 2020, to the second most common at 12.2% in 2021. At the same time, Emotet (9.3%), described by Europol as “the world’s most dangerous malware”, saw a drop of five percentage points between 2020 and 2021. This coincides with law enforcement agencies’ global collaboration to obstruct the botnet’s infrastructure at the beginning of 2021, which limited Emotet’s activities for at least part of the year.
“The growth of attacks on corporate users demonstrates that good security measures and high levels of security awareness are integral to the safety of organisations. Successful financial attacks directed at corporate users often impact the whole organisation, not just a single user. And, from our experience, large botnets, such as Emotet, do not target particular users or companies but instead go for the low-hanging fruit, penetrating any organisation that they can and later determining whether it is worth expanding its attacks further.
“Once a cybercriminal penetrates a corporate network, the whole system is at risk. The target does not even have to be connected to devices in the accounting or finance departments – by infecting any device on the same network, attackers can often access devices from those departments. To prevent such attacks from happening and spreading, organisations must make sure that users are aware of the risks that phishing emails or untrusted websites present,” comments Oleg Kupreev, security expert at Kaspersky.