Our experts analyzed the financial cyberthreats of the past year and published a thorough report on Securelist. The most disturbing fact for financial institutions is the rise of business target share: 19% of banking malware victims were corporate users.
Apparently, cybercriminals began to shift their interest from consumers to businesses. It may be harder to infect businesses with malware, but it is definitely more profitable, because if they gain entry, they can get access to a company’s financial resources. Although we saw a significant decrease last year in the number of financial malware victims (a 30% drop for the PC platform, 15% for Android) the share of corporate targets has risen. Now almost every fifth banking malware attack is focused on the corporate sector. In particular, we have registered a rise of ATM malware cases.
However, phishing remains cybercriminals’ favorite trick. Financial phishing usually targets consumers, but banks and payment systems also suffer when their clients are deceived. Last year we saw an increase in financial phishing: Our technologies detected 246,231,645 attempts to visit various kinds of phishing pages, and 53.8% of them tried to mimic banks, payment systems, or online stores.
Another threat you should be aware of is a supply-chain attacks. As shown by the cases of ExPeter and ShadowPad, malefactors can infect with Trojan updates for the software that is used in financial institutions, among other places.
You can find the complete report on Securelist.
Advice you can use
Your corporate infrastructure needs a multilayered and complex protection system. Every node in your network should be protected: from employees’ workstations to servers, from ATMs to the queuing system’s information panels. Endpoint protection is just a start; advanced detection and response technologies are necessary as well. On top of those, layer the following best practices:
- Teach your employees (for the hundredth time) not to click on links or open attachments from untrusted sources;
- Pay special attention to endpoints that are responsible for financial transactions. Their software — all software, including protective solutions — should always be up to date. Forbid execution of unauthorized software on those endpoints (i.e., implement a default-deny policy);
- Arrange special cybersecurity awareness training for those employees who work with online financial tools.