2020 was challenging for everyone: corporations, regulators, someones. Due to the limits imposed by the epidemiological situation, particular categories of users and business were increasingly targeted by cybercriminals. While we were adjusting to remote work and the remainder of the new conditions, so were scammers. As a outcome, 2020 was extremely eventful in terms of digital menaces, in particular those faced by financial institutions.

At the same time, some of the known APT( Advanced lingering threats) groups that are not generally targeting international financial institutions “re just trying” their hand at it. Existing at a special crossroads between APT and financial crime, the Lazarus group has already been among the most active ones in the financial sphere. In 2020, different groups tried its hand at the big extortion game with the VHD ransomware family. Later on other groups, such as MuddyWater, followed suit.

Moreover, in 2020, we assured regional actors move global. A few Brazilian malware families expanded their operations to other continents, targeting victims in Europe and Asia. We have dubbed the first four families to have done this( Guildma, Javali, Melcoz, Grandoreiro)” the Tetrade “. Later on the authors of Guildma likewise made the new banking malware Ghimob targeting consumers located in Brazil, Paraguay, Peru, Portugal, Germany, Angola, and Mozambique.

Of course, the known fiscal threats have remained, too. Thus, the year 2020 insured a surge in the use of Emotet, described by Interpol as “the world’s most dangerous malware”. In the opening up of 2021, law enforcement agencies all over the world joined their forces to disrupt the botnet’s infrastructure. According to Kaspersky experts, the operation will frustrate Emotet’s activities for at least several months. In the meantime, at least some of Emotet patrons have switched to Trickbot.

Even though, in 2020, we have seen ever more sophisticated cyberattacks, the overall statistics look encouraging: the number of users hit by computer and mobile malware wanes, so does financial phishing. Still, that does not mean to say that the cyber world has become a safer place- it meant that the cybercriminals’ purposes and tactics have undergone a number of changes. Despite the decreasing general statistics, we be understood that attacks have become more targeted and business-oriented. At the same time, we observe cybercriminals to skillfully adapt themselves to the world changes and benefit from the teleworking vulnerabilities and the rising popularity of online shopping. This report aims to shed a light on more details of financial cyberthreats in 2020.

This research is a continuation of our annual financial menace reports( 2019, 2018 and 2017) furnishing a general overview of the latest trends and key events across the financial threat landscape. Traditionally, the study coverings the common phishing threats encountered by users, along with Windows and Android-based financial malware.

Methodology

In this research, by financial malware we entail several types of malevolent software. Firstly, we recognize as financial the malware targeting customers of financial services such as online banking, pay systems, e-money services, e-shops, and cryptocurrency services. Secondly, we use the term to define the malware attempting to gain access to fiscal organisations or their infrastructure. In most cases, fiscal malware attacks are dependent upon spamming and phishing activities, such as creating and distributing fake finance themed web pages and emails to steal the victims’ payment info.

To examine the financial sector threat landscape, Kaspersky researchers have analyzed the malicious activities on devices owned by individuals use the Kaspersky security products, which they volunteered to make available to us through the Kaspersky Security Network. The corporate consumer statistics were collected from the enterprise security solutions, after our clients agreed to share their data with Kaspersky.

The the necessary data for 2020 was mostly compared against 2019 to monitor the malware development trends. However, in some parts, for better insight into the financial malware evolution, the study likewise refers to earlier times.

Key findings

Phishing 😛 TAGEND

In 2020, the percentage of users hit by phishing declined slightly from 15.7% to 13.21%. This time around, e-shops became the target of choice for phishing strikes. Virtually every fifth attempted visit to a phishing page blocked by Kaspersky products has been related to online store phishing. Phishing attacks against PayPal consumers rose from 26.8% in 2019 to 38.7% in 2020. The longtime president of the category, Visa, dropped to the fourth place with 10.2% of phishing attacks against users of payment systems successfully prevented by Kaspersky in 2020.

PC 😛 TAGEND

In 2020, 625,364 users came under attack by banking Trojans- 148,579 less from 773,943 in 2019. This year, consumers in Russia, Germany and Kazakhstan were the most frequent targets of financial malware. Zbot is still the most widespread banking malware( 22.2 % of assaulted customers ), the second place is now held by CliptoShuffler( 15.3% ), with Emotet( 14.5%) in the third place as before. 36% of users hit by banking malware are corporate ones- an increase of one percentage point from the previous year.

Mobile 😛 TAGEND

This time, the number of users assaulted by Android banking malware rapidly dropped by more than 55%: from 675,772 in 2019 to 294,158 in 2020. Japan, Taiwan and Spain objective up with the highest percentage of users hit by Android banking malware.

Financial phishing

Financial phishing is one of the most popular tools used by cybercriminals to make money. Its prevalence is explained by the fact that it does not require much investment or technical expertise. In most cases, successful scammers win access either to the victim’s fund or data that can be sold or otherwise monetized.

! function( e, i, n, s ) var t= “InfogramEmbeds”, d= e.getElementsByTagName( “script” )[ 0 ]; if( window[ t ]&& window[ t ]. initialized) window[ t ]. process && window[ t ]. process (); else if (! e.getElementById( n )) var o= e.createElement( “script” ); o.async= 1, o.id= n, o.src= “https :// e.infogram.com/ js/ dist/ embed-loader-min.js”, d.parentNode.insertBefore( o, d )( document, 0, “infogram-async” );

Percentage of fiscal phishing onslaughts( of the overall phishing onslaughts) detected by Kaspersky, 2016- 2020( download)

In 2020, Kaspersky anti-phishing technologies detected 434,898, 635 attempted visits to various types of phishing pages. As can be seen from the graph above, 37.2% of those were related to financial phishing- 14.2 p.p. less than the figure registered for use in 2019( 51.4% ). The lowest fiscal phishing percentage in the past five years.

By” financial phishing” we entail not banking phishing alone but several other types as well. For one, there are the’ pay systems ‘, which include pages simulating the well-known payment brands like PayPal, Visa, MasterCard, American Express and others. There are also the’ e-shops’ which include online stores and auction websites like Amazon, Apple store, Steam, E-bay and others.

In 2019, the financial phishing examples detected by Kaspersky products were distributed as follows 😛 TAGEND

! part( e, i, n, s ) var t= “InfogramEmbeds”, d= e.getElementsByTagName( “script” )[ 0 ]; if( window[ t ]&& window[ t ]. initialized) window[ t ]. process && window[ t ]. process (); else if (! e.getElementById( n )) var o= e.createElement( “script” ); o.async= 1, o.id= n, o.src= “https :// e.infogram.com/ js/ dist/ embed-loader-min.js”, d.parentNode.insertBefore( o, d )( document, 0, “infogram-async” );

Distribution of fiscal phishing suits by type in 2019( download)

! part( e, i, n, s ) var t= “InfogramEmbeds”, d= e.getElementsByTagName( “script” )[ 0 ]; if( window[ t ]&& window[ t ]. initialized) window[ t ]. process && window[ t ]. process (); else if (! e.getElementById( n )) var o= e.createElement( “script” ); o.async= 1, o.id= n, o.src= “https :// e.infogram.com/ js/ dist/ embed-loader-min.js”, d.parentNode.insertBefore( o, d )( document, 0, “infogram-async” );

Distribution of financial phishing instances by form in 2020( download)

The year 2020 was definitely a unique one when it comes to financial phishing. One time back, we reported an increase in bank-related phishing from less than 22% to almost 30%. In 2020, banking phishing reached only 10.72 percent of the total. The e-shops, with 7.57% in 2019, on the contrary, nearly tripled reaching 18.12%. Kaspersky experts connect these changes with the lockdown measures due to the pandemic- at home most of the time, people turned to online shopping and digital recreation. Thus, growing requirement from the users has led to increased ” supply” from the cybercriminals. It should be noted that, while online shopping proved the most appealing field for scammers, pay systems “re not” that is something that of a tempt- their share barely reaching 8.41%.

2019 statistics on payment systems 😛 TAGEND

! function( e, i, n, s ) var t= “InfogramEmbeds”, d= e.getElementsByTagName( “script” )[ 0 ]; if( window[ t ]&& window[ t ]. initialized) window[ t ]. process && window[ t ]. process (); else if (! e.getElementById( n )) var o= e.createElement( “script” ); o.async= 1, o.id= n, o.src= “https :// e.infogram.com/ js/ dist/ embed-loader-min.js”, d.parentNode.insertBefore( o, d )( record, 0, “infogram-async” );

The most frequently used brands in’ payment systems’ financial phishing strategies in 2019( download)

As can be observed from the graph above, the users of Visa Inc.( 37.6%) were targeted the most in 2019. PayPal came in second with 26.8%, while MasterCard closed the top 3.

! function( e, i, n, s ) var t= “InfogramEmbeds”, d= e.getElementsByTagName( “script” )[ 0 ]; if( window[ t ]&& window[ t ]. initialized) window[ t ]. process && window[ t ]. process (); else if (! e.getElementById( n )) var o= e.createElement( “script” ); o.async= 1, o.id= n, o.src= “https :// e.infogram.com/ js/ dist/ embed-loader-min.js”, d.parentNode.insertBefore( o, d )( record, 0, “infogram-async” );

The most frequently used brands in’ pay systems’ fiscal phishing strategies in 2020( download)

In 2020, the PayPal brand name( 38.7%) was used for scam more than those of any other popular payment system. Its share be increased by 12 p.p.

Example of a phishing page targeting PayPal users

Mastercard built it to the second place slightly increasing its share from 16.3% to 17.5%. The third and the fourth places, with a tiny difference between them, were taken by American Express( 10.6%) and Visa( 10.2% ). As was observed, in 2020, scammers mimicked Visa Inc. 3.5 times less than in 2019( 37.6% ).

Example of a phishing page targeting Visa users

In 2019, we analyzed the’ e- shop’ brands most frequently used by cybercriminals in fiscal phishing schemes. The ensues demonstrated Apple( 42.8%) to be the number one choice for scam. The online stores Amazon( 23.6%) and eBay( 14.2%) took the second and the third place respectively.

! role( e, i, n, s ) var t= “InfogramEmbeds”, d= e.getElementsByTagName( “script” )[ 0 ]; if( window[ t ]&& window[ t ]. initialized) window[ t ]. process && window[ t ]. process (); else if (! e.getElementById( n )) var o= e.createElement( “script” ); o.async= 1, o.id= n, o.src= “https :// e.infogram.com/ js/ dist/ embed-loader-min.js”, d.parentNode.insertBefore( o, d )( record, 0, “infogram-async” );

Brands most frequently used in’ e-shop’ fiscal phishing schemes, 2019( download)

Examples of phishing pages based on the online store brands most used by cybercriminals

In 2020, as the e-shop phishing continued to grow, Amazon constructed it to the first place with 27.8% of total. Challenged by the popular online storage, Apple( 27.1%) stepped down to the second place, its share reduced by 15 p.p. Steam and eBay swapped its own position- Steam( 14.9%) finished third, and eBay( 12.8%) fourth.

! role( e, i, n, s ) var t= “InfogramEmbeds”, d= e.getElementsByTagName( “script” )[ 0 ]; if( window[ t ]&& window[ t ]. initialized) window[ t ]. process && window[ t ]. process (); else if (! e.getElementById( n )) var o= e.createElement( “script” ); o.async= 1, o.id= n, o.src= “https :// e.infogram.com/ js/ dist/ embed-loader-min.js”, d.parentNode.insertBefore( o, d )( record, 0, “infogram-async” );

Brands most frequently used in’ e-shop’ fiscal phishing schemes, 2020( download)

Banking malware for PC

In this study, we analyze the banking malware that steals the credentials used to access online banking or payment system accounts and to intercept one-time passwords.

After an upsurge of malware activity in October 2016, when as many as 1,494, 236 consumers hard hit, we observed a gradual decline in the number of users assaulted with banking malware. 2020 was no exception. The number of assaulted users has waned from 773,943 in 2019 to 625,364- almost a 20% drop.

The reduction can be explained by the fact that onslaughts are becoming more targeted- cybercriminals now prefer to attack large-scale business. Yet common users and small entities continue to fall victim to cybercriminal groups such as Zbot, CliptoShuffler, Emotet, RTM and others.

! part( e, i, n, s ) var t= “InfogramEmbeds”, d= e.getElementsByTagName( “script” )[ 0 ]; if( window[ t ]&& window[ t ]. initialized) window[ t ]. process && window[ t ]. process (); else if (! e.getElementById( n )) var o= e.createElement( “script” ); o.async= 1, o.id= n, o.src= “https :// e.infogram.com/ js/ dist/ embed-loader-min.js”, d.parentNode.insertBefore( o, d )( record, 0, “infogram-async” );

Dynamic change in the number of unique users attacked with banking malware 2018- 2020( download)

The main actors

Every year we detect multiple families of banking malware: some of them become outdated, some, on the contrary, gain popularity among cybercriminals. Below is a list of top 10 most active banking malware households detected in 2019. The resulting ones were Zbot( 21.6% ), RTM( 19.8% ), Emotet( 12.6% ), CliptoShuffler( 5.6%) and Trickster( 5.5% ).

! part( e, i, n, s ) var t= “InfogramEmbeds”, d= e.getElementsByTagName( “script” )[ 0 ]; if( window[ t ]&& window[ t ]. initialized) window[ t ]. process && window[ t ]. process (); else if (! e.getElementById( n )) var o= e.createElement( “script” ); o.async= 1, o.id= n, o.src= “https :// e.infogram.com/ js/ dist/ embed-loader-min.js”, d.parentNode.insertBefore( o, d )( document, 0, “infogram-async” );

TOP 10 most widespread banking malware families in 2019( download)

This time we continued tracking the most active banking malware households. It is quite noteworthy that only four of them( Zbot, CliptoShuffler, Emotet and RTM) account for more than one half of the attacked users. Below is a list of top 10 banking malware households we detected in 2020.

! role( e, i, n, s ) var t= “InfogramEmbeds”, d= e.getElementsByTagName( “script” )[ 0 ]; if( window[ t ]&& window[ t ]. initialized) window[ t ]. process && window[ t ]. process (); else if (! e.getElementById( n )) var o= e.createElement( “script” ); o.async= 1, o.id= n, o.src= “https :// e.infogram.com/ js/ dist/ embed-loader-min.js”, d.parentNode.insertBefore( o, d )( document, 0, “infogram-async” );

TOP 10 most widespread banking malware families in 2020( download)

While Zbot( 22.2%) still enjoys the status of the most used malware in the financial sphere, there were some changes in the list. RTM, with 10.5%, fell from the second to the fourth place, while two other families, CliptoShuffler( 15.3%) and Emotet( 14.5% ), both climbed higher in 2020. Notably, Gozi( 3.3% ), the second most active family just two years ago, was pushed out to the ninth place.

What is more, time 2020 has also been special for expansion of regional threat actors into the outside world. Thus, the four large-scale Brazilian households we have called the Tetrade went global targeting not only Latin America but Asian and European countries as well.

Geography of attacked users

To assess and compare the degree of computer infection risk faced by users in different countries of the world, we have calculated for each country the proportion of Kaspersky product consumers faced by the threat during the period of report versus the total number of users attacked by fiscal malware.

Traditionally, more than half of all users hit with banking malware in 2019 and 2020 came from 10 countries. In 2019, the top 10 was as follows 😛 TAGEND

Russian Federation 33.6% Germany 7.4% China 3.3% Brazil 3% India 3% Mexico 3% Vietnam 2.70% Italy 2.60% Kazakhstan 2% United States 2%

In 2019, Russia’s share reached 33.6% of the full amounts of the, Germany finishing second with 7.4%, and China closing the top three with 3.3%.

In 2020, the situation was as follows 😛 TAGEND

Russian Federation 26.6 Germany 4.5 Kazakhstan 4.1 Brazil 3.4 China 3.4 Italy 3.3 India 3.1 Mexico 2.8 Vietnam 2.8 Uzbekistan 2.3

As can be seen from the chart, despite the decline Russia( 26.6%) and Germany( 4.5%) still hold the first and second places in the top 10. Notably, Russia’s figures ever tend to be the highest due to the fact that most Kaspersky customers are located in Russia. Kazakhstan, which used to be 9th with 2 %, this year broke into the top three having added 2 more percentage points.

Kind of users assaulted

It can be noticed that financial malware becomes more corporate-oriented. This year we to be recognised that 36% of users attacked by banking malware are corporate ones- one percentage point up from the previous year. This partly substantiates our hypothesis about cybercriminals shifting their attention to the corporate sector. Still, the increase is relatively small, and we expect the redistribution of onslaughts between corporate and private customers to clarify matters in the near future.

! function( e, i, n, s ) var t= “InfogramEmbeds”, d= e.getElementsByTagName( “script” )[ 0 ]; if( window[ t ]&& window[ t ]. initialized) window[ t ]. process && window[ t ]. process (); else if (! e.getElementById( n )) var o= e.createElement( “script” ); o.async= 1, o.id= n, o.src= “https :// e.infogram.com/ js/ dist/ embed-loader-min.js”, d.parentNode.insertBefore( o, d )( document, 0, “infogram-async” );

Corporate vs consumer product customers, 2019-2020( download)

All in all, in 2020, companies became more vulnerable due to the restrictions for onsite job and staff members, coupled with increased number of employees applying the corporate network remotely. The hasty transition to teleworking has affected the corporate security- most enterprises were not ready to go online. Some of them lacked the machines, so employees had to use their home computers for study. Lack of online security training, default laptop configurations left as is, vulnerable remote access connections- together these factors have paved way to different sorts of assaults, including banking malware scams.

Sryptocurrency pertained cyberthreats in 2020

Three years ago, in 2018, cryptocurrencies made the hottest topic and turned the eyes of the whole cybersecurity community to the new peril. We have analyzed the hidden mining software cybercriminals spread to coin money at the users’ cost, and found that today the malicious activity is not that widespread.

! function( e, i, n, s ) var t= “InfogramEmbeds”, d= e.getElementsByTagName( “script” )[ 0 ]; if( window[ t ]&& window[ t ]. initialized) window[ t ]. process && window[ t ]. process (); else if (! e.getElementById( n )) var o= e.createElement( “script” ); o.async= 1, o.id= n, o.src= “https :// e.infogram.com/ js/ dist/ embed-loader-min.js”, d.parentNode.insertBefore( o, d )( record, 0, “infogram-async” );

Number of users assaulted by mining malware in 2019( download)

! function( e, i, n, s ) var t= “InfogramEmbeds”, d= e.getElementsByTagName( “script” )[ 0 ]; if( window[ t ]&& window[ t ]. initialized) window[ t ]. process && window[ t ]. process (); else if (! e.getElementById( n )) var o= e.createElement( “script” ); o.async= 1, o.id= n, o.src= “https :// e.infogram.com/ js/ dist/ embed-loader-min.js”, d.parentNode.insertBefore( o, d )( document, 0, “infogram-async” );

Number of users attacked by mining malware in 2020( download)

! role( e, i, n, s ) var t= “InfogramEmbeds”, d= e.getElementsByTagName( “script” )[ 0 ]; if( window[ t ]&& window[ t ]. initialized) window[ t ]. process && window[ t ]. process (); else if (! e.getElementById( n )) var o= e.createElement( “script” ); o.async= 1, o.id= n, o.src= “https :// e.infogram.com/ js/ dist/ embed-loader-min.js”, d.parentNode.insertBefore( o, d )( record, 0, “infogram-async” );

Geography of mining onslaughts, 2020( download)

Thus, in 2020, we continued to observe a downward tendency for this type of threat. Yet by the end of the year the numbers reached a certain plateau, and we even determined local trend reversals. It is likely that the sharp increase in cryptocurrency prices at the end of 2020 may boost the threat in early 2021. Moreover, due to the COVID crisis, we are to be able to yet consider some economies collapsing and local currencies plummeting in 2021, which would turn cryptomining a lot more attractive.

Mobile banking malware

Android banking malware is a well-known threat Kaspersky experts have been analyzing for years. Last time was a dramatic one in terms of mobile banking malware. As set out in our previous annual report, in 2019, the number of users hit by it fallen to merely over 675 thousand from around 1.8 million in 2018.

! role( e, i, n, s ) var t= “InfogramEmbeds”, d= e.getElementsByTagName( “script” )[ 0 ]; if( window[ t ]&& window[ t ]. initialized) window[ t ]. process && window[ t ]. process (); else if (! e.getElementById( n )) var o= e.createElement( “script” ); o.async= 1, o.id= n, o.src= “https :// e.infogram.com/ js/ dist/ embed-loader-min.js”, d.parentNode.insertBefore( o, d )( document, 0, “infogram-async” );

Number of users attacked with Android banking malware, 2018- 2019( download)

In 2020, we find a continuation of current trends as the number of assaulted consumers decreased by slightly less than 60% to 294,158.

! function( e, i, n, s ) var t= “InfogramEmbeds”, d= e.getElementsByTagName( “script” )[ 0 ]; if( window[ t ]&& window[ t ]. initialized) window[ t ]. process && window[ t ]. process (); else if (! e.getElementById( n )) var o= e.createElement( “script” ); o.async= 1, o.id= n, o.src= “https :// e.infogram.com/ js/ dist/ embed-loader-min.js”, d.parentNode.insertBefore( o, d )( record, 0, “infogram-async” );

Number of users assaulted with Android banking malware, 2019- 2020( download)

To get a better opinion of the above reasons behind these dramatic modifies, Kaspersky experts took a closer look at the landscape and reviewed the most widespread households over the year. In 2019, the situation was as follows 😛 TAGEND

! function( e, i, n, s ) var t= “InfogramEmbeds”, d= e.getElementsByTagName( “script” )[ 0 ]; if( window[ t ]&& window[ t ]. initialized) window[ t ]. process && window[ t ]. process (); else if (! e.getElementById( n )) var o= e.createElement( “script” ); o.async= 1, o.id= n, o.src= “https :// e.infogram.com/ js/ dist/ embed-loader-min.js”, d.parentNode.insertBefore( o, d )( record, 0, “infogram-async” );

Most widespread Android banking malware in 2019( download)

In 2020, Asacub’s( 25.6%) share is still the weightiest. Yet it shrank by 18.8 percentage points since 2019. Agent( 18.0%) is still in the second position, although a bit lighter from the year before. Svpeng( 12.8% ), which mostly hunts for the administrator rights on the infected device, this year was challenged by Rotexy( 17.9% ), in which the banking Trojan’s features are combined with those of a ransomware blocker.

! part( e, i, n, s ) var t= “InfogramEmbeds”, d= e.getElementsByTagName( “script” )[ 0 ]; if( window[ t ]&& window[ t ]. initialized) window[ t ]. process && window[ t ]. process (); else if (! e.getElementById( n )) var o= e.createElement( “script” ); o.async= 1, o.id= n, o.src= “https :// e.infogram.com/ js/ dist/ embed-loader-min.js”, d.parentNode.insertBefore( o, d )( document, 0, “infogram-async” );

Most widespread Android banking malware in 2020( download)

All in all, 2020 was rich in new mobile banking malware. Let us give a brief overview of this year’s major findings 😛 TAGEND

Trojan-Banker.AndroidOS.Ghimob.a New banking malware from the Tetrade group that went global this year and assaulted banks, exchanges, cryptocurrency exchangers and fintech organizations in Brazil, Paraguay, Peru, Portugal, Germany, Angola, and Mozambique. Ghimob was able to spy on a total of 153 mobile apps, which is impressive for a banking Trojan. Trojan-Banker.AndroidOS.Gorgona.a The malware mimics Google Play and uses the notification panel to attract the user’s attention. It can make and redirect bellows, execute USSD commands, install additional apps and block the device, if needed. If granted the permission to use Accessibility, it can get even more rights, for example, to receive and process text messages. Thus, it can gain control of the two-factor authentication. Uses TCP for C2 communication. Tends to target banks in Turkey. Trojan-Banker.AndroidOS.Knobot.a The new fiscal menace marketplace player. Alongside phishing windows and interception of the two-factor authentication messages, the Trojan offers several features not typical of financial menaces. For instance, a mechanism for interception of machine PIN code through Accessibility services. Ironically, it asks its victim to delegate the rights and even furnishes a small instruction on how to do it.

A screenshot of Trojan-Banker.AndroidOS.Knobot.a on user’s phone

Geography of attacked users

Top 10 countries by percentage of users hit by Android banking malware in 2019 😛 TAGEND

Russian Federation 0.72% South Africa 0.66% Australia 0.59% Spain 0.29% Tajikistan 0.21% Turkey 0.20% United Government 0.18% Italy 0.17% Ukraine 0.17% Armenia 0.16%

Top 10 countries by percentage of users hit by Android banking malware in 2020 😛 TAGEND

Japan 2.83% Taiwan( province of China) 0.87% Spain 0.77% Italy 0.71% Turkey 0.60% Korea 0.34% Russian Federation 0.25% Tajikistan 0.21% Poland 0.17% Australia 0.15%

As can be seen from the statistics, all the countries were completely reshuffled time on year. Russia from it top posture in 2019 moved to the 7th place in 2020. Armenia, which used to close the 2019 chart, left it wholly. On the other hand, Japan( 2.83%) and Taiwan( 0.87% ), not even mentioned in 2019, rapidly gained more customers hit by Android banking malware and made it to the top. Meanwhile Spain( 0.77%) deposed Australia from the third place with nearly 3 tens of thousands of affected users.

Conclusion

The year 2020 has shown that cybercriminals can easily adapt to new realities of the changing world. They keep updating their malware with new features and improving the detecting avoidance techniques. The general statistics in all the areas we have analyzed( PC and mobile malware, phishing) is on the downward trend, which is a good sign.

We have to be recognised that, in 2020, the phishing scammers have switched their attention from banks to e-shops. This tendency is closely related to the pandemic, which has greatly modified the public’s attitude towards online shopping: felons have differentiated its growing popularity and turned focus on it. We have registered a slight increase of the share of malware attacks against corporate customers. The emerging tendency of banking Trojans targeting corporate consumers is also of concern, as such onslaughts are likely to bringing more problems than attacks on people. At the same time, the regional scam mills targeting fiscal organisations are increasingly reaching countries around the world, potentially resulting in more growth in 2021. Thus, even though the general statistics look positive, we have to consider the massive menace landscape still faced by fiscal organizations.

For protection against fiscal threats, Kaspersky recommends customers to 😛 TAGEND

Install simply applications obtained from reliable sources, such as the official websites; Check the access rights and permissions requested by the application- do not grant them if they fail to match the app’s feature specify; Never follow associates from spam messages and never open documents attached to them; Install a trusted security answer, such as Kaspersky Security Cloud- it will protect you from a wide range of fiscal cyberthreats.

To protect your business from financial malware, Kaspersky security experts recommend 😛 TAGEND

Introduce cybersecurity awareness trainingfor your employees, particularly those responsible for accounting, to teach them to detect phishing pages and be enhanced the digital literacy of staff in general; For critical customer profiles, such as those in fiscal departments, enable the default deny mode for web resources to ensure that merely legitimate ones can be accessed; Install the latest updates and patches for all the software you use; For protection from complex threat and targeted attacks, install the anti-APT and EDR solutions for network menace detecting, incident investigation and timely recovery act. Provide your SOC team with access to the latest threat intelligence and regular upskill training. All these are available within the Kaspersky Expert Security framework.

Read more: securelist.com