How financial cybercrime targets shifted in 2020

COVID lockdowns may be behind a major change toward targeting e-commerce and using new forms of attacks, Kaspersky finds.

Padlock on Top of Credit Cards on Keyboard Cyber Security Concept

Getty Images/iStockphoto

If 2020 proved anything it’s that humans are resilient, and that goes doubly for cybercriminals engaged in financial crimes. Kaspersky found that the overall volume of threats to PCs and Android devices decreased in 2020, but rather than this being a positive sign it only signaled a concentrated shift toward new targets, new methods and new geographic regions. 

More about cybersecurity

Looking back on data gathered through its security software, Kaspersky said that a number of major changes were noticed throughout the past year. Alongside shifts in what types of financial institutions were being targeted, Kaspersky also noticed regional malware actors going global and advanced persistent threats (hacking groups backed by governments, e.g., Lazarus Group) that aren’t normally involved in financial crimes broadening their horizons to include such acts in 2020.

SEE: Identity theft protection policy (TechRepublic Premium)

In terms of specific numbers, Kaspersky noticed a slight decline in the number of users hit by phishing attacks in 2020, with only 13.21% being targeted, compared to 15.7% in 2019. There was also a significant drop in the number of users attacked by banking trojans, and Android banking malware attacks dropped by more than 55% in 2020. 

The types of phishing attacks that Kaspersky detected underwent a major shift in 2020, with non-financial attacks jumping from 48.6% of phishing to 62.75%. Financial phishing attacks, which Kaspersky divides into bank, payment system and e-shop categories, experienced a major shift as well: Banks dropped from 27% of phishing attacks to 10.72%, payment systems decreased from 16.67% to 8.41%, and online shops rose from 7.57% of phishing in 2019 to 18.12% in 2020.

The massive shift toward targeting e-commerce shops was likely due to more people using them due to COVID-19 lockdowns, Kaspersky said. Along with the leap in numbers of phishing attacks targeting online shops, the most targeted brands shifted too, with Amazon outpacing 2019 leader Apple, gaming platform Steam facing twice as many phishing attempts, and “other” shops being targeted more frequently as well.

Payment systems, such as credit cards and online payment platforms, experienced a large shift as well: In 2019, Visa was the target of 37.6% of payment platform phishing attacks, but in 2020 it fell to fourth place, ceding the lead to PayPal, which faced 38.7% of attacks. 

“2020 has shown that cybercriminals can easily adapt to new realities of the changing world,” Kaspersky said in its report. “Regional scam factories targeting financial organizations are increasingly reaching the global level, potentially resulting in more growth in 2021. Thus, even though the general statistics look positive, we have to consider the massive threat landscape still faced by financial organizations,” it said. 

SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)

Kaspersky makes several recommendations for individuals and businesses to fight the ever-changing landscape of cyber threats. For individuals, Kaspersky recommends:

  • Only install applications from trusted sources, like official app stores or developer websites,
  • Reviewing the access rights an app requests, and not granting access if a requested permission falls outside of the scope of what the app should need,
  • Don’t follow links from inside emails, and never open documents from unverified sources,
  • Install a trusted security product.

For businesses, Kaspersky recommends:

  • Introducing cybersecurity awareness training for employees, particularly those that deal with finance and accounting,
  • Enable a default deny mode for web resources on critical user profiles to ensure those users are only accessing known and trusted sites,
  • Keep all software updated,
  • Make sure anti-APT software and endpoint detection and response solutions are installed on all hardware that needs it.

Also see