2016 has seen several powerful financial cybercriminal groups specifically targeting large and financially sound organizations. Multiple banks, payment processing systems, hotels, retailers and plenty of other businesses relying on PoS payments were brutally targeted.
Details about such attacks were just described in a new Kaspersky Lab report. Cybercriminal gangs such as the one behind Carbanak stole millions of dollars and caused irreparable damages. As to why cybercriminals have moved their focus towards larger organizations, the answer is quite simple: the bigger the fish, the bigger the gain.
Nonetheless, the shift towards high profile targets didn’t spare smaller businesses and home-based users from getting compromised and robbed. The report says that “the number of attacked users of this calibre started to grow again in 2016, following a decline in 2014 and 2015.”
Related: Top 3 Vulnerabilities Used in 2016 Exploit Kit Attacks
Having said that, one question remains to be addressed, and that’s exactly what Kaspersky researchers did.
What were the most prevalent attacks in 2016 (that ended up with huge financial profit on the criminals’ side)?
Phishing Attacks 2016
Phishing continued to be one of the most prevalent financial-draining activities throughout 2016. Researchers even claim to have seen more phishing attempts last year, in addition to the attack scenarios becoming more professional and sophisticated.
For the first time in 2016, the detection of phishing pages which mimicked legitimate banking services took first place in the overall chart – as criminals sought to trick their victims into believing they were looking at genuine banking content or entering their details into real banking systems.
Related: Most Ludicrous Ransomware in 2016
Moreover, financial phishing’s share reached 47.48% of all phishing heuristic detections. The number is the highest so far for financial phishing on Windows, Kaspersky Lab researchers reveal adding that “every fourth attempt to load a phishing page blocked by Kaspersky Lab products was related to banking phishing”.
Banking Malware 2016
Unfortunately, banking malware also saw an increase last year, leading to the increase of attacked users. According to the report, the number of users attacked with banking Trojans increased by 30.55% and reached 1,088,900. In addition, approximately 18% of banking malware victims is represented by corporate users. Most victims were found in Users in Russia, Germany, Japan, India, Vietnam and the US.
The trends show us that although professional cybercriminal groups have indeed shifted a lot of their attention to targeted attacks against large companies, regular users and smaller firms are still being targeted with the help of widespread malware including Zbot, Gozi, Nymaim, Shiotob, ZAccess, Tinba, Shiz and more.
Android Banking Malware 2016
2016 was quite intense in terms of Android malware. Kaspersky’s report reveals some “particularly interesting activity”. From the middle of the year the researchers were able to establish an exponentially increasing rate of Android-based attacks, “from just 3,967 attacked users in January to around 75,000 in October 2016”. The most targeted users were in Russia, Australia and Ukraine, where the highest percentage of attacks was found.
Interestingly we discovered that just two families of malware were responsible for this sudden change: Asacub and Svpeng, which affected a large number of users, most of whom were in Russia. While Asacub was distributed actively via SMS, Svpeng was spread through Google AdSense and took advantage of a security issue in a popular mobile browser.
For full technical disclosure, read the full report by Kaspersky Lab.