banking malware

Over a third of banking malware attacks in 2019 targeted corporate users

3 Mins read

In 2019, 773,943 users of Kaspersky solutions were attacked globally by banking Trojans. Out of those, about 35.1% of users belonged to the corporate sector. African countries were also affected – about every hundredth user in South Africa, Nigeria, Kenya and Ethiopia was attacked by banking Trojans at least once a year, yet the share of corporate users that were affected differed considerably in these countries. This is as per the findings from the analysis of the financial threat landscape from Kaspersky.

Banking Trojans or ‘bankers’ are among the best tools for online criminals as they aim on stealing money. Bankers typically search for the credentials of users for e-payment and internet banking, hijacking one-time passwords and later passing that data to the attackers.

One-third of these 2019 attacks targeted corporate users: a rise from the figure (24% to 25%) that has remained consistent for the last three years. According to specialists, attacks on the corporate sector not only provide access to bank accounts but through employee exposure could also compromise the financial resources of a company.

The data also reveals that Ethiopia has the greatest share of corporate users among the ones targeted by banking malware in African regions, reaching 71% in 2019. This means, out of the total banking malware attacks in Africa, about two-thirds were focused on the corporate sector. This is followed by South Africa – it reached 30%, which is much smaller and can be compared to the global data. Others are Kenya and Nigeria, numbers being lower than the average, with nearly a fifth (22,5%) of banking malware attacks in Kenya targeting corporate devices, compared to 13% in Nigeria.

“While the overall number of attacks with bankers decreased in 2019, the growing interest for corporate users’ credentials indicates we are not yet seeing respite from financial threats. We therefore ask everyone to stay cautious when conducting financial operations online from PCs. While we are in the current peak of remote working during the Coronavirus pandemic, it is especially important to not underestimate criminals’ desire for stealing money,” said Oleg Kupreev, security expert at Kaspersky.

The key findings of the report are:


  • In 2019, the financial phishing attacks raised from 44.7% to 51.4%.
  • Around every third attempt (27%) to visit a phishing page blocked by Kaspersky products was associated with banking phishing.
  • There were 17% phishing attacks on payment systems and 7.5% on online stores in 2019. This is similar to the 2018 levels.
  • The share of financial phishing encountered by Mac users reduced to some level, accounting for 54%.

Banking malware (Windows):

  • In 2019, 773,943 users were attacked with banking Trojans, less as compared to the 889,452 attacked users in 2018.
  • 35.1% of users attacked with banking malware were corporate users, more as compared to 24.1% in 2018.
  • Users in Germany, Russia and China were attacked most frequently by banking malware.

Android banking malware:

  • In 2019, the number of users that encountered Android banking malware reduced to over 675,000 from about 1.8 million.
  • Russia, Australia, and South Africa were the countries with the highest percentage of users attacked by Android banking malware.

Threats targeting businesses, such as financial phishing and banking Trojans, can and should be identified and blocked on a network level, even before they reach employee’s endpoints. In particular, the use of a secure Internet gateway solution like Kaspersky Security for Internet Gateway, ensures secure Internet traffic and transactions and prevents many types of malware and threats. Kaspersky solution has received positive honest customer feedback and been named a 2020 ‘Customers’ Choice for Secure Web Gateways’, according to Gartner Peer Insights Customers’ Choice.

In addition to this, Kaspersky experts advise businesses to take the following measures against financial threats:

  • Invest in regular cybersecurity awareness training for employees to educate them not to click on links or open attachments received from untrusted sources. Conduct a simulated phishing attack to ensure that they know how to distinguish phishing emails.
  • Leverage advanced detection and response technologies, such as Kaspersky Endpoint Detection and Response – part of the Threat Management and Defense solution. It makes it possible for users to detect even unknown banking malware and gives security operation teams full visibility over the network and response automation.
  • Use mobile protection solutions or corporate Internet traffic protection to ensure employees’ devices are not exposed to financial and other threats. The last one helps protect even those devices for which an anti-virus is not available
  • Provide your security operation center team with access to Threat Intelligence so it remains up to date with the latest tactics and tools used by cybercriminals.

READ NEXT: Google Cloud introduced new security tools to fight cyber-attacks

Leave a Reply

Your email address will not be published. Required fields are marked *

÷ 2 = 1