Last year’s financial cyberthreats were wider in global reach and more focused on mobile users. However, mobile-security best practices remain perennial.
We all know cyberthreats increased across the board last year, but how was the impact of financial malware in particular? One cybersecurity solutions firm did a study and found that, while the overall volume of threats via personal computers or mobile decreased during this period, cybercriminals were using new and advanced propagation techniques.
Furthermore, the geography of attacks was more diversified and extensive, especially from a mobile financial malware perspective. These developments, especially the focus on mobile, represent a change of tack. Mobile malware is now tuned to steal users’ credentials, or even funds from users’ accounts.
Back in 2019, the 10 countries with the highest percentage of users that encountered Android banking malware were as follows:
In 2020, the list became:
Experts from Kaspersky report that all targeted countries have switched places on this chart. Russia, a longtime leader in this category, moved down to seventh place in 2020. At the same time, Japan and Taiwan, absent from the list of affected countries in 2019, rose rapidly to occupy the top two spots.
According to one of the firm’s security experts, Victor Chebyshev: “In 2020, we observed a number of new countries becoming a hotbed for cyber-infections. The clearest example of this is Japan, which faced a wave of attacks from the Wroba.g banking Trojan. The bright side here is that most of these attacks can be prevented. Therefore, we urge users to take extra care when conducting mobile financial transactions.”
The firm offers the following safety best practices and reminders for organizations to regularly train remote workers and all staff on:
- Only install applications from reliable sources, such as official stores, although even these app stores may also fall behind in security screening sometimes.
- Check what permissions the application request: if they do not match the program’s functions, then deny the permission or uninstall the app as a first-line precaution.
- After installing any app, put it on a ‘watch list’ and be alert to any suspicious new activities or notifications in the system that do not tally with your usage pattern. These could be clandestine background activities performed by the newly-installed software.
- Ensure important security updates and patches to the mobile phone are downloaded and installed promptly. Any app that has been installed should be updated as new revisions are available. However, it may be prudent to manually vet each update instead of letting the app store take control of automating it. Malformed or hacked updates have been known to get installed through this avenue.
Finally, it is always useful to install a trusted mobile security solution for general protection against constantly-developing cyber tactics and scams.