Hacker Tracker: Cybercriminals Take The Phishing Path To Steal Money

Financial Phishing

When something works for cybercriminals, they stick with it. Especially when it comes to phishing schemes, which typically don’t take as much effort but can result in huge payouts. Andrey Pozhogin, cybersecurity expert at Kaspersky Lab North America, joined PYMNTS to discuss the latest trends across the financial cyberthreat landscape and why the widespread threats of financial phishing, banking malware and Android banking malware are only getting bigger.

PYMNTS: How have phishing schemes evolved in recent years?

AP: Among all of the existing types of cybercrime, phishing is popular with cybercriminals due to it being the most affordable in terms of the investment and level of technical expertise required. Also, it has the potential to result in a big payout if successful. In most cases, as a result of a successful phishing campaign, a criminal would receive enough payment card credentials to cash out immediately or sell the details to other criminals for a good price. The combination of technical simplicity and effectiveness makes this type of malicious activity attractive to amateur criminals.

PYMNTS: Can you discuss the biggest trends observed in financial phishing, banking malware and Android banking malware?

AP: With the ease of online and mobile banking, e-shops and payment systems today, the usage of these services has grown, and, in turn, the number of financial phishing attacks we’ve detected has increased as well. Our analysis of the topics that criminals use in their scams (online banking, payments systems, Internet shop web pages, etc.) confirms this:

Financial phishing:

  • Almost half of all phishing attacks (fraudulent email messages or copycat websites that appear legitimate) registered in 2016 by the company’s heuristic detection technologies were aimed at stealing victim’s money.
  • Banking phishing schemes are the absolute leaders among all types of financial phishing. Every fourth attack used fake online banking information, or other content related to banks — a result that is 8 percent higher than in 2015.

Banking malware:

  • In 2016 the number of users attacked with banking Trojans increased by 30.55 percent to reach 1,088,900. Nearly 18 percent of users attacked with banking malware were corporate users.
  • Users in Russia, Germany, Japan, India, Vietnam and the U.S. are the ones most often attacked by banking malware.
  • Zbot is still the most widespread banking malware family (44.08 percent of attacked users), but in 2016 it was actively challenged by the Gozi family (17.22 percent).

Android banking malware:

  • In 2016 the number of users that encountered Android malware increased 430 percent to reach 305,000 worldwide. This is mostly due to a single Trojan which has been exploiting a single security flaw in a popular mobile browser for months.
  • Just three banking malware families accounted for attacks on the vast majority of users (81 percent).
  • Russia, Australia and Ukraine are the countries with the highest percentage of users attacked by Android banking malware.

PYMNTS: What were the most surprising results in the research performed?

AP: The report includes the findings that Android malware increased by 430 percent worldwide in 2016. While the percentage alone is startling, what’s more is that it was caused by just two malware families: Asacub and Svpeng. We know that cybercriminals are always on the hunt for new ways to exploit users, but this example just shows that when criminals find something that works, they run with it.

PYMNTS: Why is financial phishing so hard for banks and payment companies to get ahead of?

AP: The reason phishing is hard to tackle for organizations is because they can only intervene with the kill chain at the very last stages. Basically, a financial organization appears in picture already after account hijacking, and now the organization has to make a quick decision if the actions of whoever has logged in as the user are the legitimate ones or if a cybercriminal is cashing out using the stolen credentials. The problem only grows as false-positives (mistakenly labeling a legitimate user as a hijacker) ruin the user experience that forces financial organizations to backtrack in their steps to increase security. Basically, every step to increase security will be forfeit if the losses from not implementing it are still acceptable for the organization; in the times of increased competition and fight for each user, convenience is of paramount importance.

PYMNTS: How do you think the threat of phishing will evolve going forward?

AP: With security industry making a large effort to raise public awareness around phishing indicators, the criminals behind the phishing schemes will be forced to come up with more sophisticated methods of tricking people into giving out their data. Better phishing emails, higher quality of phishing pages, smarter redirects and links manipulation — all of that will continue improving eventually to the point where one would have to solely rely on technology to tell a phishing input field from a legitimate one (not too rarely this is already the case!). But in the end, phishing is still just a form of social engineering and its core principles would probably remain unchanged.