The Nokia 2021 Threat Intelligence Report shows that banking malware threats are sharply increasing as cyber criminals target the rising popularity of mobile banking on smartphones, with plots aimed at stealing personal banking credentials and credit card information.
The report, based on data aggregated from network traffic monitored on more than 200 million devices globally where Nokia’s NetGuard Endpoint Security product is deployed, showed an 80%, year-on-year increase in the first half of the year in the number of new banking trojans, which also try to steal SMS messages containing one-time passwords.
“A significant amount of this activity is focused in Europe and Latin America, but this activity is continuously spread to other regions of the world,” according to the report. “Banking trojans use a variety of tricks to collect the information. These include capturing keystrokes, overlaying bank login screens with their own transparent overlay relaying captured information to the intended target, taking screen snapshots, and even accessing Google Authenticator codes.”
Banking malware has been targeted mainly at Android phones, for years the most targeted mobile device type for cyber criminals due to Android’s ubiquity and developer openness, with some banking trojans among the most successful malware attacks in 2021.
The Threat Intelligence Report says that most banking applications allow users to add a multi-factor authentication feature to their accounts to make it more difficult for cybercriminals to obtain personal information. Users are strongly recommended to avoid mobile banking from easily accessible public WiFi access points; and to use both multi-factor authentication when available and strong passwords, which avoid common personal details like birthdays.
The report also found that Covid-19 related malware incidents in residential networks have leveled off at 2.5% after a peak in December 2020 of 3.2%. This demonstrates that people are more aware of the threats posed by Covid-related cyber-attacks and are taking steps to secure their home working environment.
IoT botnets, a network of devices connected with malware, continue to grow in size and sophistication, due to the rising use of IoT devices, like “smart” refrigerators and video surveillance cameras. One known as Mozi, which uses a peer-to-peer command and control protocol, has been used to create botnets consisting of around 500,000 individual devices. Mozi actively scans the network and uses a suite of known vulnerabilities to exploit additional IoT devices. IoT botnets are responsible for 32% of the malware incidents detected by Nokia’s NetGuard Endpoint Security.
Kevin McNamee, Director of Nokia’s Threat Intelligence Center, said: “Cybersecurity threats only evolve and look for new opportunities, as shown by this year’s report. Banking trojans have dramatically increased over the last year as digital banking becomes more prevalent – and this is a trend we see continuing into the future which reinforces the need for better online practices and having robust endpoint security in place.”