Cybercriminals targeting institutions instead of individuals: Kaspersky

Economic hardships due to Covid-19 aggravate cybercrimes

Business

March 21, 2022

Cybercriminals targeting institutions instead of individuals: Kaspersky

Almost 37.8 pc banking attacks targeted corporate users witnessing a growth of almost 14 pc since 2018 (Photo: Unsplash/ Kevin Ku)

Due to the Covid-19 pandemic, crumbling economies were witnessed all across the globe, this brought a sudden rise in the rates of cybercrime against financial institutions their customers says a report by Kaspersky, a Russian multinational cybersecurity and anti-virus provider. The report also mentions that an upwards trend was witnessed for the use of malware. Apart from institutions cybercriminals are also targeting the customers.

Rate this post

Even as 2021 saw an unprecedented adoption of the digital economy and online meetings in order to beat the severe lockdowns imposed around the world, there was also a sharp spike in the activities of cybercriminals.

According to Financial cyberthreats in 2021, a report by cybersecurity firm Kaspersky, there was a significant upwards trend in the use of digital means for defrauding various institutions as well as organisations. Almost 37.8 pc banking attacks targeted corporate users, a growth of almost 14 pc since 2018.

Apart from the dependence on technology, the economic problems which arose due to the onset of various Covid-19 waves such as unemployment and poverty have only aggravated the use of malware and other associated tools. This increase of cybercrimes wasn’t concentrated on a particular geographical location but rather was a global phenomenon, says the report, adding that the cyber-attacks are becoming more corporate-focused rather than consumer-focused.

Pavan Duggal, Chairman of International Commission on Cyber Security Law & Advocate in Supreme Court specialising in cyberlaw, explains the reason for the shift in target. “When they target individual consumer it takes a lot of effort and the individual consumers will give them small bits of money. But, when the target is a financial institution and if they are able to breach the cyber security then in one chunk they can make up huge volumes of money. That’s the reason, lesser amount of effort they will be able to generate huge volumes of money and are specifically targeting the financial institutions and organisations in the BFI (Banking, Financing and Insurance) sector,” Duggal tells Media India Group.

The hackers are also using various types of malicious softwares and tools such as SpyEye to target the institutions. SpyEye was developed in the year 2009, which is described as a “bank Trojan with a form of grabbing capability”, rising from the eighth most common banking malware tool with a 3.4 pc share in 2020 to the second-most common banking tool in 2021 with an increment of 12.2 pc.

Even though a major chunk of their attention is focused on defrauding institutions, however, cybercriminals have not stopped targeting individual consumers. Kaspersky says that 2021 witnessed a huge increase in online shopping due to which the number of such incidents targeting individuals has increased. They have developed new ways to benefit from the adaptive changes the novel coronavirus has brought. Phishing proves to be the most common form of threat encountered both by users and companies. Windows and android-based financial malware have also become common.

In 2021, the cybersecurity firm detected over 250 million attempts to follow a phishing link on users’ computers, with 8.2 pc of users encountering an attack, almost 41.8 pc of the attacks were related to those related to financial phishing. The report explains, that phishing remains one of the most common forms of cybercrime as it requires minimal effort and high success rates. It involves carefully crafted emails and messages mimicking messages from banks, government, organisations, entertainment platforms or any services which the cybercriminals can trick users into following a deceitful website and giving up their payment or personal details or sometimes downloading various malicious programs.

“The coming of Covid-19 is not just a public health emergency but it is also a cyber-pandemic. With the pandemic’s onset, we also see the advent golden age of cybercrime and this golden age is going to last for a few decades. Its beginning has been characterised by the three top-most cybercrimes across the world. They are phishing, identity theft and online financial fraud. It has become so common because it is easy to phish people. During the Covid-19 it was even easier as primarily there was a fear and panic among people. So many people were fearful or panicking and ended up clicking the wrong link, believing the wrong voices and becoming victims of the attacks. Phishing has emerged as one of the top-most cybercrimes in the world and since there is an increase in the capacity building of such criminals we will witness more and more phishing in future,” adds Duggal.

Among the cases of financial phishing, e-shop phishing was most common, making up to 40 pc of all types of phishing. Payment systems were the targets for about 13.4 pc of all financial phishing and banks made for the rest 26.6 pc. PayPal was the most commonly used payment system in phishing attacks, making up 37.8 pc in 2021. While MasterCard held second-place in the attacked payment systems ranking at 12.2 pc. American Express phishing scams also held consistent over the years with 10 pc in 2021.

With such a high increase in cybercrimes, both users, as well as institutions, must adapt to the ever-evolving field of cybercrime. “Users have to factor in the cyber-resilience as a part of their day to day lives. They have to work with the given presumption that they will be hacked and their accounts and their data will be targeted,” says Duggal.

With the shift in target from users to organisations, it is high time that corporates and financial institutions recognise the importance of cybersecurity. “Corporates have twin responsibility not only for corporate data but also for data of their employees, customers, consultants and business partners. Corporates have to comply with applicable laws such as the Indian Information Technology Act 2000 and the IT rules 2021. Corporates must implement and maintain reasonable security practices and procedures. They are dealing and handling about 70 pc of data. They have to do much more than what they are doing because now work from home happening the corporate networks are under constant attack. There is a 246 pc increase in cyberattacks on work-from-home devices,’’ says Duggal.

“Further, the corporates have to look for edge security rather than perimeter security. Earlier everything was in the office so you could easily secure your perimeter. Now, with people accessing your network from the outside world, a lot of devices are getting connected to the edge network. The efforts of companies need to focus on edge security as an important first area. They also must get their cybersecurity audit done every six months, if there is a cybersecurity breach they must mandatorily report to the Indian nodal agency on cybersecurity,” he adds.