The recently concluded Kaspersky 7th Cybersecurity Weekend that was conducted virtually online and saw a collection of global experts from the globally renowned cybersecurity provider as well as journalists and invited guests delving into the current state of the digital cybersecurity landscape in regards to electronic payments and, in particular, the APAC banking trojan outbreak.
Seeing the need for social distancing in the wake of the pandemic, electronic payments have come to the fore as the de facto means of conducting transactions. At present, the Asia Pacific region is the largest contributor to global payments revenue with analysts expecting the sector to exceed USD $1 trillion revenue by 2022 or 2023. Naturally, this volume of transactions has also brought about with it the usual rogue’s gallery of malefactors and cybercriminals hoping to cash in on the gullible and the unwary with a growing prevalence of banking Trojans.
Kaspersky – APAC Banking Trojan Outbreak
Table of Contents
Despite their name, banking Trojans don’t target banks. Rather than the usual flavours of malware, banking Trojans are particularly nasty as they aim to steal money from bank accounts by gaining access to credentials or hijacking control for live online banking sessions from legitimate owners.
“Even before COVID-19, Asia Pacific has always been one of the leaders in digital payment adoption, driven by developed countries like China, Japan, South Korea and even India. This pandemic extended the use of this technology significantly further – particularly in still emerging economies in Southeast Asia and South Asia. As we all know, the lockdown restrictions forced everyone to shift their financial transactions online. But, now, after analysing the historical figures we have on financial threats, I also learned that there was another outbreak that started in early 2019 in APAC – banking Trojans,” says Vitaly Kamluk, Kamluk, Director of Global Research & Analysis Team (GReAT) for APAC at Kaspersky.
“Banking Trojans were not the biggest concern of many countries in APAC until 2019 when an outbreak of infections appeared in multiple countries at once. From then on there was no looking back. Our telemetry shows that this malicious threat has grown in terms of detections and reach. We see that it will continue to pose a significant threat to both financial organizations and individuals here as we continue to see more users and startups dipping their feet into the digital payments field,” adds Kamluk.
In terms of distribution, the Phillipines saw the most attacks at 22.26% of all banking Trojans discovered in the region followed by Bangladesh (12.91%), Cambodia (7.16%), Vietnam (7.04%), and Afghanistan (7.02%).
Kaspersky – The future of digital payments in APAC
According to the latest research from Kaspersky shared at the Kaspersky 7th Cybersecurity Weekend, they discovered that 90% of respondents in the Asia Pacific region began using mobile payment apps once a month in the past year with 2 in 10 (15%) commencing use after the onset of the pandemic. In terms of usage, the Philippines logged the highest adoption of new e-cash adopters at 37% followed by India (23%), Australia (15%), Vietnam (14%), Indonesia (13%), Thailand (13%) and then China (5%), South Korean (9%) and Malaysia (9%).
While the numbers seem somewhat quaint, it also jives with the fact that China is already an established leader for mobile payments with domestic platforms like Alipay and WeChat Pay enjoying mass growth and adoption.
“Data from our fresh research showed that cash is still king, at least for now, in APAC with 70% of the respondents still using physical notes for their day-to-day transactions. However, mobile payment and mobile banking applications are not far behind with 58% and 52% users utilising these platforms at least once a week up to more than once a day for their finance-related tasks. From these solid statistics, we can infer that the pandemic has triggered more people to dip their toes into the digital economy, which may fully dethrone cash use here in the next three to five years,” says Chris Connell, Managing Director for Asia Pacific at Kaspersky.
Respondents cited that adoption was on account of the fact that they could make payments while adhering to social distancing (45%) while 36% stated that adoption was on account of it being the only way to conduct transactions during the lockdown. Some 29% did so as digital gateways are more secure compared to the pre-Covid era.
“The surging demand for digital payments has transformed the way we transact both online and offline. Businesses are now digitalising their operations to capture additional revenue through digital payments, while consumers are heavily reliant on it due to the ease and convenience it offers. It is clear that the demand for quick, efficient and low-cost payment experiences will encourage further innovation in this space, and we are seeing that happening with the emergence of real-time payment rails,” comments Chris Connell, Managing Director for Asia Pacific at Kaspersky.
When asked, many first time users admitted to being afraid of losing money online (48%) and storing their financial data online (41%) while 4 in 10 expressed doubts to the security of these platforms.
“To drive a secured digital economy forward, it is important for us to know the pain points of our users and identify the loopholes that we need to address urgently. It is a welcome finding that the public is aware of the risks that comes with online transactions and because of this, developers and providers of mobile payment applications should now look into the cybersecurity gaps in each stage of the payment process, and implement security features, or even a secure-by-design approach to fully gain the trust of the future and existing digital payment adopters,” Connell adds. For the full report, check out https://kas.pr/b6w8
What next? Kaspersky guidelines for safer online transactions
The spike in digital payments along with the prevalence of banking Trojans is a perfect storm and represents increased risks especially for those in the APAC region. To better secure companies and individuals against these known and unknown cybercriminals, Kamluk shares the following reminders:
For financial organizations and enterprises, in general:
- Defend your perimeter with reliable vendor
- Run cybersecurity drills
- Verify your supply chain software
- Monitor the latest trends and attacks
- Motivate staff to report suspicious findings and contacts
For individuals, Kaspersky experts suggest the following:
- It is better to be safe than sorry – beware of fake communications, and adopt a cautious stance when it comes to handing over sensitive information. Do not readily share private or confidential information online, especially when it comes to requests for your financial information and payment details.
- Use your own computer and Internet connection when making payments online. As like how you would only make purchases only from trusted stores when shopping physically, translate the same caution to when making payments online – you’ll never know if public computers have spyware running on them recording everything you type on the keyboards, or if your public Internet connection has been intercepted by criminals waiting to launch an attack.
- Don’t share your passwords, PIN numbers or one-time passwords (OTPs) with family or friends. While it may seem convenient, or a good idea, these provide an entryway for cybercriminals to trick users into revealing personal information to collect bank credentials. Keep them to yourself and safeguard your private information.
- Adopting a holistic solution of security products and practical steps can minimise the risk of falling victim to threats and keeping your financial information safe. Utilise reliable security solutions for comprehensive protection from a wide range of threats, such as Kaspersky Internet Security, Kaspersky Fraud Prevention and the use of Kaspersky Safe Money to help check the authenticity of websites of banks, payment systems and online stores you visit, as well as establish a secure connection.