Cyber attacks are becoming increasingly corporate rather than consumer-focused, according to Kaspersky’s new ‘Financial cyberthreats in 2021’ report.

As per the report, in 2021, every third (37.8 per cent) of PC banking malware attacks targeted corporate users, representing a growth of almost 14 per cent since 2018.

Even as the financial threatlandscape saw positive changes during the year with the overall number of users affected by malware reducing significantly, financial organisations still remain the most lucrative target for cybercriminals, continuing to face massive threats.

“While 2021 saw an expansion in threats to financial organisations on a global scale, there was a continuation of the downward trend of PC and mobile malware previously seen in 2020,” the report said. 

The number of users who encountered PC malware decreased by 35 per cent – from 625,364 in 2020 to 405,985 in 2021.

“Although the overall statistics look reassuring, the risk of cyberattacks is far from over, especially for corporate networks,” it said. 

Changing trends

Kaspersky experts reported a continuation of this decade’s emerging trend of banking Trojans targeting corporate users. Between 2020 and 2021, corporate users’ share of banking malware attacks increased by almost 2 per cent and increased a significant 13.7 per cent points between 2018 and 2021.

Notably, in recent years the growth of corporate users’ share was slower than in pre-pandemic years. 

Kaspersky experts attributed this to the continuing shift towards remote and hybrid work modes. 

“While the pandemic saw both the rise and fall of mandatory restrictions, many companies have decided to continue with remote or hybrid work models and not return to the traditional office work mode,” it said.

“During the pandemic, some organisations’ employees resorted to using home devices protected by consumer solutions, which are insufficient for working purposes. Because attacks detected on home devices are counted as ‘consumer’ threats, regardless of whether the device was being used for working on corporate networks, there is a likely possibility that cybercriminals are even more interested in corporate users than Kaspersky statistics reflect,” it further explained.

Overall, only four malware families were responsible for the attacks on about half of all affected users. 

Top malware

While Zbot remained the top used malware among financial cybercriminals, SpyEye surged from the eighth most common banking malware, at a 3.4 per cent share in 2020, to the second most common at 12.2 per cent in 2021. 

At the same time, Emotet (9.3 per cent), described by Europol as “the world’s most dangerous malware”, saw a drop of five percentage points between 2020 and 2021. 

“This coincides with law enforcement agencies’ global collaboration to obstruct the botnet’s infrastructure at the beginning of 2021, which limited Emotet’s activities for at least part of the year,” the report said.

‘Throughout the past year, we have observed cybercriminals actively targeting our corporate users. This is a concerning issue since once a cybercriminal penetrates just one computer in a corporate network, it poses a huge threat not only to the targeted device but to the victim’s colleagues and the organization as a whole. The financial sector is traditionally a lucrative avenue for malicious users, therefore, we ask everyone to stay cautious when conducting financial operations online from PCs.’ said Oleg Kupreev, security expert at Kapsersky.