Information security experts expect an increase in attacks on bank clients through Trojan viruses in 2024, the share of which decreased in 2023. The reasons are the growing literacy of the population, which reduces the effectiveness of attacks based only on social engineering, and the reluctance of banks to comply with the requirements of regulatory documents of the regulator.
According to Positive Technologies, in 2023, the share of banking Trojans in attacks using malicious software (malware) on individuals decreased by 10 percentage points, to 13%. Kaspersky Lab and RTM Group also noted a decrease in the share of banking Trojans in 2023.
In general, in 2023, malware was used in more than half of successful attacks on individuals, Positive Technologies notes. From the company’s data it follows that the share of spyware grew by 12 p.p. compared to 2022, to 55%, while downloaders grew by 7 p.p., to 23%, remote malware – by 4 p.p. p., up to 26%. Since several types of malware can be used in attacks, the sum of the shares exceeds 100%, Positive Technologies clarifies.
In 2024, the share of banking Trojans will increase, experts say. According to Pavel Kovalenko, director of the anti-fraud center at Informzashchita, the growth will be about 10%. The main trend has become mixed attacks, when some are implemented through technology, and some through social engineering, and in this context, the increase in the use of Trojans is very logical, explains SafeTech CEO Denis Kalemberg. Angara Security notes that the reach of victims and the frequency of such attacks in general will increase.
FACCT reported the use of Trojans that intercept SMS in a new scheme where scammers on behalf of the United Russia party offer to take part in a survey for money. Thus, in just two days, 33 people became victims, and a total of 292.5 thousand rubles were withdrawn from their accounts.
At the same time, social engineering is weakening its position as the financial literacy of the population is growing – according to Central Bank statistics, 87.6% of those who encounter fraudulent calls do not respond (see Kommersant on February 8). The banking Trojan is convenient because it “lives on the device” for a long time, in particular, it can forward messages, makes it possible to connect to the device remotely, and the victim will not even notice the presence of the virus, unlike the same encryptor, which acts immediately, explains the manager RTM Group Evgeny Tsarev.
“Trojans are more likely to work in Russia, since many popular applications of Russian companies have been removed from official stores, in particular banking ones, and users have to download them from company websites, while setting permission to install applications from unreliable sources. Few users turn the scan back on after installation,” explains Denis Kuvshinov, head of the cyberthreat research department at the Positive Technologies security expert center.
To protect yourself from attacks, experts advise not to access dubious resources in the first place. You should not download applications (even from the official store) if they have not been tested and do not have a large number of reviews, and use an antivirus, the RTM Group notes.
To protect customers, banks need, among other things, to comply with the requirements of the regulator’s regulatory documents – for example, the Central Bank strongly recommended back in 2022 to switch to secure means of payment confirmation, protected by cryptography, adds Denis Kalemberg, but so far many banks have not abandoned SMS, therefore, code interception attacks are possible. Leading information security consultant at Aktiv.Consulting, Alexander Moiseev, also emphasizes the importance of “training employees of organizations in cyber hygiene.”