{"id":109219,"date":"2023-03-29T10:00:02","date_gmt":"2023-03-29T10:00:02","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/securelist\/?p=109219"},"modified":"2023-04-05T12:20:02","modified_gmt":"2023-04-05T12:20:02","slug":"financial-cyberthreats-in-2022","status":"publish","type":"post","link":"https:\/\/securelist.com\/financial-cyberthreats-in-2022\/109219\/","title":{"rendered":"Financial cyberthreats in 2022"},"content":{"rendered":"

Financial gain remains the key driver of cybercriminal activity. In the past year, we’ve seen multiple developments in this area \u2013 from new attack schemes targeting contactless payments<\/a> to multiple ransomware groups continuing to emerge and haunt businesses. However, traditional financial threats \u2013 such as banking malware and financial phishing, continue to take up a significant share of such financially-motivated cyberattacks.<\/p>\n

In 2022, we saw a major upgrade of the notorious Emotet botnet as well as the launch of massive campaigns by Emotet operators throughout the year. For instance, malicious spam campaigns targeting organizations grew 10-fold in April 2022, spreading Qbot and Emotet malware. We also witnessed the emergence of new banking Trojans that hunt for banking credentials, and greater activity on the part of some well-known ones, such as Dtrack, Zbot and Qbot.<\/p>\n

The good news is that regardless of these continuous advancements, we’ve witnessed a steady decrease in the number of attacks by banking Trojans. Security solutions integrated into operating systems, two-factor authentication and other verification measures have helped reduce the number of vulnerable users. Additionally, in many markets mobile banking has been pushing out online banking, with more and more convenient and secure banking apps emerging.<\/p>\n

Meanwhile, cryptocurrency became a prominent target for those seeking monetary gain. The amount of cryptocurrency-related phishing grew significantly in 2022, and with an endless array of new coins, NFT and other DeFi projects, scammers are continuously duping users. Funds lost via cryptocurrency are hard to track and impossible to return with the help of a regulatory body, as is done with banks and fiat currency, so this trend is likely to continue gaining traction.<\/p>\n

Some advanced persistent threat (APT) actors also started tapping into the cryptocurrency market. We previously reported on the Lazarus group, which developed VHD ransomware for the purpose of monetary gain. Now we see that APT actors have also switched to crypto. BlueNoroff developed an elaborate phishing campaign that targeted startups and distributed malware for stealing all crypto in the account tied to the device. They impersonated numerous venture capital groups and investors with considerable success. The NaiveCopy campaign, another example of an advanced threat, targeted stock and cryptocurrency investors in South Korea. And there is more room for further development \u2013 hardware wallets and smart contracts could provide a new juicy target for attackers.<\/p>\n

This report shines a spotlight on the financial cyberthreat landscape in 2022. It presents a continuation of our previous annual financial threat reports (2018<\/a>, 2019<\/a>, 2020<\/a>, 2021<\/a>), which provide an overview of the latest trends across the threat landscape. We look at phishing threats commonly encountered by users and companies, as well as the dynamics of various Windows and Android-based financial malware.<\/p>\n

Methodology<\/h2>\n

For this report, we conducted a comprehensive analysis of financial cyber threats in 2022. We focused on malicious software that targets financial services institutions such as online banking, payment systems, e-money services, online stores, and cryptocurrency services. This category of financial malware also includes those seeking unauthorized access to financial organisations’ IT infrastructures.<\/p>\n

In addition to financial malware, we also examined phishing activities. This entailed studying the design and distribution of financially themed web pages and emails that impersonate well-known legitimate sites and organizations with the intention of deceiving potential victims into disclosing their private information.<\/p>\n

To gain insights into the financial threat landscape, we analyzed data on malicious activities on the devices of Kaspersky security product users. Individuals who use these products voluntarily made their data available to us through Kaspersky Security Network. All data collected from Kaspersky Security Network was anonymized.<\/p>\n

We compared the data from 2022 to that of 2021 to identify year-on-year trends in malware development. However, we also included occasional references to earlier years to provide further insights into the evolutionary trends in financial malware.<\/p>\n

Key findings<\/h2>\n

Phishing<\/strong><\/p>\n