Philippines hardest hit by regional banking Trojan outbreak
- 15 October, 2021 09:11
Long before the local region witnessed the outbreak of COVID-19, it bore witness an outbreak of another kind, banking Trojans, and the Philippines is now the hardest hit of any country in Asia Pacific (APAC).
Banking Trojans, backdoor-loaded malware designed to gain access to confidential or material information stored or processed through online banking systems, began to surge in line with burgeoning digital payment adoption in the region following the onset of the pandemic in late 2019 and early 2020.
This is according to Vitaly Kamluk, director of Kaspersky’s Asia Pacific global research and analysis team, who discovered after analysing the historical data from Kaspersky Security Network (KSN) that the increased cashless payments in APAC ran parallel to the rise of banking Trojans in the region.
But Kamluk also found evidence of a banking Trojan outbreak in the region that pre-empted the onset of COVID-19.
“Even before COVID-19, Asia Pacific has always been one of the leaders in digital payment adoption, driven by developed countries like China, Japan, South Korea and even India,” Kamluk said. “This pandemic extended the use of this technology significantly further – particularly in still emerging economies in Southeast Asia and South Asia.
“As we all know, the lockdown restrictions forced everyone to shift their financial transactions online. But now, after analysing the historical figures we have on financial threats, I also learned that there was another outbreak that started in early 2019 in APAC – banking Trojans,” he added.
According to Kamluk, banking Trojans weren’t the biggest concern of many countries in Asia Pacific until 2019 when the outbreak of infections appeared in multiple countries at once.
“From then on there was no looking back,” Kamluk said. “Our telemetry shows that this malicious threat has grown in terms of detections and reach.
“We see that it will continue to pose a significant threat to both financial organisations and individuals here as we continue to see more users and startups dipping their feet into the digital payments field,” he added.
Typically, the goal of banking Trojan malware is either to obtain access credentials or one-time passwords to online bank accounts or to manipulate the user and hijack control of a live online banking session from the legitimate account owner.
Analysis drawn from a decade of historical Kaspersky
Security Network data suggests that South Korea was among the first countries in the Asia Pacific region to suffer heavily from banking Trojans throughout 2011-2012.
However, the data indicates significantly lower relative numbers of infections in Korea since 2013, with the country currently at the bottom of the list of banking Trojan-infected countries in the region.
According to Kaspersky’s analysis, most other developed countries in the region show low statistics of banking Trojan detection too, but developing countries appear to have become, and have remained, a hot spot for criminals specialising in banking Trojan exploits since 2019.
In fact, the Philippines seems to have risen to the top of the regional pack in terms of banking Trojan attacks, with Cambodia and Vietnam also among those countries hardest hit in Southeast Asia.
In terms of regional banking Trojan distribution in 2021 alone, the Philippines has logged the highest number of unique users attacked in APAC, at 22.26 per cent of all banking Trojans discovered in the region this year so far.
The Philippines was followed, respectively, by Bangladesh with 12.91 per cent, Cambodia with 7.16 per cent, Vietnam at 7.04 per cent, and Afghanistan, claiming 7.02 per cent.
Based on the analysis of almost 300 publicly reported financial sector cyber-incidents since 2007, the types of financial threat actors include non-state actors – typically cyber criminals – seeking personal gains and illegal profit; state-sponsored hackers; insiders; multiple actors – a combination of the other types; and ‘unknown’.
The unknown category, which simply refers to all cases where it wasn’t clear who was behind an attack, have been increasing.
“The proportion of the unknown has grown over time, which is an alarming trend,” Kamluk said. “With the growth of the number of attacks, there seems to be an alarming trend of financial institutions becoming less and less capable of identifying who attacked them.
“The unknown, unidentified threat actors were behind 60 per cent of the attacks in 2020, but this number will likely grow up to 75 per cent this year,” he added.
In February, Kaspersky revealed research indicating that India, Indonesia and Malaysia were among the top 10 countries globally to have been hit by the greatest number of malware attacks by the SilentFade group during the month prior.
As reported by sister publication CSO, Facebook discovered the SilentFade malware family towards the end of 2018, with its origins traced back to 2016.
The SilentFade group initially made use of a combination of a Windows Trojan, browser injections, clever scripting, and a bug in the Facebook platform to deploy its malware
The security vendor said that its researchers had spotted a significant growth of the malware used by SilentFade, with the greatest number of incidents over the month of January detected in India, Brazil, Indonesia, Italy, Germany, Algeria, Malaysia, Russia, France and Egypt.