Inside Politics

Lender customers be on the look-out for ransomware, financial or banking trojans

Friday, July 23rd, 2021 00:00 |
Central Bank of Kenya. Photo/PD/File

Steve Umidha @UmidhaSteve

Cyber criminals are targetting your most personal information, this time focusing on online banking and crypto wallets, says a new study.

Russian anti-virus provider and multinational cybersecurity firm Kaspersky has sounded the alarm warning consumers to be on the lookout while using mobile banking apps and digital currency platforms, also known as cryptocurrency.

“Attackers are now focusing on specific companies and individuals where they can get the maximum benefit.

The new approach of ransomware is to expose data, negatively impacting the reputation of a company.

To this effect, financial crime has become more sophisticated and organized,” notes the report.

The firm blames new threats on increased adoption of technology by financial service providers which is exposing customers’ deposits and savings to online fraudsters.

Others are cashless payments through mobile money platforms and the shift towards remote working, among other factors.

Kaspersky’s research further identified top malware families as ransomware, financial or banking trojans, and crypto-miner malware as some of the dangers bank customers are exposed to.

The report found out that in Kenya for instance, there was a 59 per cent increase of the above mentioned threats in the first quarter of 2021. This was higher than other markets in the region.

Banking trojan

During the quarter, Nigeria saw an increase of 32 per cent compared to 24 per cent in South Africa.

Banking trojans are among the sneakiest threats to both cybersecurity and personal financial security—and such attacks are becoming more common.

These malicious backdoor programs ordinarily steal financial information or money from online banking apps and other fintech platforms.

Communications Authority of Kenya (CA) data also shows that such threats have been rising steadily in the last decade, but not at the magnitude seen since 2018, when CA data flagged down more than 56 million cyber threats were detected nationwide in 2020 compared to 37.1 million cases in 2019.

As a result, businesses have lost billions of shillings and sensitive information to such hackers, with the financial sector a key target.

Indeed, a survey conducted by the Kenya National Bureau of Statistics (KNBS) and the CA, reveals that Kenya lost about Sh18 billion to cybercrime reveals in 2016 – while in 2017, the Central Bank of Kenya (CBK) warned that local lenders were exposed to cyber-attacks and ICT-enabled fraud.

Another report by pan-African-based cyber-security and business consulting firm Serianu estimates that Kenya lost US$295m to cybercrime in 2018 with Business email compromise (BEC) being one of the main ways used to defraud local businesses.

Negative effect

BEC attacks are a form of cybercrime which use email fraud to attack commercial, government and non-profit organizations to achieve a specific outcome which negatively impacts the target organization.

“It is relatively easy for a hacker to target an individual and capture passcodes, one-time passwords, and install malware on their computers to get financial information. 

Increasingly, this is expanding to financial institutions given the sheer number of new entrants in the emerging market,” says David Emm, Lead Security Researcher at Kaspersky.

Adding that, for hackers, online or cyber fraud offers direct monetization of an attack and gives them access to money as quickly as possible.

There have been previous attempts by the government to help protect customers’ data information from cybercriminals.

More on Inside Politics