Cyber criminals now eyeing banking apps, crypto wallets

Cyber criminals are targeting your most personal information, this time focusing on online banking and crypto wallets, new study reveals.

The Russian multinational cybersecurity and anti-virus provider, Kaspersky is now sounding the alarm and wants you to be on the lookout while using mobile banking apps and digital currency platforms, also known as cryptocurrency.

“Attackers are now focusing on specific companies and individuals where they can get the maximum benefit. The new approach of ransomware is to expose data, negatively impacting the reputation of a company. To this effect, financial crime has become more sophisticated and organized,” notes a report by the firm.

It is blaming the new threats to increased adoption of technology by financial service providers – a worrying trend that continues to expose customers’ deposits and savings to online fraudsters.

Others are cashless payments through mobile money platforms and the shift towards remote working, among other factors.

Kaspersky’s research has further identified the top malware families as ransomware, financial or banking trojans, and crypto-miner malware as some of the dangers bank customers are exposed to.

In Kenya for instance, the report found a surprise 59 percent increase of the above mentioned threats prevalent in the first quarter of 2021 – which was higher than other markets ahead of the East African country.

Nigeria saw an increase of 32 percent compared to 24 percent in South Africa during the quarter.

Banking trojans are among the sneakiest threats to both cybersecurity and personal financial security—and such attacks are becoming more common.

These malicious backdoor programs ordinarily steal financial information or money from online banking apps and other fintech platforms.

Estimates by the Communications Authority of Kenya (CA), indicate that such threats have been rising steadily in the last decade, but not to the magnitude seen since 2018 when CA data shows that more than 56 million cyber threats were detected nationwide in 2020 compared to 37.1 million cases in 2019.

As a result, businesses have lost billions of shillings and sensitive information to such hackers, with the financial sector a key target.

Indeed, a survey conducted by the Kenya National Bureau of Statistics (KNBS) and the CA, reveals that Kenya lost about Sh18 billion to cybercrime reveals in 2016 – while in 2017, the Central Bank of Kenya (CBK) warned that local lenders were exposed to cyber-attacks and ICT-enabled fraud.

Another report by a pan-African-based cyber-security and business consulting firm Serianu estimates that Kenya lost US$295m to cybercrime in 2018 with Business email compromise (BEC) being one of the main ways used to defraud local businesses.

BEC attacks are a form of cybercrime which use email fraud to attack commercial, government and non-profit organizations to achieve a specific outcome which negatively impacts the target organization.

“It is relatively easy for a hacker to target an individual and capture passcodes, one-time passwords, and install malware on their computers to get financial information. Increasingly, this is expanding to financial institutions given the sheer number of new entrants in the market emerging,” says David Emm, Lead Security Researcher at Kaspersky.

Adding that, for hackers, online or cyber fraud offers direct monetization of an attack and gives them access to money as quickly as possible.

There have been previous attempts by the Government to help protect customers’ data information from cybercriminals. An Act of Parliament came into force on 30 May 2018who intent is to protect the confidentiality, integrity and availability of computer systems, programs and data as well as facilitate the prevention, detection, investigation, prosecution and punishment of cybercrimes.

However, since its enactment, there has been significant litigation surrounding the constitutionality of some of its provisions.

Kenyan High Court declared several Acts of Parliament to be unconstitutional because they were passed without the input of the Senate. One of the laws that was declared unconstitutional was the Computer Misuse and Cybercrimes Act, 2018.