Mobile banking is outpacing online banking across all age groups due to its convenience and our desire to have those apps at our fingertips, according to Zimperium.
This surge is accompanied by a dramatic growth in financial fraud.
The research uncovered that 29 malware families targeted 1,800 banking applications across 61 countries last year.
In comparison, the 2022 report uncovered 10 prolific malware families targeting 600 banking apps.
Banking trojans continue to evolve and succeed due to their ability to persist, bypass security, and evade detection on mobile devices.
As investment from fast-moving threat actors continues to increase, traditional security practices are unable to keep up.
The research also revealed that United States banking institutions remain by far the most targeted by financially motivated threat actors.
There were 109 US banks targeted by banking malware in 2023, compared to the next most targeted countries which were the UK and Italy.
The report also noted that trojans are evolving beyond simple banking apps, targeting cryptocurrency, social media, and messaging apps.
Traditional banking applications remain the prime target, with a staggering 1,103 compromised apps -accounting for 61% of the 1800 targets-while the emerging FinTech and Trading apps make up the remaining 39%. Hook, Godfather, and Teabot are the top banking malware families, measured by the number of banks targeted.
The 19 malware families from the 2022 report have evolved with new capabilities, and ten new families have been identified as a threat in 2023.
New capabilities in emerging banking malware families.
These findings illustrate a dynamic and expanding mobile threat landscape that necessitates the need for a mobile-first security strategy, one that is comprehensive, autonomous, and relentlessly focused on combating today's mobile banking trojans.
Rather than reacting to threats, organizations must embrace proactive real-time threat visibility and protection as we evolve from a standard-based approach to one that factors in real-world threats.
Ensure protection matches threat sophistication: Advanced code protection techniques elevate the security posture to a point where the cost and effort of attacking an application outweighs the potential gains for the attacker.
Implement runtime visibility for comprehensive threat monitoring and modeling: Mobile application security leaders must enable runtime visibility across various threat vectors, including device, network, application, and phishing.
This real-time insight allows for active identification and reporting of risks, threats, and attacks.
Deploy on-device protection for real-time threat response: Mobile application security leaders should prioritize implementing on-device protection mechanisms that enable apps to take immediate actions upon threat detection.
This ability to take action should be autonomous, requiring no dependency on network connectivity or back-end server communication.
From growing fraud losses, increased operational costs, and decreased consumer trust and brand impact, it's crystal clear that banking malware is evolving to make mobile banking fraud even more pervasive.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Wed, 03 Jan 2024 04:43:05 +0000