BRATISLAVA – ESET, a global leader in cybersecurity, reveals that 42% of global consumers use a free FinTech application or platform. Of those, half (50%) do not know if the app they use sells their data. ESET has explored the topic of data security in the consumer segment of its global financial technology (FinTech) research, surveying 10,000 consumers across the UK, US, Australia, Japan and Brazil.

Consumers were asked a series of questions on the topics of financial technology and cybersecurity. The research reveals interesting findings about how consumers protect their sensitive information when using financial technology applications. Respondents were also asked to rate their tech proficiency as basic, intermediate or advanced, to provide further insight.

The research shows that, in addition to the large volume of consumers who do not know if their data is being sold, only 31% of people say they read the terms and conditions of a FinTech application before downloading it, and only 29% read the privacy policy. These results shed light on the actions consumers around the world are taking – or are not taking – to protect themselves and their finances, and that many may be vulnerable to cyberthreats as a result.

Almost half (48%) of all consumers do not use a VPN, and 42% of consumers log in to their financial applications on public Wi-Fi. Even among the 1 in 5 consumers worldwide who rate themselves as advanced in tech proficiency, 31% do not use a password manager. Interestingly, of the 22% of respondents who can be classified as “FinTech adopters” (those who use four or more FinTech applications), 93% do have security software installed on at least some of their devices. At the same time, for “FinTech non-adopters” (those who use one to three apps), this percentage goes down to 85%. This could indicate that the consumers who are more interested in utilizing FinTech applications are more conscious of taking cybersecurity precautions when it comes to their personal finances.

Commenting on the results, Ignacio Sbampato, chief business officer at ESET, said, “Protecting consumers’ sensitive and financial data has never been more important. Financial technology has a role to play on the journey to personal and societal economic recovery, and it is vital that FinTech solutions and their users are adequately protected. Our findings about consumers and their attitudes to data security reveal that many people may be vulnerable to cyber risks, and it is our mission to ensure that technology users’ most valuable information is protected with cutting-edge security software.”

To learn more about ESET and its global financial technology research, please visit our newsroom.

BRATISLAVA, PRAGUE – ESET researchers published today another installment in their ongoing series of Latin American banking trojans. Since 2018 they have investigated Vadokrist, a trojan that is specifically focused on Brazil. The malware utilizes backdoor functionality and is distributed via malicious spam emails targeting financial institutions.

Unlike most other Latin American banking trojans, Vadokrist does not collect information about victims immediately after successfully compromising their machines. Nevertheless, based on ESET analysis, Vadokrist seems to share several important features with Amavaldo, Casbaneiro, Grandoreiro, and Mekotio – other Latin American banking trojans described earlier in the research series.

“The vast majority of Latin American banking trojans collect information about the victim’s machine when first run. The only information Vadokrist collects is the victim’s username, and it does so only after initiating an attack on a targeted financial institution,” says ESET researcher Jakub Souček, coordinator of the team that analyzed Vadokrist.

“Despite its lack of capability to collect information, Vadokrist can manipulate the mouse and simulate keyboard input, log keystrokes, take screenshots, and restart the machine. It is also able to prevent access to banking websites by killing the browser process, which we believe is a technique to prevent victims from accessing their online bank accounts, aiding the attackers in retaining control,” explains Souček.

For more technical details about Vadokrist, read the blog post “Vadokrist – A wolf in sheep’s clothing” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

Execution chain recently used by Vadokrist

Throughout the coronavirus pandemic, many aspects of life have slowed, stalled, or been cancelled altogether – but other areas have developed far more quickly than anyone expected. Reflecting on this past, unprecedented year, ESET – a cybersecurity leader – embarked on a project to examine one of these areas of acceleration: Financial Technology, or FinTech. Surveying over 10,000 consumers and senior business leaders across the UK, US, Australia, Japan, Mexico and Brazil, this research investigated experiences of FinTech, future predictions for FinTech solutions, cybersecurity habits and the security of finances in a covidian world.

As the world continues to experience the impact of COVID-19 and starts to prepare strategies for recovery post-COVID, the importance of cybersecurity in financial technology will become increasingly evident. We now have the opportunity to observe current trends in FinTech and security, and ensure that businesses and consumers alike are utilizing the necessary tools to both optimize and protect their finances.

FinTech use accelerating
Unsurprisingly, as many aspects of our lives have moved online due to lockdowns, the use of financial technology applications has risen. The consumer segment of ESET’s survey has revealed that 51% of global adult consumers use between one and five FinTech apps, including digital wallets, budgeting apps and online-only banks. Just one-third (33%) stated that their banking habits had not changed during COVID-19 lockdowns.

Looking into the future, over two-thirds (68%) of senior business leaders expect their companies’ investments in FinTech to increase by some extent in 2021-2022. Over half of businesses are already using online payment processors and online accounting to manage their finances, and a third are considering using regulatory technology (RegTech), branchless banks, and insurance technology (InsurTech).

Cybersecurity has taken a back seat
Despite the use of multiple FinTech applications, only half (49%) of consumers globally have security software installed on all their devices, leaving the other half open to cyberattacks on their finances. 42% of people do not use a password manager, either, which helps create strong and unique passwords that can hinder or stop brute-force attacks and credential stuffing. Consumers are also continuing to engage in risky behaviors when it comes to cybersecurity, such as carrying out financial transactions while connected to public WiFi hotspots.

When it comes to businesses, the vast majority (81%) agree that the COVID-19 pandemic has increased the need for improved security of finances. Despite this recognition, almost a third (28%) are not actively investing in new technologies to help secure finances, or, at least, do not know if they are. As the use of FinTech applications and processes increases and becomes more important, it is crucial that cybersecurity practices keep pace, or individuals and businesses risk leaving themselves vulnerable to attacks.

Driving post-COVID recovery
Today’s world would have been practically unrecognizable at the beginning of 2020, and the rate of change is only likely to increase throughout 2021. A large part of this development will be devoted to recovery from the personal, social and economic impacts of COVID-19. Financial technology will play a critical role in this recovery for businesses and individuals, especially if further lockdowns continue to limit access to physical banks.

Forty-five percent of senior business leaders believe that online payment processors could help to drive profitability, thus helping companies get back on their feet after what has been a tough year for many. Consumers predict that they will carry out more online shopping post-pandemic, meaning that retailers will be processing more financial transactions online, and will need adequate and secure technology to do so.

Further findings from the research will be revealed sequentially throughout the early months of 2021. For more information on ESET, and how security software can help to protect you and your business, visit our website here: http://eset.version-2.sg/

As the coronavirus pandemic has changed the world around us, organizations have had to adapt to a new, remote way of working, and in response, many have shifted to focus on cloud-first strategies. To streamline this transition, ESET is launching ESET PROTECT, which provides a single pane of glass to gain centralized visibility, management, and insight across the security of your endpoints. The ESET PROTECT platform is available either in the cloud to accommodate businesses looking for affordable and easy deployment, or on-premises for increased control.

Recognizing the move away from standard software and traditional forms of licensing, ESET PROTECT empowers users with the flexibility of a subscription-based service. As an organization grows and changes, so too do its security needs – and with a wide range of subscription bundles, ESET can protect your business throughout its entire journey.

Save, save, save
As some businesses find their budgets increasingly squeezed in the face of renewed lockdown restrictions, optimizing the use of your money is even more necessary. It may be tempting to leave security aside but moving to the cloud can provide the much-needed savings on cost.

ESET PROTECT Cloud, for example, takes away the typical cost of server provisioning required for on-premises solutions. Instead, imagine getting rid of hardware – physical servers, backup servers, failover clusters – and not worrying about software updates – server software updates, software component updates, console updates – because that’s all handled by ESET.

Continue to imagine that your business doesn’t need a team of IT administrators to set up and maintain your servers, databases, software and other on-premises infrastructure. Applications that are known to have common vulnerabilities, and which require diligent patching, are no longer your problem.

As a simple, cloud-based subscription, ESET PROTECT Cloud needs just one IT administrator sitting at the console to quickly deploy an entire suite of advanced security solutions that can protect your business from attack.

Seamless, convenient, flexible
Aside from financial benefits, ESET PROTECT offers a wealth of other benefits. With an easy and quick setup process, admins can log in the console and start protecting machines in a matter of minutes. ESET PROTECT’s live installers and wide range of deployment methods enable organizations to install endpoint protection seamlessly across all devices in even the largest corporate network.

Adjusting to each customer’s individual needs, the solution is scalable, allowing businesses to enlarge or reduce the coverage according to the size of their workforce, whether this is in-house or remote. Convenient, customizable reports allow IT admins to communicate effectively and can be adapted to fit the dynamically changing needs of large or small organizations. All this is achieved without the need for specialized IT personnel, extensive training, or additional hardware – and ESET specialists are on hand to provide additional support whenever necessary.

Everything you need in the same place
Not all businesses are the same, and ESET is offering a selection of business subscriptions that ensure businesses of all sizes are equipped with the right solutions.

Figure 1: ESET business subscriptions

ESET’sbusiness subscriptionsall include an endpoint management console– either cloud-based or on-premises – along with endpoint protection by default.ESET PROTECT Mail Plus covers the needs of organizationslooking for an advanced mail security solution.

Providing endpoint protection against ransomware and zero-day threats, alongside data protection via full disk encryption, the ESET PROTECT Advanced subscriptionis perfect for SMBs and MSPs.The solution is designed to detect suspicious encryption-like activity commonly employed by ransomware and can run machine learning analyses on high performance machines in the cloud to more quickly discover novel malicious software aiming to evade detection byendpoint security products.

For large organizations, the ESET PROTECT Enterprise optionprovides comprehensive visibility right down to the techniques commonly used by advanced persistent threat groups.This is because the subscription offers a highly sophisticatedendpoint detection and response solution withrule-based detection, threat hunting and remediation capabilities. By subscribing to ESET PROTECT Enterprise, enterprise customersget all the benefits of ESET PROTECT Advanced plus endpoint detection and response.

For more information on ESET PROTECT, and other security offerings from ESET, visit our website http://eset.version-2.sg/business/small-and-medium/.