Sri Lanka is increasingly vulnerable to cyberattacks targeting businesses’ financial transactions, with 9,218 incidents of financial phishing detected in 2024 alone, according to the latest Kaspersky Security Bulletin. This figure highlights the growing sophistication of cybercriminals who are targeting businesses with deceptive online tactics designed to steal sensitive financial information.
Financial phishing attacks, which involve fraudulent notifications designed to impersonate legitimate financial institutions, have become a major concern for businesses worldwide. These attacks trick individuals and organizations into revealing critical credentials such as banking login details, credit card numbers, and payment information. Cybercriminals use malicious links or attachments to lure victims into falling for their schemes, often causing severe financial and reputational damage.
Sam Yan, Head of Sales for Asia Emerging Countries at Kaspersky. commented on the rising threat: “Financial phishing attacks in Sri Lanka is a clear signal that cybercriminals are becoming more sophisticated. As businesses digitize their financial transactions, they must recognize the risks associated with phishing and other cyber threats. It is crucial that they adopt a multi-layered approach to cybersecurity to protect sensitive data.”
He added, “Organizations across Sri Lanka must prioritize cybersecurity as a business imperative. Phishing attacks are among the most prevalent threats today, and they can have far-reaching consequences if not addressed. Businesses should take immediate steps to implement effective anti-phishing technologies and ensure that their employees are well-trained to recognize and avoid such attacks.”
Kaspersky’s report highlights that financial phishing, particularly in the business-to-business (B2B) sector, is on the rise. Sri Lanka has reported a significant number of phishing attacks aimed at B2B financial notifications, with 9,218 incidents detected in 2024. This places Sri Lanka in a critical position, urging businesses to adopt stronger cybersecurity practices.
To counteract this growing threat, Kaspersky recommends that businesses and financial institutions in Sri Lanka implement a series of proactive security measures: Deploy anti-phishing technologies to detect and block malicious communications in real-time. Invest in employee training to raise awareness about phishing tactics and how to spot suspicious activities. Implement multi-factor authentication (MFA) to add an extra layer of protection to sensitive financial transactions.
The Kaspersky Security Bulletin further reveals that Sri Lanka has seen a significant increase in web-borne and local malware attacks. In 2024, Kaspersky products detected over 8.6 million web-based cyberthreats and 12.5 million local malware incidents on computers in Sri Lanka. This underscores the need for businesses to adopt a comprehensive cybersecurity strategy that includes both proactive threat detection and incident response capabilities.
Sri Lanka’s position as a growing target for financial phishing attacks is not unique. According to Kaspersky’s global statistics, countries such as Belarus, Moldova, and the Philippines top the list for the highest percentage of users attacked by web-borne threats. However, Sri Lanka remains vulnerable, with a significant number of businesses still at risk of falling victim to these cybercrimes.
To help businesses build on their cyber defences, Kaspersky offers its integrated software solution that includes a set of functions for event monitoring and management, Kaspersky Unified Monitoring and Analysis Platform (KUMA).
KUMA is a unified console for monitoring and analysing information security incidents and helps businesses and organizations stay safe in cyberspace while embracing digitalisation. More information about the platform is available here: https://support.kaspersky.com/help/KUMA/1.5/en-US/217694.htm. To know more the latest threat reports from Kaspersky, visit Securelist.com
