The tendency of cyber threats in the financial services sector to target the financial wellbeing of individuals and organisations make attacks on this industry among the most dangerous in existence, and 2020 saw an evolution in how threat actors operate.
Following a review of cyber activity in 2020, Kaspersky researchers have forecasted the important developments that will be at play in the financial threat landscape of 2021, while looking to help organisations prepare for these new threats.
“This year was substantially different from any other year we experienced, and yet, many trends that we anticipated to come to life last year came true regardless of this transformation of how we live,” said Dmitry Bestuzhev, a security researcher at Kaspersky.
“These include new strategies in financial cybercrime – from reselling bank access to targeting investment applications — and the further development of already existing trends, for instance, even greater expansion of card skimming and ransomware being used to target banks.
“Forecasting upcoming threats is important, as it enables us to better prepare to defend ourselves against them, and we are confident our forecast will help many cyber security professionals to work on their threat model.”
Bitcoin theft
Firstly, Kaspersky forecasts a rise in Bitcoin theft, as the financial impacts of Covid-19 continue to set in.
With the pandemic likely to cause a wave of poverty in 2021, and certain economies and local currencies possibly plummeting or crashing, it’s predicted that fraudulent activities targeting Bitcoin will be increasingly attractive to threat actors.
MageCart attacks moving to the server side
The method of stealing payment card data from e-commerce platforms, known as MageCarting or JS-skimming, is predicted to move to the server side.
While fewer threat actors are relying on client side attacks that use JavaScript, Kaspersky researchers believe that attackers will move away from this area and target the server side instead.
The seven types of e-commerce fraud explained
Internalisation of criminal operations
It’s forecasted that cyber criminals that target financial institutions will mostly rely on in-house development, re-integrating and internalising its operations.
According to Kaspersky, this shift will reduce outsourcing, and boost the profits of major threat actors.
Increased reliance on ransomware from advanced threat actors
Advanced threat actors based in countries that have been placed under economic sanctions could rely more on ransomware imitating the work of cyber criminals.
This may involve the reuse of already available code, or the creation of campaigns from scratch.
0-day exploits used by ransomware groups
Upcoming attacks by ransomware groups that have managed to profit from attacks in 2020 will look to utilise 0-day attacks – vulnerabities that have not yet been found by developers – as well as N-days exploits, to scale and increase the effectiveness of their attacks.
Expansion of “persistent engagement”
The head of the National Security Agency, Army Gen. Paul Nakasone, has often cited a “persistent engagement” strategy for cracking down on cyber crime, and Kaspersky predicts that this will be expanded in 2021.
Additionally, there is the possibility of economic sanctions against institutions, territories or even countries that prove insufficient when it comes to stopping cyber crime that originate on their territory.
War of the AI algorithms: the next evolution of cyber attacks
Cryptocurrency transit
With monitoring, deanonymisation and seizing now present for BTC accounts now in place, cyber criminals could shift to transit cryptocurrencies for charging victims.
Threat actors in this space may switch to other privacy-enhanced currencies, such as Monero, to use these initially as a transition currency, before converting funds to any other cryptocurrency of choice, including BTC.
A rise in extortion
Lastly, Kaspersky predicts that cyber criminals targeting financial assets will increasingly rely on extortion to obtain funds from victims.
Organisations that are likely to be hurt by the loss of data and exhausting recovery processes will be particularly targeted, with more threat actors utilising ransomware or DDoS attacks, or even a combination of both.
More information on Kaspersky’s financial financial threats vision for 2021 can be found here.