As the financial threat landscape has evolved significantly in recent years, Kaspersky experts believe that it is no longer sufficient to look at threats to traditional financial institutions alone, but rather to evaluate financial threats as a whole. The cybercrime market has developed extensively, with the vast majority of attackers pursuing a single goal: financial profit.
This year, Kaspersky researchers have decided to adjust their forecasts accordingly, broadening them to include both crimeware developments and financial cyberthreats.
By analyzing the significant events and trends that shaped both the crimeware and financial threat landscape in 2022, Kaspersky researchers predicted several major trends expected in 2023. Here are their top predictions:
As cryptocurrencies have grown in popularity, so has the number of crypto scams. However, users are now much more aware of cryptocurrencies and will not fall for primitive scams like the questionable cryptocurrency scheme that went viral with a video featuring an “Elon Musk” deepfake. Cybercriminals will continue to try to steal from people using fake ICOs and NFTs and other cryptocurrency-based financial theft. Along with the exploitation of vulnerable smart contracts, criminals will use and create more advanced methods to proliferate their crimes.
Many actors have their own malware, but that alone is not enough. Entire samples consisted of ransomware only. But when there are different kinds of modules in the ransomware, it is easier for the threat to evade detection. As a result, attackers are now paying much more attention to downloaders and droppers, which can avoid detection. This has become a major product in the Malware-as-a-Service industry and there are already favorites among cybercriminals on the darknet, such as the Matanbunchus downloader. All in all, stealth execution and EDR bypassing is what malicious loader developers will focus on in 2023.
As various vendors create and improve penetration testing frameworks to protect businesses, such as Brute Ratel C4 and Cobalt Strike, crimeware actors are expected to be much more actively using them for illegal activities. Along with the development of new penetration tools, cybercriminals will increasingly use frameworks for their own malicious purposes.
As ransomware payment penalties continue to be issued, markets become more regulated, and technologies improve at tracing the flow and sources of Bitcoin (and sometimes recovering large transactions), cybercriminals will move away from this cryptocurrency and towards other forms of value transfer.
As geopolitics increasingly occupies the attention of not only the public but also cybercriminals, ransomware groups are expected to demand some form of political action instead of holding a ransom. An example of this is Freeud; brand new ransomware with cleaning functionality.
“We expect two major scenes within the ransomware landscape in the coming year,” said Marc Rivero, senior security researcher at Kaspersky’s Global Research and Analysis Team. “One of them will be the use of destructive ransomware with the sole purpose of destroying assets and the impact of what we call ‘regional attacks’, where certain families only impact certain regions. For example, the mobile malware landscape has evolved greatly in the Latin American region, bypassing bank security methods such as OTP and MFA. Malware-as-a-service is another important thing to look out for as this type of underground service is commonly found around ransomware attacks impacting larger organizations.
More information on these forecasts is available on Securelist.
These financial forecasts are part of Kaspersky’s Vertical Threat Forecasts 2023, one of the segments of Kaspersky Security Bulletin (KSB), an annual series of forecasts and analytical reports on key changes in the cybersecurity world.
To review what Kaspersky experts expected to see in 2022, follow this link.
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep knowledge of threats and security is constantly transformed into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the world . The company’s broad security portfolio includes leading endpoint protection and a range of specialized security solutions and services to combat sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate customers protect what matters most to them. Learn more at www.kaspersky.com.
Contact with the media
Sawyer Van Horn
CONTACT: Sawyer Van Horn Kaspersky 781-503-1866 firstname.lastname@example.org