12/15/2019 11:57:03 PM
2020 may be a very cautious year for finance and commerce sectors as cyberattacks are aiming to target apps, online financial data processing systems and upcoming cryptocurrencies, along with providing paid access to banks’ infrastructures and developing new strains of mobile banking malware based on leaked source code.
This was according to Kaspersky's key predictions on the expected development of the threat landscape in the financial sector.
Financial cyber threats are said to be part of the most dangerous ones, considering the direct financial losses one may incur. This tear saw some of the significant developments in the industry as well as how financial attackers operate. These events allow the researchers of this cybersecurity firm to suggest several important potential developments for the financial threat landscape in 2020.
As per Kaspersky's latest newsletter, some of the key headlines and details are the following:
Fintech is under attack. Mobile investment apps have become more popular among users around the globe. This trend won’t go unnoticed by cybercriminals in 2020. Not all of these apps utilize best security practices, like multi-factor authentication or protection of the app connection, which may give cybercriminals a potential way to target users of such applications
New mobile banking Trojans. Kaspersky's research and monitoring of underground forums suggest that the source code of some popular mobile banking Trojans was actually leaked into the public domain. Previous similar cases of malware source code leakage (e.g. Zeus, SpyEye) resulted in an increased number of new variations of these Trojans. In 2020 this pattern may repeat.
Paid access to banking infrastructure and ransomware attacks against banks. In 2020, Kaspersky experts expect an increase in the activity of groups specialized in the criminal-to-criminal sale of network access to banks in the African and Asian regions, as well as in Eastern Europe. Their prime targets are small banks, as well as financial organizations recently bought by big players who are rebuilding their cybersecurity system by the standards of their parent companies. Besides it is expected that the same banks may become victims of targeted ransomware attacks, as banks are among those organizations that are more likely to pay a ransom than accept the loss of data.
Magecarting 3.0: more cybercriminal groups will target online payment processing systems. Over the past couple of years, so-called JS-skimming (the method of stealing payment card data from online stores) has gained immense popularity among attackers. Currently, Kaspersky researchers are aware of at least 10 different actors involved in these types of attacks and experts believe that their number will continue to grow during the next year. The most dangerous attacks will be on companies that provide services such as e-commerce as-a-service, which will lead to the compromise of thousands of companies.
“This year has been one of many important developments. Just as we predicted at the end of 2018, it has seen the emergence of new cybercriminal groups, like CopyPaste, a new geography of attacks by Silence group, cybercriminals shifting their focus onto data that helps to bypass antifraud systems in their attacks. Behavioral and biometrics data is on sale on the underground market. Additionally, we expected JS-skimmer base attacks to increase and they did,” says Yury Namestnikov, a security researcher at Kaspersky.
“With 2020 on the horizon, we recommend security teams in potentially affected areas of the finance industry to gear up for new challenges. There is nothing inevitable in potential upcoming threats, it is just important to be properly prepared for them,” adds Yury.
Aside from the finances, Kaspersky researches cited other industries that will face new challenges in the upcoming year, such as healthcare, IT, and telecommunications. The full list of Kaspersky Vertical Threat Predictions for 2020 is available on Securelist.com.
Author: slickmaster | © 2019 The SlickMaster's Files
No comments:
Post a Comment
Feel free to make a comment as long as it is within the bounds of the issue, and as long as you do it with decency. Thanks!