There is no rest for cybersecurity professionals as 2024 is poised to be a challenging period for financial cybersecurity. Cybercriminals are employing increasingly sophisticated tactics and technologies to exploit vulnerabilities that will target the financial operations of the enterprise and it is critical to identify beforehand how these cybercriminals are going to attack.
Kaspersky has outlined several key predictions based on emerging trends and threats that have been noticeable in the past year. Here are the notable financial cyber threats cybersecurity professionals should be on the lookout for
AI-powered cyberattacks
Kaspersky expects an upsurge this year in cyberattacks that leverage machine learning tools. Generative AI will be utilized to mimic legitimate ads, emails, and other means of communication, making it a challenge to distinguish between genuine and fake content. This will also lead to a proliferation of lower-quality campaigns, as the entry barrier for cybercriminals will lower and the potential for deception will rise.
Fraudulent schemes targeting direct payment systems
Cybercriminals will exploit the increasing popularity of direct payment platforms such as FedNow, PIZ, and UPI by deploying clipboard malware designed to support direct payment systems. Additionally, mobile banking trojans will further exploit these systems as a quick and efficient means of cashing out ill-gotten money.
Automated Transfer Systems (ATS) attacks
Mobile Automated Transfer System (ATS) attacks are a fairly new technique, which involves banking malware making fraudulent transactions when the user logs in to the banking app. While only a few Brazilian malware families are currently using mobile ATS, the global adoption of mobile banking and A2A transfer systems will lead to the greater proliferation of the malware.
Brazilian banking Trojans on the rise
As many Eastern European cybercriminals shifted their focus to ransomware, Brazilian banking trojans are expected to fill the void left by desktop banking trojans, with the likes of Grandoreiro have already expanded abroad, targeting more than 900 banks in 40 countries.
Ransomware target selection
Ransomware groups are becoming more selective in their target choices to maximize their chances of receiving higher ransom amounts. Thus they have focused on launching targeted and damaging attacks on financial institutions and organizations.
Open-source backdoored packages
The rise in open-source backdoored packages will be another fertile area for cybercriminal activity as vulnerabilities in widely used open-source software are a goldmine for cybercriminals to exploit.
Decrease in 0-days, increase in 1-day exploits
Cybercriminals will be relying less on zero-day vulnerabilities and instead turn to 1-day exploits. This shift may be driven by the increased scarcity of zero-days and the growing demand for more reliable and accessible attack methods.
Exploitation of misconfigured devices and services
Cybercriminals are expected to increasingly seek and exploit misconfigured devices and services that are publicly accessible when they should not be.
Fluid composition of affiliate groups
Cybercrime affiliate groups will have a more fluid structure, with members frequently switching between, or working for, multiple groups simultaneously. This will make it difficult to track and combat cybercrime effectively.
Adoption of less popular/cross-platform languages
Cybercriminals will increasingly use less popular or cross-platform programming languages like Golang and Rust to create malware and exploit vulnerabilities. This will make it harder to detect and mitigate cyber threats.
Emergence of hacktivist groups
Socio-political conflicts will lead to a rise in hacktivist groups that focus on disrupting critical infrastructure and services. These groups are ostensibly doing it to “raise awareness” about their cause but are causing disruption to vital operations of financial organizations.
Given these looming threats, businesses must adapt their cybersecurity strategies to address these challenges proactively, and safeguard their assets and sensitive data as well as their key financial operations. Collaboration and cooperation between the public and private sectors are essential in the goal towards effectively dealing with the growing financial cybersecurity risks this year and into the future.