The cybersecurity experts at Kaspersky are predicting that cybercriminals will increase their focus on the financial sector in 2020. The company believes that cryptocurrencies, data processing systems, and mobile investment apps will be particularly popular targets, although traditional banks should still expect to see a high volume of malware and ransomware attacks.
According to Kaspersky, cybercriminals will go after mobile investment apps because many of them have not yet adopted strong security practices like multi-factor authentication, making them easy targets for hackers. Payment processing systems are similarly vulnerable to JS-skimming, which allows groups of hackers to steal card information from online stores and has the potential to compromise e-commerce as-a-service providers.
With regard to malware, Kaspersky expects to see a flood of new Trojans after the source code for several major pieces of malware leaked to the public, giving hackers the opportunity to iterate on the code and develop new threats. Cybercriminals will also continue to go after smaller banks with outdated security systems in Asia, Africa, and Eastern Europe. Once they gain access, they can sell that access to other criminals or hold the bank hostage. Kaspersky argues that banks are more likely to pay a ransom to keep a breach out of the public eye.
“This year has seen cybercriminals shifting their focus to data that helps to bypass antifraud systems in their attacks. Behavioral and biometrics data is on sale on the underground market,” said Kaspersky security researcher Yuriy Namestnikov. “With 2020 on the horizon, we recommend security teams in the finance industry gear up for new challenges. There is nothing inevitable in potential upcoming threats, it is just important to be properly prepared for them.”
Kaspersky goes on to warn security experts in the healthcare and mobile sectors, where cybercriminals may target medical devices and 5G networks, respectively. Meanwhile, enterprises should be wary of criminal efforts to recruit insiders to gain access to corporate networks.
Kaspersky has previously warned financial institutions about the threat of the Silence Trojan, and uncovered a dark web e-shop that traffics in stolen identities. The company recently unveiled a prototype of a ring that allows users to unlock devices with a fake fingerprint rather than a real one, giving consumers more protection if their biometric information gets stolen.
December 3, 2019 – by Eric Weiss