Kaspersky predicts top cybercrime trends for 2020
“Given the serious surge in cybercriminal activity during the rapid growth of Bitcoin and altcoins in 2018, we predict that a similar situation will most likely unfold around Gram and Libra. Large players in this market should be especially careful, as there are a number of APT groups, such as WildNeutron and Lazarus, whose interests include crypto assets. They are very likely to exploit these developments,” he said.
In 2019, the firm noticed that criminals were carrying out targeted attacks on financial institutions like banks. This is set to increase in 2020, it said. It expects an increase in the activity of groups specializing in the sale of network access (to financial institutions) in the African and Asian regions, as well as in Eastern Europe.
“Their prime targets are small banks, as well as financial organizations recently bought by big players who are rebuilding their cybersecurity system in accordance with the standards of their parent companies,” said Namestnikov.
Targetted ransomware attacks on banks will also continue to rise in 2020. Another ransomware attack pattern against small and medium financial institutions will be a “pay-per-install” scheme, the report said. Cybercrime actors will also return to ‘custom tooling’ in 2020 and invest in new Trojans and exploits, it added.
The firm had monitored underground forums and found that source code of popular mobile banking Trojans were leaked into the public domain, it said. Due to the popularity of such Trojans, it expects a repeat of the situation where source codes of ZeuS and SpyEye Trojans were leaked. It had led to an increase in attempts to attack and the geography of attacks are also likely to expand to every country in the world.
Mobile investment apps could also become a prime target for cybercriminals in 2020, it said.
“Given the popularity of some fintech companies and exchanges (for both real and virtual money), cybercriminals will realize that not all of them are prepared to deal with massive cyberattacks, as some apps still lack basic protection for customer accounts, and do not offer two-factor authentication or certificate pinning to protect app communication. Several governments are deregulating this area and new players are appearing every day, becoming popular very quickly. In fact, we have already seen attempts by cybercriminals to substitute the interfaces of these apps with their own malicious versions.”
A method known as ‘JS skimming’ is also likely to gain more traction among attackers, with the growing number of e-commerce websites which can be vulnerable to cyber risks. JS skimmers are a type of malware which add a small piece of code onto legitimate websites to retrieve private information like credit card numbers. “At the moment we are able to distinguish at least 10 different actors involved in these types of attacks and we believe that their number will continue to grow during the next year. The most dangerous attacks will be on companies that provide services such as e-commerce as a service, which will lead to the compromise of thousands of companies,” the firm said.
Geographically localized attacks in countries that have not previously been affected by them will also increase due to political and social upheaval which can in turn result in migration of all kinds of people, including cybercriminals.