Web skimmers move to the server side and extortion plague

In 2021, many financial cybercriminals are likely to target Bitcoin more often, while other cybercriminals will switch to transit cryptocurrencies when demanding payment from victims for enhanced privacy. On top of that, extortion practices will become even more widespread, be it as part of DDoS or ransomware attacks, with the operators of the latter consolidating and using advanced exploits to target victims. These are the key predictions from Kaspersky regarding Cyberthreats to financial organizations in 2021

Financial cyberthreats are among the most dangerous as they directly impact the financial wellbeing of victims – be it individuals or organizations. Drastic changes in 2020 unavoidably affected the way financial attackers operate. Albeit not all of the tactics, techniques and procedures have been influenced by the change of how we live and work nowadays, their influence cannot be understated. Based on a review of what has happened over 2020, Kaspersky researchers were able to prepare a forecast of the important developments in the financial threat landscape of 2021 in order to help organizations prepare for these new threats better. Here is a summary of their key predictions:

●MageCarting, or so-called JS-skimming (the method of stealing payment card data from e-commerce platforms), attacks will move to the server side. Evidence shows that from day to day there are fewer threat actors relying on client side attacks that use JavaScript. Kaspersky researchers expect that next year the attacks will shift to the server side.

●Transition currencies. At the same time, special technical capabilities for monitoring, deanonymizing and seizing Bitcoin accounts will prompt a shift in the methods used by many cybercriminals to demand payment. Other privacy enhanced currencies such as Monero are likely to be used as a first transition currency, with the funds being later converted to other cryptocurrency, including Bitcoin, to cover criminals’ tracks.

●Extortion on the rise. Due to their successful operations and extensive media coverage this year, the threat actors behind targeted ransomware systematically increased the amounts victims were expected to pay in exchange for not publishing stolen information. Now Kaspersky researchers anticipate an even higher growth in extortion attempts as a means to obtain money. Organizations, which may be hurt by the loss of data and exhausting recovery processes, are in the crosshairs, with more cybercriminals targeting them with ransomware or DDoS attacks or even both.

●0-day exploits used by ransomware gangs. On top of that, ransomware groups who managed to accumulate funds as a result of a number of successful attacks in 2020 will start using 0-day exploits – vulnerabilities that have not yet been found by developers – as well as N-days exploits to scale and increase the effectiveness of their attacks. While purchasing exploits is an expensive endeavor, based on the amounts some of the ransomware operators were able to obtain from their victims, they now have sufficient funds to invest in them.

●Bitcoin theft will become more attractive as many nations plummet into poverty as a result of the pandemic. With economies crashing down and local currencies dropping, more people may become involved in cybercrime, leading to more cases. As Kaspersky researchers anticipate, due to the weakness of local currencies, more people may focus on fraud that demands Bitcoin, as well as Bitcoin theft, since it is the most widespread cryptocurrency.

“This year was substantially different from any other year we experienced, and yet, many trends that we anticipated to come to life last year came true regardless of this transformation of how we live. These include new strategies in financial cybercrime – from reselling bank access to targeting investment applications — and the further development of already existing trends, for instance, even greater expansion of card skimming and ransomware being used to target banks. Forecasting upcoming threats is important, as it enables us to better prepare to defend ourselves against them, and we are confident our forecast will help many cybersecurity professionals to work on their threat model,” says Dmitry Bestuzhev, a security researcher at Kaspersky.

Financial predictions are part of the Kaspersky Vertical Threat Predictions for 2021, one of the segments of the Kaspersky Security Bulletin (KSB) – an annual series of predictions and analytical reports on key shifts in the cybersecurity world. Follow this link to look at other KSB pieces.