Threat Management, Malware, Ransomware

Rise of info-stealers, crypto scams and deepfakes will imperil financial sector

ISTANBUL, TURKEY – APRIL 16: A woman uses a bank ATM next to a Bitcoin ATM machine at a shopping mall  on April 16, 2021 in Istanbul, Turkey. Turkey’s Central Bank announced a ban on the use of cryptocurrencies and crypto assets for purchases, directly or indirectly to pay for goods or services. The announcement comes as Turkey’s ...

The threat landscape for the financial services industry in 2022 is shaping up to be a complex one, experts suggest, as industry members face an increase in information stealer infections, cryptocurrency thefts and destructive ransomware attacks, in addition to advances in deepfakes technologies and targeted extortion tactics.

A collection of panelists from Kaspersky, insurance company Swiss Re and digital financial institution C6 Bank shared perspectives on these predictions in a Kaspersky webinar this week.

Dmitry Bestuzhev, director of Kaspersky’s Global Research and Analyst Team in Latin America, along with Dan Demeter, Kaspersky security researcher, detailed a series of threat forecasts issued by the company in a Nov. 23 report. For starters, Bestuzhev noted that Kaspersky’s recent telemetry has indicated that there has been “exponential growth” in information stealer infections around the world. The reason for its growing popularity: it’s “very cheap” – often costing no more than $25 for a malware subscription, including access to the builder, obfuscator, back panel and other features, he noted.

“We believe that info-stealers will be a very relevant threat for all sorts of businesses and home users into 2022,” Bestuzhev continued, noting how malicious actors can use login credentials or cookies swiped by info-stealers to gain illegal access into users’ systems or sessions and enable a financial attack. “They're made not to have any persistence... The infection happens in a few seconds, sometimes… five to 60 seconds, 80 seconds maximum. The cybercriminal behind can steal all sorts of information,” he said.

Meanwhile, an increased public interest in cryptocurrency will likely prove alluring to cybercriminals looking to capitalize on the trend. Consequently, Kaspersky expects to see an uptick in crypto-related malicious activity, including smart contract attacks, DeFi hacks and the proliferation of fake hardware wallets.

“In the scramble for cryptocurrency investment opportunities, we believe that cybercriminals will take advantage of fabricating and selling rogue devices with backdoors, followed by social engineering campaigns and other methods to steal victims’ financial assets,” states the Kaspersky predictions report.

Kaspersky also predicted that the continued adoption of open banking systems will result in API abuses shifting from “an infrequent to the most frequent attack vector, resulting in data breaches for enterprise web applications.”

As international law enforcement cooperation improves, Kaspersky also expects some ransomware attacks to become more localized. Essentially, the company believes certain regional cybercriminal outfits will limit their focus to their own geographical area, targeting countries that are less likely to adequately defend themselves, prosecute offenders and punish victims who issue payments to government-sanctioned groups. “Not all countries have the same technical capability, scientific resources and even laws and such to investigate…attacks,” said Bestuzhev.

Fellow panelist Angelo La Penna, regional CISO, EMEA, at Swiss Re, offered his own 2022 ransomware prediction, expecting that regulations designed to deter businesses from paying ransoms may cause some cybercriminal groups to act even more aggressively in order to “put more pressure on the [victim] organization” to pay up. “Exposure of the data stolen [could] be more and more frequent,” he explained.

Moreover, Anchises Moraes, global cybersecurity evangelist at C6 Bank, predicted that more actors will be using ransomware tactics and techniques to pull off attacks for non-financial motivations such as cyber espionage or cyberterrorism. They encrypt and leak the data, and they don't restore the data – it doesn't matter why or how. It's not about the money; just about the destruction,” he said.

Moraes and La Penna also anticipate that financial scams that rely on deepfakes-based impersonation of business executives could become more prominent and convincing in the near future. “We see now these deepfakes becoming… more precise, more accurate and more difficult… to spot and more difficult to identify,” said La Penna. “We expect maybe in the next year, this is a tendency that will come more and more.”

“Cybercriminals, they're very smart. They're always improving their techniques. And I agree deepfakes can be used [for targeted] attacks against companies,” added Moraes.

The webinar panelists also said that the COVID-19 pandemic will continue to have an effect on financial cybercrime, whether life returns closer to normalcy or not. For instance, Kaspersky believes remote workers will continue to have a demand for online games, leading to more cybercriminals exploiting these apps for their own gain. Also, point-of-sale and ATM malware might see a comeback, as global citizens return more frequently to physical locations to make purchases or withdraw money.

Additionally, Moraes said it’s likely that scammers in 2022 will look to take advantage of economic recovery efforts, targeting individuals looking to pay bills and debts that they were unable to address during the heart of the pandemic.

Moraes also shared some predictions on the security side of the equation as well, noting that cyber vendors will “start looking more carefully [at] user experience design in our secured solutions and security cultures…”

“We have to think some different ways to authenticate users other than just passwords and something that is easy to use in order to have end user adoption,” he continued. For instance, “I have seen in the financial industry, the banks investing even more and more on biometrics, and user behavior authentication.”

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.