Kaspersky Lab, the global cybersecurity company has released its prediction of cyberattacks on financial institutions for 2019. .Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe.
The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected byKaspersky Lab technologies.
A Kaspersky Lab 2018 forecast for financial institutions was over 90% accurate. Out of 10 predictions, only one turned out negative. Its prediction that there would be spike in traditional card fraud due to the huge data breaches that happened in the previous year was not accurate.
8 Kaspersky Lab Cyberattacks Predictions for financial institutions in2019 include the flowing:
- Emergence of new groups due to the fragmentation of Cobalt/Carbnal and Fin7: new groups and new geography
The arrest of leaders and separate members of major cybercrime groups has not stopped these groups from attacking financial institutions. Next year, we will most likely see the fragmentation of these groups and the creation of new ones by former members, which will lead to the intensification of attacks and the expansion of the geography of potential victims.
At the same time, local groups will expand their activities, increasing quality and scale. It is reasonable to assume that some members of the regional groups may contact former members of the Fin7 or Cobalt group to facilitate access to regional targets and gain new tools with which they can carry out attacks.
- The first attacks through the theft and use of biometric data
Biometric systems for user identification and authentication are being gradually implemented by various financial institutions, and several major leaks of biometric data have already occurred. These two facts lay the foundation for the first POC (proof-of-concept) attacks on financial services using leaked biometric data.
- The emergence of new local groups attacking financial institutions in the Indo-Pakistan region, South-East Asia and Central Europe
The activity of cybercriminals in these regions is constantly growing: the immaturity of protective solutions in the financial sector and the rapid spread of various electronic means of payment among the population and companies in these regions are contributing to this.
Now, all the prerequisites exist for the emergence of a new center for financial threats in Asia, in addition to the three already in Latin America, Korean peninsula and the ex-USSR.
- Continuation of the supply-chain attacks: attacks on small companies that provide their services to financial institutions around the world
This trend will remain with us in 2019. Attacks on software providers have proven effective and allowed attackers to gain access to several major targets. Small companies (that supply specialized financial services for the larger players) will be jeopardized first, such as the suppliers of money transfer systems, banks and exchanges.
- Traditional cybercrime will focus on the easiest targets and bypass anti-fraud solutions: replacement of PoS attacks with attacks on systems accepting online payments
In 2019, in terms of threats to ordinary users and stores, those who use cards without chips and do not use two-factor authorization of transactions will be the most at risk. The malicious community has focused on some simple goals that are easy to monetize. However, this does not mean that they do not use any complex techniques.
For example, to bypass anti-fraud systems, they copy all computer and browser system settings. On the other hand, this cybercriminal behavior will mean that the number of attacks on PoS terminals will decrease, and they will move towards cyberattacks on online payment platforms instead.
- The cybersecuritysystems of financial institutions will be bypassed using physical devices connected to the internal network
Due to the lack of physical security and the lack of control over connected devices in many networks, cybercriminalswill more actively exploit situations where a computer or mini-board can be installed, specifically configured to steal data from the network and transfer the information using4G/LTE modems.
Attacks like this will provide cybergangs with an opportunity to access various data, including information about the customers of financial institutions, as well as the network infrastructure of financial institutions.
- Attacks on mobile banking for business users
Mobile applications for business are gaining popularity, which is likely to lead to the first attacks on their users. There are enough tools for this, and the possible losses that businesses incur are much higher than the losses incurred when individuals are attacked. The most likely attack vectors are attacks at the Web API level and through the supply chain.
- Advanced social engineering campaigns targeting operators, secretaries and other internal employees in charge of wires: result of data leaks
Social engineering is particularly popular in some regions, for example Latin America. Cyber criminals keep targeting specific people in companies and financial institutions to make them wire big sums of money. Due to high amount of data leakages previous years this type of attacks becomes more effective, since criminals are able to use leaked internal information about targeted organization to make their messages look absolutely legit.
Main idea remains the same: they make these targets believe that the financial request has come from business partners or directors. These techniques use zero malware, but demonstrate how targeted social engineering gets results and will become more powerful in 2019. This includes attacks like “simswap”.