Financial cyber-crime in 2021 is about to evolve, researchers suggest, with extortion practices becoming even more widespread, ransomware gangs consolidating & advanced exploits being used more effectively to target their victims.
Ransomware gangs with zero-days & extra players overall will be typical of financially motivated cyber-attacks next year.
Remote Work Solutions
This is are key predictions from Kaspersky. Researchers explained the drastic COVID-19-related changes to the way people live & work has changed the way financial attackers operate too.
The implications of these moves for 2021 are very significant. During 2020, companies became less secure due to hastily deployed remote work solutions, researchers suggested.
That has led to a lack of employee training, default laptop configurations left unchanged & vulnerable remote access connections. Altogether these trends have opened up many new attack methods, including targeted ransomware campaigns.
According to Kasperky, ransomware – above all – will continue to be a main threat in 2021.
“Due to their successful operations & extensive media coverage this year, the threat players behind targeted ransomware systematically increased the amounts victims were expected to pay in exchange for not publishing stolen information,” researchers warned in a Mon. posting.
“This point is important because it is not about data encryption anymore, but about disclosing confidential information exfiltrated from the victim’s network. Due to payment card industry security & other regulations, leaks like this may result in significant financial losses.”
Kaspersky researchers anticipate an even higher growth in extortion attempts during 2021, with more cyber-criminals targeting organisations with ransomware or distributed denial of service (DDoS) attacks or both. This could include advanced persistent threat (APT) groups going forward.
“The Lazarus group has tried its hand at the big game with the VHD ransomware family. This received attention, & other APT threat actors followed suit, MuddyWater among them,” researchers explained.
“Advanced threat actors from countries placed under economic sanctions may rely more on ransomware imitating cyber-criminals’ work. They may re-use already-available code or create their own campaigns from scratch.”
Meantime, zero-day exploits could become more common among ransomware gangs says the firm, as they purchase these to expand even further the number of attacks & boost their success, resulting in more profit.
“Ransomware groups who managed to accumulate funds as a result of some successful attacks in 2020 will start using zero-day exploits – vulnerabilities that have not yet been found by developers – as well as N-day exploits to scale & increase the effectiveness of their attacks,” according to Kaspersky.
“While purchasing exploits is an expensive endeavour, based on the money some of the ransomware operators were able to obtain from their victims, they now have sufficient funds to invest in them.”
Researchers also think that financial cyber-criminals will likely switch to “transit cryptocurrencies” when demanding payment from victims, for greater privacy.
“Special technical capabilities for monitoring, de-anonymising and seizing Bitcoin accounts will prompt a shift in the methods used by many cyber-criminals to demand payment,” according to the report.
“Other privacy-enhanced currencies such as Monero are likely to be used as a 1st transition currency, with the funds being later converted to other cryptocurrency, including Bitcoin, to cover criminals’ tracks.”
Bitcoin theft will become more attractive, as many countries are hit hard financially as a result of this pandemic.
“COVID-19 is likely to cause a massive wave of poverty, & that invariably translates into more people resorting to crime including cyber-crime,” researchers suggested.
“We might see certain economies crashing & local currencies plummeting, which would make Bitcoin theft a lot more attractive. We should expect more fraud, targeting mostly BTC, due to this cryptocurrency being the most popular one.”
Dmitry Bestuzhev, a Security Researcher at Kaspersky, noted that while the year 2020 was very different from any other, many trends that were anticipated to come down the road last year were correct regardless.
“These include new strategies in financial cyber-crime – from reselling bank access to targeting investment applications — the further development of already existing trends, for instance, even greater expansion of card-skimming & ransomware being used to target banks,” he observed.
“Forecasting upcoming threats is important, as it enables us to better prepare to defend ourselves against them, & we are confident our forecast will help many cyber-security professionals to work on their threat models.”