Financial systems in jeopardy; infostealers on the rise, and more cryptocurrency attacks: a look at financial threats in 2022.

In 2022, we will observe state-sponsored groups targeting the cryptocurrency industry, while cybercriminals will take advantage of investors by fabricating rogue wallets with backdoors included.

On top of that, we are likely to witness the growth of attacks against payment systems and more advanced mobile threats. These are the key predictions from Kaspersky’s report on financial cyber threats in 2022.

Since most cybercriminals are motivated by money, financial threats have always been one of the most significant parts of the threat landscape. Pondering on the significant events and trends that shaped the financial threats’ sector in 2021, Kaspersky researchers have forecast several trends in 2022: 

1. Targeted cryptocurrency attacks will grow. As cryptocurrency is a digital asset and all transactions take place online, it offers anonymity to users. These are attractive features for cybercrime groups. However, not only cybercriminal organizations but state-sponsored threat actors have targeted this industry. Kaspersky experts have already witnessed APT groups rising to attack the cryptocurrency business aggressively, and they anticipate that this activity will continue.
2. Flawed security and fake hardware wallets as crypto hardware-based threats. While cryptocurrency attacks are becoming more targeted, cybercriminals keep coming up with new ways to steal investors’ financial assets. In the case of cryptocurrency investment opportunities, the firm’s researchers conclude that cybercriminals will take advantage of manufacturing and retailing rogue devices with backdoors, followed by social engineering campaigns and other techniques to steal victims’ financial assets. 
3. Acceleration and consolidation of Infostealers. Simplicity, affordability, and effectiveness in attacks will play a key role in unleashing infostealers against financial assets, at least as a first-stage data collector. Different threat actors will take advantage of the malware to profile victims for further attacks. This includes but is not limited to targeted ransomware attacks, traditional targeted attacks, and others. 
4. Mobile implants development consolidation. Pandemic-driven mobile banking has become more mature. Researchers expect more mobile banking trojans appearing in the Android platform, especially remote access tools that can circumvent security means adopted by banks (such as OTP and MFA). Local, regional Android implant projects will move globally, exporting attacks to Western Europe and other countries worldwide. 

According to Dmitry Bestuzhev, head of the firm’s Global Research and Analysis Team in Latin America: “This year has been challenging for many organizations: handling remote access for adhoc employees, patching hard systems connected to the Internet to endure ransomware attacks, dealing with a substantial increase of mobile banking and its malware implants. And cybercriminals have not been shy to attack markets. We have watched very regional cybercriminals shifting to other world regions making cybersecurity people work harder.”