“The financial cybersecurity landscape in 2024 will be characterized by evolving threats, increased automation, and the persistence of cyber criminals. Financial institutions and organizations must adapt their cybersecurity strategies to address these challenges proactively, and safeguard their assets and sensitive data.” **
With platitudes like these, it’s a wonder their 2023 predictions were even 60% accurate. Nevertheless, Kaspersky Lab remains a global security company with visibility into financial services, and their insights are worth noting.
Filtering for banalities such as “AI cyberattacks will increase” and “abuse of unprotected devices available over the Internet”, I derived a few takeaways. The three increasing cybercrime trends that I think are worth keeping on your radar as we head into the new year:
1) ATS: Automated Transfer Systems are a form of mobile banking malware that makes unauthorized transactions when users access their app.
This leverages the perennial challenge of securing smartphones and keeping computers free of trojan infections. It’s a clear reminder to banks and financial institutions of the need for continued investment in secure development. (SecDevOps for those who crave buzzwords)
2) One-Day Exploits: why chase the zero-day holy grail when day-old vulnerabilities smell just as fresh and can be acquired and exploited freely? The speed with which attackers can track and process new information indicates an uptick in analytics capabilities, competence and computational advantages that businesses, regulators and law enforcement can only ignore at their own peril.
3) Criminal affiliation: efforts related to breach attribution, identification and criminal investigation are complicated by a more fluid structure of group membership, with hackers, fraudsters and other cybercrime ecosystem players working for multiple groups, switching allegiance and generally making themselves more scarce to evade detection.
Related to this last point, given the global geopolitical climate, we can also expect a reinvigorated political tug-of-war between the protection of privacy rights and the pressure to enable lawful access to confidential communications, or as the FBI describes it: “The inability to obtain intelligible content from end-to-end encrypted communications and devices”.
**Source: Kaspersky Lab
Member discussion: