New cybersecurity challenges are planned for next year, including in countries where the incidents are almost non-existent.
Attacks such as targeted ransomware and those focused on supply chains are expected to resurface next year. Unfortunately, these types of attacks have proven to be very lucrative and with great impact.
The Kaspersky company said that the social situation in several countries will boost the use of social networks for the manipulation of public opinion and misinformation.
The company also explained that next year there are new cybersecurity challenges, even in countries where the incidents are almost non-existent.
1.- Manipulation of opinion via social networks. During the next year we will witness even more examples of the use of social networks for the propagation of campaigns for the purpose of disinformation and manipulation of popular opinion. The level of orchestration of such attacks will reach a prominent sophistication.
2.- Infections via attacks on supply chains. We anticipate that companies dedicated to the production of mass software will become targets of such attacks. The level of maturity in cybersecurity of many of these companies, for example, those that produce accounting software, is quite low. However, the penetration of the software produced by these companies in the market is usually important, which for cybercriminals would represent a high-impact attack with minimal investment.
3.- Worm-type attacks, exploiting vulnerabilities in Windows 7. Since the technical support of this system will end on January 14 of next year and that, according to Kaspersky data, about 30% of users still use it daily , cybercriminals will take advantage of the security holes without patches of this operating system to attack users, just as it happened with Windows XP.
4.- Theft of credentials related to entertainment sites. With the growing popularity of streaming services (Netflix, Spotify, Steam) and the launch of new services (Disney +, HBO Max), it is clear that this type of crime will increase, since credentials sold in illegal markets will be a good of exchange among cyber criminals.
5.- More scams related to bitcoin. Not only will there be an increase in attacks known as sextorsion, where the victim is accused of having seen pornographic material on his computer and is threatened with “publicly betraying himâ€, but also other more elaborate scams to raise funds through targeted phishing to users of buying and selling sites, as well as cryptocurrency exchange.
6.- Increase in attacks on financial institutions. Not satisfied with attacking clients of financial services, cybercriminals now seek to compromise the banks themselves or any institution or organization that offers this type of services, such as correspondents or transaction hubs. These types of attacks will continue both by local cybercriminal groups, and by international groups, such as Lazarus and Silence, which will increase their presence in the region.
7.- Ransomware resurgence and more targeted attacks. Next year, instead of demanding money for deciphering the information, we will see an increase in extortion campaigns, where the victim will be forced to pay a ransom so that their information is not filtered into the public domain. This will be particularly problematic for hospitals, law firms and accountants, as well as any type of entity that handles third party information subject to regulations. Additionally, certain cybercriminal groups will choose high-profile objectives, where the impact of the attack and media interest may compromise the operation and reputation of the affected organizations.
8.- Expansion of SIM Swapping as a service, where criminals will offer to clone a particular line so that other individuals can carry out illegal activities, such as identity theft or gain access to financial sites with the aim of stealing the victim's money .
9.- “Humanitarian†export of attacks on financial institutions and their clients, related to the migration and regional displacement of people for various reasons. These scenarios will bring new challenges, even for countries where high profile cybercrime has been almost non-existent.
10.- Increase in blackmail attacks directed at companies and large corporations, due to the adoption of new legislation to penalize data leakage incidents. As a result, criminals, when invading a corporate infrastructure and consequently stealing data, will launch attacks to blackmail the victim companies, who will have to choose between paying the fine imposed by law or paying the criminal, causing direct losses to Corporations in the region.