The emerging fintech space is an increasing target for cybercriminals according to Kaspersky senior researcher, Fabio Assolini.
He said that a vast majority of fintechs are not adequately protected due to insufficient infrastructure and have therefore come onto the radar of criminals.
Assolini was speaking to BusinessTech at the Kaspersky Lab annual Cyber Security Weekend (11-14 April) for the Middle East, Turkey and Africa, in Istanbul.
He said that ‘young’ startups are more exposed than bigger, traditional banks, making them a target.
Kaspersky meanwhile, underlined several cyber threat trends that have emerged in 2018, including:
ATM malware: Automated attacks on ATMs and out-of-the-box solutions to hack them. “So far we’ve seen ATM hacking solutions that essentially involve a flash drive attached to a kind of stick.
“Clearly, this method is not particularly effective against ATMs under constant surveillance, but that’s unlikely to prevent attackers from giving up on them. New hacking methods will be developed, some of which could be remote,” it said.
More router and modem attacks: Another known area of vulnerability that has gone vastly ignored is that of routers and modems, Kaspersky Lab said.
“Be they home or enterprise, these pieces of hardware are everywhere, they’re critically important to daily operations, and tend to run proprietary pieces of software that go unpatched and unwatched.
“At the end of the day, these little computers are Internet-facing by design and thereby sitting at a critical juncture for an attacker intent on gaining persistent and stealthy access to a network.”
It added that in some cases attackers might even be able to impersonate different Internet users, making it possible to throw off the trail of an attacker entirely to a different connecting address.
“At a time of increased interest in misdirection and false flags, this is no small feat.”
Rise of attacks with cryptocurrencies: Ransomware attacks will force users to buy cryptocurrency.
“Cybercriminals will continue to demand ransoms in cryptocurrency, because of the unregulated and almost anonymous cryptocurrency market: there is no need to share any data with anyone, no one will block the address, no one will catch you, and there is little chance of being tracked,” the Moscow based company said.
At the same time, further simplification of the monetization process will lead to the wider dissemination of encryptors, Kaspersky said.
Attacks on IoT, including industrial IoT: Kaspersky said that with few exceptions, cybercriminal groups have not yet discovered simple and reliable schemes for monetizing attacks on industrial information systems.
“Accidental infections and incidents in industrial networks caused by ‘normal’ (general) malicious code aimed at a more traditional cybercriminal target such as the corporate networks, will continue in 2018.
“At the same time, we are likely to see such situations result in more severe consequences for industrial environments.
“The problem of regularly updating software in industrial systems in line with the corporate network remains unresolved, despite repeated warnings from the security community.”