Cybercriminals will likely target online payment processing systems in 2020, Moscow-based cybersecurity and anti-virus making firm Kaspersky Lab has warned
JS-skimming (the method of stealing of payment card data from online stores) has gained popularity among attackers over the past few years, the company said in its report. At least 10 different actors involved in these types of attacks and their number is expected to grow during the next year, according to multiple media reports.
Companies that provide services such as e-commerce as-a-service are highly vulnerable to these attacks, the report said.
“This year has been one of many important developments. Just as we predicted at the end of 2018, it has seen the emergence of new cybercriminal groups, like CopyPaste, a new geography of attacks by Silence group, cybercriminals shifting their focus onto data that helps to bypass anti-fraud systems in their attacks,” Yuriy Namestnikov, security researcher at Kaspersky, said.
In addition, researchers mentioned that cybercriminals will focus on attacking investments apps which have become popular among users globally. According to the report, these apps do not use best security practices like multi-factor authentication or protection of the app connection, which may benefit potential cyber criminals.
“Behavioural and biometrics data is on sale on the underground market. Additionally, we expected JS-skimmer base attacks to increase and they did. With 2020 on the horizon, we recommend security teams in potentially affected areas of the finance industry to gear up for new challenges,” Namestnikov added.
Monitoring of underground forums at Kaspersky suggests that the source code of some popular mobile banking Trojans was actually leaked into the public domain. Other similar cases of malware source code leakage (like Zeus, SpyEye) resulted in an increased number of new variations of these Trojans. The company warns that these patterns can repeat in 2020.
Kaspersky Lab is a multinational cybersecurity and anti-virus provider and has been operating in the market for over two decades.
Earlier this year, the company had said that cybercriminals attacked 31% of Indian web users from January to March. Cryptojacking was one of the most prominent threats during the period, with more than 15,000 instances surfacing on a daily average totalling 2.76 million detections and ransomware remained one of the persistent threats.
In a recent United Kingdom-based network security provider Sophos released a report SophosLabs 2020, where it explained key trends to watch out for in the coming year. The report said cyber criminal will use emerging technology to target victims.