By Derek Manky, Chief Security Strategist & VP Global Threat Intelligence, FortiGuard Labs

Last year saw security teams in finance having to counter a wave of cyber threats. The war in Ukraine, as well as flexible working practices, led to an increase in cyber-criminal activity. With the added backing of nation-states, attackers who were able to identify new weaknesses and exploit them. 

The potential impact of a security breach has never been higher, carrying significant operational, reputational and financial consequences. It is therefore imperative that, organisations are equipping themselves with the right tools to prevent catastrophic hacks and breaches from happening. 

Here are five threat trends that finance teams will need to look out for in 2023:

• Growth in Cybercrime-as-a-Service

Given cybercriminal success with Ransomware-as-a-Service (RaaS), a growing number of additional attack vectors will be made available to fuel a significant expansion of Cybercrime-as-a-Service (CaaS). CaaS presents an attractive business model for threat actors. With varying skill levels they can easily take advantage of turnkey offerings without investing the time and resources up front to craft their own unique attack plan. And for seasoned cybercriminals, creating and selling attack portfolios as-a-service offers a simple, quick, and repeatable payday. Going forward, subscription-based CaaS offerings could potentially provide additional revenue streams.

One of the most important methods to defend against these developments is cybersecurity awareness education and training. While many organisations offer basic security training programmes for employees, organisations should consider adding new modules that provide education on spotting evolving methods such as AI-enabled threats.

1.Reconnaissance-as-a-Service Models could make attacks more effective

As attacks become more targeted, threat actors will likely hire “detectives” on the dark web to gather intelligence on a particular target before launching an attack. Like the insights one might gain from hiring a private investigator, Reconnaissance-as-a-Service offerings may serve up attack blueprints. This includes an organisation’s security schema, key cybersecurity personnel, the number of servers they have, known external vulnerabilities, and even compromised credentials for sale, or more, to help a cybercriminal carry out a highly targeted and effective attack. Attacks fuelled by CaaS models means stopping adversaries earlier during reconnaissance will be important.

Luring cybercriminals with deception technology will be a helpful way to not only counter RaaS but also CaaS at the reconnaissance phase. Cybersecurity deception coupled with a digital risk protection (DRP) service can help organisations know the enemy and gain advantage.

2.Money Laundering to get a boost from automation and create LaaS

Money Laundering-as-a-Service (LaaS) could quickly become mainstream as part of the growing CaaS portfolio. To grow cybercriminal organisations, leaders and affiliate programmes employ money mules who are knowingly or unknowingly used to help launder money. Mule recruitment can be a time-consuming process, so cybercriminals will turn to machine learning (ML) to help them to better identify potential mules. Manual mule campaigns will be replaced with automated services that move money through layers of crypto exchanges, making the process faster and more challenging to trace – decreasing the chances of recovering stolen funds.

Looking outside an organisation for clues about future attack methods will be more important than ever, to help prepare before attacks take place. DRP services are critical for external threat surface assessments, to find and remediate security issues, and to help gain contextual insights on current and imminent threats.

3.Virtual cities and online worlds could fuel cybercrime

The metaverse is giving rise to new, fully immersive experiences in the online world. While new virtual cities open a world of possibilities, they also open the door to an unprecedented increase in cybercrime. An individual’s avatar is essentially a gateway to personally identifiable information (PII), making them prime targets for attackers – especially their digital wallets, crypto exchanges, NFTs, and any currencies used to transact in these virtual cities. Biometric hacking could also become a real possibility because of the AR and VR-driven components, making it easier for a cybercriminal to steal fingerprint mapping, facial recognition data, or retina scans. In addition, the applications, protocols, and transactions within these environments are all also possible targets for adversaries.

Real-time visibility, protection, and mitigation is essential to deal with this threat. Advanced endpoint detection and response (EDR) can enable real-time analysis, protection, and remediation.

4.Commoditisation of wiper malware will enable more destructive attacks

Wiper malware has made a dramatic comeback in 2022, with attackers introducing new variants of this decade-old attack method. The 1H 2022 FortiGuard Labs Global Threat Landscape report showed there was an increase in conjunction with the war in Ukraine. But it was also detected in 24 additional countries, not just in Europe. Its growth in prevalence is alarming. The existing reality is threat actors combining a computer worm with wiper malware, and even ransomware for maximum impact. However, the concern going forward is that malware developed and deployed by nation-state actors could be picked up and re-used by criminal groups and used throughout the CaaS model. Given its broader availability combined with the right exploit, wiper malware could cause massive destruction in a short period of time given the organised nature of cybercrime today. This makes time to detection and the speed at which security teams can remediate paramount. 

Ultimately, for modern enterprises, being on the receiving end of a cyber-attack is an inevitability. However, many of the threats businesses face are familiar and nothing we haven’t previously seen. It is, therefore, up to organisations to adequately prepare themselves and ensure they limit the impact any breach may have.