Malware-as-a-Service on the Rise: A look at crimeware and financial threats in 2023

In 2023, we will observe a great demand for malware loaders on the darknet: instead of developing their own malicious samples, attackers will opt for ready-made services with enhanced detection avoidance.

Moreover, due to increasing regulations imposed on cryptomarkets, crimeware gangs move away from Bitcoin seeking other forms of value transfer.

These are the key predictions from Kaspersky’s ‘Crimeware and financial cyberthreats in 2023’ report.

As the financial threat landscape has been evolving dramatically over the past few years, Kaspersky experts believe it is no longer sufficient to look at the threats to traditional financial institutions, but that it is better to assess financial threats as a whole. The cybercrime market has been developing extensively, with the overwhelming majority of attackers pursuing one goal – financial profit.

This year, Kaspersky researchers have decided to adjust their predictions accordingly, expanding them to encompass both crimeware developments and financial cyberthreats.

By analysing the significant events and trends that formed both crimeware and the financial threats landscape in 2022, Kaspersky researchers have forecasted several important tendencies expected in 2023.

Here are their key predictions:

1. Led by gamers and other entertainment sectors, web3 continues to gain traction and so will threats to it.

With the increasing popularity of cryptocurrencies, the number of crypto scams has also grown. However, users are now much more aware of crypto and will not fall for primitive scams such as the dubious cryptocurrency scheme that went viral featuring a video with a deepfake “Elon Musk”.

Cybercriminals will continue to try stealing from people using fake ICOs and NFTs, and other cryptocurrency-based financial theft.

Along with the exploitation of vulnerable smart contracts, criminals will use and create more advanced methods to proliferate their crimes.

2. Malware loaders are to become the hottest goods on the underground market.

Many actors have their own malware, but that alone is not enough. Entire samples used to consist of ransomware alone. But when there are different types of modules in ransomware, it is easier for the threat to evade detection.

As a result, attackers are now paying much more attention to downloaders and droppers, which can avoid detection.

This has become a major commodity in the Malware-as-a-Service industry, and there are already favourites among cybercriminals on the darknet, for example the Matanbunchus downloader. All in all, stealth execution and bypassing EDR’s is what malicious loaders developers are going to focus on in 2023.

3. More new penetration testing frameworks will be deployed by cybercriminals

While various vendors create and improve penetration testing frameworks to protect companies, such as Brute Ratel C4 and Cobalt Strike, crimeware actors are expected to use them much more actively for illegal activities. Along with the development of new penetration tools, cybercriminals will increasingly use the frameworks for their own malicious purposes.

4. Ransomware negotiations and payments will rely less on Bitcoin as a transfer of value

As sanctions on ransomware payments continue to be issued, the markets become more regulated, and technologies improve at tracking the flow and sources of Bitcoin (and sometimes clawing back conspicuous transactions), cybercrooks will rotate away from this cryptocurrency and toward other forms of value transfer.

5. Ransomware groups following less financial interest, but more destructive activity

As the geopolitical agenda increasingly occupies the attention not only of the public but also of cybercriminals, ransomware groups are expected to make demands for some form of political action instead of asking for ransom money. An example of this is Freeud, brand-new ransomware with wiper capabilities.

“We are predicting two major scenes inside the ransomware landscape in the upcoming year. One of them will be the usage of destructive ransomware with the unique purpose of resource destruction and the impact of what we call ‘regional attacks’, where certain families only impact certain regions. For instance, the mobile malware landscape made a big evolution in Latin American region, bypassing the security methods applied to banks such as OTP and MFA. The Malware-as-a-service is another important thing to observe as this kind of underground service is commonly observed around ransomware attacks impacting larger organisations,” says Marc Rivero, a senior security researcher at Kaspersky’s Global Research and Analysis Team.

Financial predictions are part of Kaspersky’s Vertical Threat Predictions for 2023, one of the segments of the Kaspersky Security Bulletin (KSB) – an annual series of predictions and analytical reports on key shifts in the cybersecurity world. Follow this link to look at other KSB pieces.