According to the company statement, while the financial threat landscape has improved dramatically over the past few years, Kaspersky experts believe that it is no longer sufficient to look at threats to traditional financial institutions, but rather to evaluate financial threats as a whole. The cybercrime market is thriving broadly, with the overwhelming majority of attackers pursuing the sole purpose of financial profit. This year, Kaspersky researchers decided to adjust their forecasts accordingly and expanded them to cover both crimeware developments and financial cyber threats. By analyzing the key events and trends that make up both the crimeware and financial threat landscape in 2022, Kaspersky researchers predicted several key trends expected in 2023. In this context, Web3, which is managed by gamers and other entertainment sectors, continues to attract attention, while threats are also directed to this area. With the increasing popularity of cryptocurrencies, the number of crypto scams is also increasing. However, users are now much more knowledgeable about crypto and it is harder than ever to fall prey to primitive scam schemes. Cybercriminals will continue their fraudulent activities using fake ICOs, NFTs and other crypto-based financial thefts. Along with the exploitation of flimsy smart contracts, criminals will continue to use and create more advanced methods to replicate their crimes. “Malware installers will become the most popular products in the underground market” Although many actors have their own malware, this alone will not be enough. All of the samples consisted of ransomware alone. However, when the ransomware has different types of modules, it is easier for the threat to evade detection. As a result, attackers now pay much more attention to file downloaders and uploaders that can avoid detection. This has become a major commodity in the Malware as a Service (MaaS) industry, and the Darknet already has favorites among cybercriminals, such as the Matanbunchus downloader. As a result, secrecy and circumvention of EDRs will be the focus of malicious installer developers in 2023. More new penetration testing frameworks will be implemented by cybercriminals. As various vendors create and develop penetration testing frameworks such as Brute Ratel C4 and Cobalt Strike to protect companies, crimeware actors are expected to use them much more actively for illegal activities. With the development of new penetration tools, cybercriminals will increasingly use frameworks for their own malicious purposes. “Ransomware negotiations and payments will rely less on Bitcoin as a transfer of value” As sanctions against ransomware payments continue to be imposed, as markets become more streamlined, and technologies evolve at tracking the flow and sources of Bitcoin (and sometimes withdrawing salient transactions), cybercriminals will move away from this cryptocurrency and turn towards other forms of value transfer. . Ransomware groups will engage in more disruptive activities, with targeted work on the financial side. As the geopolitical agenda increasingly occupies the attention of not only the public but also cybercriminals, ransomware groups are expected to demand some form of political action rather than asking for ransom money. An example of this is Freeud, a brand new ransomware with deletion capabilities. Marc Rivero, senior security researcher at Kaspersky’s Global Research and Analysis Team, commented: “We anticipate two major scenes in the ransomware landscape in the coming year. One is the use of destructive ransomware for the unique purpose of destroying resources. and there will be ‘regional attacks’ where certain types of attacks only affect certain regions. For example, the mobile malware landscape has evolved greatly in the Latin America region, succeeding in circumventing the security methods applied to banks such as OTP and MFA. This type of underground service affects larger organizations Malware as a service (MaaS) is another prominent factor to watch, as it is commonly observed around ransomware attacks.” (AA)