Cybersecurity trends 2023: Banking Trojans, Phishing

and Ransomware continue to dominate

by César Barreto

The Covid-19 situation has resulted in the acceleration of

digital transformation processes and the formal
establishment of teleworking, which has brought an
increase in cyberthreats to levels never seen before, never
foreseen. Let's remember that Malware is a combination of
two words - "malicious" and "software". This term describes
any form of malicious code regardless of how it affects
victims, how it behaves, or the damage it causes. Malware
includes all types of malicious software including all known
forms of Trojan Horses, Ransomware, Viruses, Worms, and
Banking Malware. For a normal user, it is difficult to detect
which file is malware and which is not. That's why security
solutions exist, including vast databases of previously seen
malicious samples and employing multiple protection
technologies to detect the latest ones.

Today's malware writers are very creative. Their "creations"

spread via vulnerabilities in unpatched systems, bypass
security measures, hide in memory, or mimic legitimate
applications to avoid detection. However, even today, one of
the most effective vectors for infection is the weakest link in
the chain: humans. Well-crafted emails with malicious
attachments have proven to be an efficient and inexpensive
way to compromise a system. And it only takes one click to
achieve it.

The first step is to keep all software up to date, including the

operating system and all applications. Not only to add
features and improvements and fix bugs, but also to patch
vulnerabilities that cybercriminals and their malicious code
could exploit. However, this does not serve to cover all
current threats. In addition, a trusted and up-to-date security
solution is necessary to stop potential attack attempts.
Backups made regularly and stored on an offline hard drive
are another way to counter malware, allowing the user to
easily replace any data that may have been damaged or
encrypted by cyberattackers.

Let's remember and keep in mind a bit of history, The first

recorded virus was Pakistani Brain in early 1986. Its goal
was to be as stealthy as possible. It infected the boot
system of floppy disks and spread globally in a matter of
weeks, something very remarkable since it was only
distributed via 5.25" floppy disks. Since then malware has
evolved in various ways and its creators are always finding
new ways to affect victims. With the Internet, they have a
powerful distribution network that provides them with a
much simpler way to affect potential victims.This will always
be the essential logic of a Hacker, and it remains for us to
practice intelligence and counterintelligence to counteract
them. Some malware families like WannaCryptor spread
indiscriminately by encrypting files and causing global
damage. Others affect more limited groups of victims, such
as companies from a certain country in the case of
Diskcoder.C aka Petya. A recent example of targeted
malware was Industroyer. Discovered by ESET, this
malware attacks industrial control systems used in the
power grid and caused blackouts in Ukraine through the
misuse of legitimate but unsecured protocols. It is one of
the few malware families that is in the same category as
Stuxnet: the first cyber weapon ever used.

Since the pandemic was decreed, there has been a growth

in cyberattacks, such as those against the Remote Desktop
Protocol (RDP) and Ransomware. In 2022, the number of
one billion malicious codes in the world will be reached. But
these types of cyberthreats have not only increased, they
are also more sophisticated. For example, today we talk
about "Fileless Malware", which does not require entering
any file into the system to run the Malware: It can be stored
in the system's volatile memory. That is why monitoring and
prevention technologies are important.
During 2021 and 2022, 5 types of Malware have been
detected:

1) Malicious Torrents: from the Kryptocibule Malware family,

which had not been previously documented. It uses
cryptominers and clipboard hijacking to steal cryptocurrency
and exfiltrate cryptocurrency-related files.

2) Android Threats: Here, Malware in the 'Hidden Apps'

category has dominated for three consecutive quarters in
2022. This cyberthreat consists of deceptive apps, which
disguise themselves as games or utility apps, but after
installation they hide their icons and display full screen ads.

3) IoT Cyberthreats: Being designed with little or no

security, IoT devices are easy targets for cyber attackers. To
infect such devices with malicious bots, attackers can
include them in botnets and exploit them for large-scale
attacks.

4) Malware for Mac: In 2021, the Kattana trading application

for Mac computers was copied and trojanized. The
attackers inserted Malware to steal information such as
browser cookies, cryptocurrency wallets and screenshots,
in 2022, this type of cyberthreat has been completely
neutralized.

5) Malicious emails: In 2022, malicious software distributed

via email will increase. The most frequent detection in 2022
is a Microsoft Office Exploit.

The kidnapping of information increased during 2022,

ransomware is a constant cyberthreat that for a couple of
years has been persistently attacking organizations,
compromising critical infrastructures, such as government,
health and energy institutions, and is becoming more and
more complex. its detection and eradication. Ransomware
and information leaks were consolidated in 2020. In this
article, he points out that the operators behind various
Ransomware families have added another risk to this type
of attack, since in addition to hijacking files, they now
practice extortion, with the cyber threat of leaking the
compromised information. This modality makes use of the
technique called Doxing, which consists of obtaining
confidential data from the victims and threatening to make
them public, unless the extortion is paid. Without a doubt,
this increases the pressure on those affected, since it is not
only about recovering the encrypted information, but also
preventing the stolen data are made public.

As for Banking Trojans, better known as "Bankers"

malicious code widely used in the field of cybercrime, their
function is to steal banking information from users of this
type of service. These data are offered on the black market.
Some people acquire them to carry out criminal activities
such as extortion and fraud. Eleven families of banking
Trojans have been identified around the world.

These families use encryption and obfuscation tools, they

seek to protect the code so that its analysis is difficult and
thus protect the malicious activity they carry out in the
systems. In their programming they include instructions that
do not have a specific action, they are filled, they are
garbage code, to avoid detections. So far, more than 50
financial institutions have been identified as being victims of
identity attacks to deceive their users.

The most widespread cyberthreats in the last 3 years have

been:
1) Ransomware: its developers form organized groups and
offer stolen data from their victims at auctions on the Dark
Web. 203 different variants of Ransomware have been
detected.

2) Exploits: malicious code that tries to take advantage of a

vulnerability in the systems to gain access to the
equipment. Two more widespread families are EternalBlue
(to which the WannaCry virus belongs) and BlueKeep
(remote desktop vulnerability, something that becomes
relevant in 2022 due to the teleworking trend).

3) Spyware: "classic tools" of cybercriminals. It is still key

for them to have a wide reach in the propagation. The
HoudRat Trojan has been at the top of the list since 2020.

4) Phishing: during 2020 the number of detections of files

linked to Phishing campaigns increased by 27% and in
2022 it increased to 53% worldwide. It represents significant
growth, since in 2019 the number of these detections was
15%.

The cost of financial cybercrime has exceeded $600 billion

and as if that were not enough, there is a lack of specialists
since the changes in the cyberthreat landscape and the
variety of new developments in Malware have highlighted
the shortage of professionals in the field of cybersecurity.
According to various studies published at the end of 2019,
4.07 million professionals specialized in the field of
Cybersecurity were needed.