What banking cyberattacks will look like in 2024: ChatGPT fraud, home banking attacks, and more

Cyber ​​attacks on the banking sector have been very present in 2023. Trojans and phishing have been a constant. But ubiquitous artificial intelligence has played a key role that could define the threat landscape of 2024.

With 50% growth in Latin America according to cybersecurity firm Kaspersky, banking threats are a constant in the world of cybersecurity. And from this 2023 base, the company is already thinking about what 2024 might look like, something that is in line with other companies developing telemetry, as well as independent analysts.

“The main conclusion we can draw from our predictions is that cybercrime is simplifying its operations. This result indicates that the most common scams, such as ransomware and financial fraudthey are at a stage of maturation where cybercriminals already know what they should do and are reducing the effort needed to be profitable,” explained Fabio Assolini, director of the Global Research and Analysis Team for Latin America at Kaspersky.

consulted by Clarionmalware specialist Agustín Merlo explained that a very common type of attack continues to be to deceive the user with fraudulent sites.

“Overlay RATs are malicious programs created specifically to detect when the victim connects to their bank and then visually manipulate what they see to make a transfer to another account. This, together with phishing, continues to prevail: although it is still very common to see various fraudulent sites imitating banks, there is also a tendency to imitate sites of violations, procedures, top-ups and travel”, he assured.

Here are the threats that have been a constant in 2023 and what the outlook could be for next year.

Artificial intelligence and ChatGPT in favor of cybercrime

“When it comes to attacks on machine learning models, we see that the common ones continue to be manipulation of the data input to fool the model, data poisoning, attacks on investments to steal sensitive information. With respect to utility, the development of cybersecurity-related tools would be accelerated, both those used by ethical hackers and those used by cybercriminals,” Merlo explained.

According to Kaspersky, this will be an issue to watch out for in 2024. “These tools will be used to generate fake ads, emails and websites that imitate companies’ legitimate channels and platforms.” financial institutions, making it difficult to distinguish between authentic and fraudulent content,” they explain.

“This AI-driven approach will lead to a proliferation of low-quality malicious campaigns, as the barrier to entry for cybercriminals will decrease and the potential for fraud will increase,” they add.

Payment app scams

Digital payment methods such as Mercado Pago in Argentina are increasingly used. In Brazil, Pix is ​​the most used. The truth is that this year they have been a constant and have also targeted the media. contactless. “Digital wallets, contactless systems or instant payment and account to account (A2A) systems – such as PIX in Brazil, FedNow in the United States and UPI in India – are examples of the boom in the adoption of new forms for carrying out banking transactions ”, they explained.

The underlying problem is that, since these platforms are connected to the network, this facilitates the activities of criminals. “Kaspersky experts expect to find new banking malware – in particular mobile banking Trojans – designed to carry out fraud using the functionality of these digital payment systems,” they add.

At the end of last month, in fact, a fake app appeared in Argentina which claimed several victims.

Banking Trojans and malware

A Trojan is a type of malware that masquerades as legitimate or useful software, but actually contains malicious instructions for the user’s device. Trojans can have different goals, for example spy on, steal, modify or delete dataor allow attackers remote access to the infected system. One of them is the RAT, or Remote Access Tool, a type of tool that attempts to gain remote access to an attacker’s device.

“The trend was mainly RAT-type malware, probably coming from Brazil, including those known by the names ‘Mekotio’ and ‘Grandoreiro’. These RATs spread via fake emails about fines or invoices. The main functionality of these RATs is lock the victim’s screen Once you have accessed your home banking while behind the scenes cyber criminals are making transfers to mule accounts, when they request the Token, the criminals convince the victim to insert it themselves from their computer”, explains Merlo.

“Among other malicious programs there are also the famous ‘Thieves“led by the known”Red line‘. In most cases they enter the victim’s computer when cracks for licensed programs or games and “cheats” for games are installed. The main functionality is to transfer all browser credentials, history, cookies and files with sensitive information to the server controlled by cyber criminals, it adds.

Kaspersky also highlights Brazil’s presence in the development of these malware. “Banking Trojans will continue their global expansion, especially those created and spread from Brazil. With the rapid adoption of new digital payment methods, It is possible that families of this type of malware that already use the technique of redirecting electronic transfers from infected smartphones (BRats, Yaats, GoatMW, CriminalMW and BrAngler) are exported to other countries”, they explain.

The most targeted ransomware

Ransomware attacks have been a constant in 2023. In Argentina, companies like La Segunda or public institutions like PAMI and UBA have been victims of this type of attacks that encrypt the victim’s information to extort them. And although this is something more corporate, experts do not rule out that end users can do it be affected by these attacks.

“This trend aims to expand the chances of success to receive ransom payment or request larger sums of money. This will make the threat even more targeted and harmful to financial institutions and businesses. Kaspersky experts also predict that the criminal affiliation ecosystem will feature a more fluid structure, with members often rotating or working for several groups at the same time. This adaptability will make law enforcement’s work increasingly difficult when it comes to detecting and combating ransomware,” Kaspersky explained.

Telephone and donation fraud

“Telephone fraud has occurred again this year, both through calls and messages, among the most common attacks are those that convince the victim to give up control of their WhatsApp to the attacker or even those that impersonate an entity paid for the service. a procedure or to obtain data from the victim’s account”explains Merlo.

Furthermore, a more curious type of scam has grown a lot: donations. “Regarding donations, many people change their alias to one similar to a donation campaign so that people who, due to a typo (and who also do not confirm the entered alias data) send money to the wrong person”, he closes.

Finally, the specialist gives some advice to protect yourself:

• Having an updated antivirus can help detect some types of malware but in many cases it can fail.

• As for emails, check the source of the email, if it has a link check that it goes to the site, if you have any suspicions call the organization or check by entering the site of the company in question yourself.

• It is advisable in cases where multiple people or family members use the same computer at home or at work, that each one has their own user in the operating system.

Of course, absolute security does not exist, but is relative to each context. Having your guard up and your defenses active, however, helps you avoid falling into the trap.