According to the Kaspersky Security Bulletin an annual series of year-end predictions and analytical reports on key developments in the world of cybersecurity one of the trends is that, as attacks with traditional malware for PCs decrease, financial cyber threats for smartphones increase. In the case of Peru, the increase in users affected by mobile threats increased by 104%.
Another interesting fact is that regulatory compliance, such as personal data protection laws, will be used as a weapon in the hands of attackers. ransomware. “This occurs because failure to comply with these laws can result in significant penalties, which creates a double threat: that of the ransomware itself and the legal and financial consequences associated with regulation. “It would be a kind of ‘double extortion,’ where they not only threaten to encrypt data and cause operational disruptions, but also to report or publicly disclose regulatory violations,” he explained to The Commerce Fabio Assolini, director of the Kaspersky Global Research and Analysis Team for Latin America, head of this report.
For Assolini, knowing in advance the financial threats that users and institutions will face next year is very useful for planning an optimal defense. “It is necessary to take preventive measures, use the appropriate tools, train workers and be prepared for potential threats,” he added.
1. Artificial intelligence
A year ago we talked about cyberattacks with artificial intelligence and now a sophistication of this modality is predicted by 2025. Cybercriminals are expected to perfect their fraudulent messages in several languages and deepfakes with extremely credible quality.
The emergence of AI enables the creation of content for scams in an automated way. These tools will be used to generate advertisements, phishing emails, and fake websites that will imitate legitimate communication channels, making it difficult to distinguish between genuine and fraudulent content.
However, according to the report, there is also increased adoption of AI to improve anomaly detection, accelerate predictive analysis, automate responses, and enforce policies against emerging threats. We could say that the defense has been strengthened for 2025, given the vulnerability of 2024.
2. Increase in stealers that steal all data to sell
An increase in attacks based on stolen information is anticipated by 2025. Popular stealers, a type of malware designed to steal sensitive information from infected devices, such as Lumma, Vidar and Redline, will continue to adapt to resist pressure from authorities and adopt new techniques.
Stealers are designed to operate stealthily on the infected device. New actors will appear and the stolen information will be used in various ways.
3. Growth of attacks against central banks and open banking initiatives
Open banking is sharing users’ financial information via an application programming interface called API, which is how they are integrated. Access to this information allows the development of financial services tailored to customer needs.
APIs can be vulnerable to abuse, where attackers manipulate API endpoints to gain unauthorized access to sensitive data
Instant payment systems managed by central banks will be a constant target of cybercriminals, who could access sensitive data.
4. Increase in attacks on the supply chain in open source projects
A backdoor is a ‘secret door’ that allows remote user access to devices. Viruses can arrive in different ways such as previously installed on the system, downloaded in files and phishing or through the exploitation of vulnerabilities in the system by cybercriminals.
The open source community is expected to detect both new attack attempts and previously implemented backdoors.
5. Emergence of new blockchain-based threats
New blockchain protocols will emerge, a technology that allows recording transactions and tracking assets in a decentralized and public way, due to the need for a secure and private network based on blockchain and peer-to-peer technology. As a result, new malware will be developed and distributed using these little-known protocols for various purposes.
6. Global expansion of Chinese-speaking crimeware
It is predicted that cybercriminals of Asian origin will move to Latin America, due to the large amount of business they bring from that part of the world to our region. There is no major difference with other cybercriminals, except that they do not hide their origin.
Several Chinese crimeware families emerged covertly, attacking users outside their common attack area, Asia, and then targeting users in Europe and Latin America, primarily through Android banking Trojans and phishing campaigns. that aim to clone credit cards.
At the same time, some advanced attacks such as DinodasRAT were also identified. An even more notable expansion of Chinese crimeware to other countries and markets is predicted as it explores new opportunities and increases the frequency of its attacks.
7. Synthetic data poisoning via ransomware
Ransomware will covertly manipulate or introduce erroneous data into databases, rather than just encrypting the data. Even if decrypted, this “data poisoning” technique calls into question the accuracy of all of a company’s information.
8. Quantum Encryption Resistant Ransomware
Advanced ransomware organizations will begin to use post-quantum cryptography as quantum computing advances. The encryption techniques of this “quantum-proof” ransomware are designed to resist decryption attempts from both classical and quantum computers, making it extremely difficult for victims to recover their data.
9. Proliferation of ransomware as a service
Growth is expected in ransomware as a service (RaaS): less experienced actors will be able to launch sophisticated attacks with kits that cost as little as $40, which will increase the frequency of incidents.
10. Smartphones
Financial cyberattacks directed at smartphone users will grow, due to the amount and frequency of daily money that moves through these technological devices. In 2024, in Latin America, the number of users affected by mobile threats increased 70% in this period and this trend is expected to continue in 2025.