Yury Namestnikov, Head, Global Research and Analysis Team, Kaspersky
1. Attacks against Libra and TON/Gram
The successful launch of cryptocurrencies such as Libra and Gram might lead to the worldwide spread of this type of asset, which naturally will attract the attention of criminals. Given the serious surge in cybercriminal activity during the rapid growth of Bitcoin and altcoins in 2018, we predict that a similar situation will most likely unfold around Gram and Libra. Large players in this market should be especially careful, as there are a number of APT groups, such as WildNeutron and Lazarus, whose interests include crypto assets. They are very likely to exploit these developments.
2. Reselling bank access
During 2019, we witnessed cases where groups who specialise in targeted attacks on financial institutions appeared in the victims’ networks after intrusions by other groups that specialize in selling rdp/vnc access, such as FXMSP and TA505. These facts are also confirmed by underground forums and chat monitoring. In 2020, we expect an increase in the activity of groups specialising in the sale of network access in the African and Asian regions, as well as in Eastern Europe. Their prime targets are small banks, as well as financial organisations recently bought by big players who are rebuilding their cybersecurity system in accordance with the standards of their parent companies.
3. Ransomware attacks against banks
This forecast logically follows from the previous one. As mentioned above, small financial institutions often become the victims of opportunistic cybercriminals. If these criminals cannot resell access, or even if it becomes less likely that they will be able to withdraw money, then the most logical monetisation of such access is ransomware. Banks are among those organisations that are more likely to pay a ransom than accept the loss of data, so we expect the number of such targeted ransomware attacks to continue to rise in 2020. Another ransomware attack vector against small and medium financial institutions will be a ‘pay-per-install’ scheme. Traditional botnets will eventually turn into increasingly popular delivery mechanisms against financial institutions.
4. 2020: the return of custom tooling
Measures taken by antivirus products to effectively detect open source tools used for pen testing purposes, and the adoption of the latest cyberdefense technologies, will push cybercrime actors to return to custom tooling in 2020 and also invest in new Trojans and exploits.
5. Global expansion of mobile banking Trojans: result of leaked source
Our research and monitoring of underground forums suggests that the source code of some popular mobile banking Trojans was leaked into the public domain. Given the popularity of such Trojans, we expect a repeat of the situation when the source code of ZeuS and SpyEye Trojans were leaked: the number of attempts to attack users will increase at times, and the geography of attacks will expand to almost every country in the world.
6. Investment apps on the rise: new target for criminals
Mobile investment apps are becoming more popular among users around the globe. This trend won’t go unnoticed by cybercriminals in 2020. Given the popularity of some fintech companies and exchanges (for both real and virtual money), cybercriminals will realise that not all of them are prepared to deal with massive cyberattacks, as some apps still lack basic protection for customer accounts, and do not offer two-factor authentication or certificate pinning to protect app communication. Several governments are deregulating this area and new players are appearing every day, becoming popular very quickly. In fact, we have already seen attempts by cybercriminals to substitute the interfaces of these apps with their own malicious versions.
7. Magecarting 3.0: even more attacker groups and cloud apps to become prime targets
Over the past couple of years, JS skimming has gained immense popularity among attackers. Unfortunately, cybercriminals now have a huge attack surface that consists of vulnerable e-commerce websites and extremely cheap JS skimmer tools available for sale on various forums, starting at £150 ($200). At the moment we are able to distinguish at least 10 different actors involved in these types of attacks and we believe that their number will continue to grow during the next year. The most dangerous attacks will be on companies that provide services such as e-commerce as a service, which will lead to the compromise of thousands of companies.
8. Political instability leading to the spread of cybercrime in specific regions
Some countries are experiencing political and social upheaval, resulting in masses of people seeking refugee status in other countries. These waves of immigration include all sorts of people, including cybercriminals. This phenomenon will result in the spread of geographically localised attacks in countries that have not previously been affected by them.
HOW ENTERPRISE INFORMATION MANAGEMENT, CLOUD AND ANALYTICS WILL IMPACT FINANCIAL SERVICES IN 2020
Richard Mill, director at Business Systems (UK) Ltd
Business Systems’ Will Davenport on which drivers of change will most affect the financial services sector in 2020
Recent multi-million pound fines levied on financial services firms such as Tullet Prebon have acted as a wake-up call to City CIOs. That’s because the FCA now includes Voice as a record medium, and is no longer prepared to tolerate delays in locating conversations it is examining.
As a direct result, we will witness the formal incorporation of Voice as a peer form of information storage to email, text or internal documentation. That’s not happened to date as it’s historically been an unstructured and fairly unwieldy medium, but modern technology is completely changing that picture.
City firms are starting to manage all their various data assets by using an EIM (Enterprise Information Management) approach. This is a discipline centred on being able to integrate all your data into one structure and applying the right archiving and retrieval workflows across everything you do: we therefore anticipate a great deal of interest in audio-enabled EIM project work in 2020.
Cloud sweeps all before it
In 2020, the cloud tide will be unstoppable. That’s partly because people are used to accessing applications in the cloud or storing data there, but there’s now going to be a push to use cloud as a way to centralise the bank’s IT systems. The argument as to whether the cloud is insecure has long been settled with City CIOs judging cloud as often safer than their existing on-premise solution.
As a result, there’s no reason to continue paying for expensive hardware that requires tending, patching and upgrading. In 2020, look for cloud trading turrets with the back-end being remote and offering porting of voice records into the cloud. That latter step may be a challenge for financial services firms with multiple and legacy voice recording platforms in place, so the cloud move may lead to overdue rationalisation and integration projects.
Ultimately, the cloud represents a whole new approach to consuming IT and building apps in the Square Mile. Financial services firms are frustrated with devoting too much resource to old mainframe systems when they would like the modern technology infrastructure in place to support them to be more agile. Cloud will be very liberating for the sector.
Strong analytics user cases emerge
Analytics technology has evolved and what used to be referred to as dumb data is now a source of business intelligence. Useful data hidden in audio files that used to be discoverable through hours of transcription can now be processed in modern speech analytics systems — making what was originally inert, unstructured data become structured data, which can be easily queried in order to spot patterns and find interesting anomalies.
I predict that in the new decade using speech analytics financial services firms will finally gain a richer understanding of what their customers ask for and find problematic, as data mining probes can be run over a vast set of customer interactions.
It will mean trading floor managers will have even better detection and forensic tools at their disposal to understand what’s happening, which will be a win-win for customer and regulator alike.
In 2020, Voice will be seen an important strategic asset for the financial services firm CIO.
WILL BLOCKCHAIN REVOLUTIONIZE FINANCE?
By Ken Timsit, ConsenSys
Over the last 10 years, researchers, software developers, start-ups, and large companies have been conducting experiments aimed at determining whether networks based on blockchain technology can ultimately – in whole or in part – replace the infrastructure on which financial institutions and capital markets are built.
In today’s electronic databases, any information can theoretically be replicated at will. This is why most governments allow only regulated actors to keep records of digitized assets (banks, depositories), to avoid pitfalls such as the execution of misleading transactions or the creation of artificial assets. With blockchain, these pitfalls can be avoided at the source code of the technology, which is available to all members of the network. The creation of Ethereum enabled a more robust blockchain network capable of “smart contracts”, which once programmed, can run automatically without the results being modified or manipulated.
Contrary to what some critics argue, the potential of the blockchain is not the creation of a free and unregulated space in which everyone can invent new financial instruments. Rather, the potential lies in creating a much more efficient and globalized commercial and financial infrastructure, in which many layers of control and intermediation are no longer needed as they are replaced by transparent and immutable IT rules that ensure the same risk management functions.
For example, bonds are essential financial instruments on which a large part of our economy and savings are based. The issue and exchange of a bond requires the intervention of several dozen financial institutions (issuers, intermediaries and investors). Some regulated players in this intermediary chain exist mainly to ensure that it is possible to know, at any time, who holds each bond, in order to guarantee their rights to its bearers.
It is theoretically possible to simplify these stacks of operators by linking them to a global blockchain network, open to all stakeholders in the industry. The blockchain network can thus ensure at any time that the number of outstanding bonds corresponds exactly to the number of bonds issued, and that each exchange transaction is carried out without the risk of default.
The blockchain revolution is first and foremost the reduction of costs and delays caused by the current financial infrastructure. The blockchain revolution also creates innovation opportunities for consumers, savers, and investors.
The Web3 revolution, often used to refer to the blockchain revolution, will be driven by the reduction in transaction costs, allowing the emergence of new peer-to-peer business models that we are not yet able to accurately predict, but which will probably participate in a rebalancing of the relationships between financial institutions and their clients. Some international peer-to-peer payment and loan-to-peer savings investment models are already attracting increasing interest from the most sophisticated consumers.
Where are we in 2020?
Today, the blockchain revolution is still in its infancy. Transaction volumes through blockchain networks, public and private, are low compared to those of existing systems. The fixed costs of the technology are still relatively high, and the user experience leaves something to be desired.
However, innovations abound. It is already possible for me, from my smartphone, to buy digital assets whose value is equal to about one US dollar, and to lend them in three clicks to other users who will pay me between 1% and 10% per year for this service, depending on the type of platform.
The number of large operational business projects is still small, but very promising. Numerous international commodity trading players have joined forces to create Vakt and komgo, two platforms that contribute to a significant simplification of trade and oil financing. Similar and competing projects, Voltron and Marco Polo, are being launched. On the corporate side, the Capbridge 1x platform (Singapore) already allows shares to be traded on an Ethereum blockchain network. Other important projects such as LiquidShare (France), SIX Digital Exchange (Switzerland), Daura (with Deutsche Borse and Swisscom in Switzerland), Synapse (Hong Kong Stock Exchange) are in preparation. The World Bank, Société Générale and Santander have issued bonds on an Ethereum blockchain network. These initiatives are still experimental but have attracted significant interest from financial institutions around the world.
And of course, many projects aim to revolutionize global payments by creating digital assets on blockchain networks that are fixed in Euros, U.S. Dollars or other currencies, such as those of the Monetary Authority of Singapore, the South African Reserve Bank, and Union Bank of the Philippines. Since the announcement of the Facebook-initiated Libra project, many governments have expressed concern about the possibility of private companies controlling global payment flows, and have asked their domestic financial institutions to redouble their efforts to explore competing initiatives.
All of this is to say that adoption is happening, albeit gradually. The middlemen and intermediaries of the financial world will not be replaced overnight. Moreover, the exact formation or architecture of the new financial system is impossible to predict with accuracy. However, it’s safe to say that blockchain will enable a financial system that is more efficient and yields more value-add to consumers, users, and investors.
HOW ENTERPRISE INFORMATION MANAGEMENT, CLOUD AND ANALYTICS WILL IMPACT FINANCIAL SERVICES IN 2020
Richard Mill, director at Business Systems (UK) Ltd Business Systems’ Will Davenport on which drivers of change will most...
CAPITAL MARKETS PARTICIPANTS HAVE HIT A WALL WITH COMPLIANCE, NEW INTERNATIONAL STUDY FINDS
The research suggests that many broker-dealers and other trading entities have come to a fork in the road, where they...
BANKS UNDER ATTACK: HOW FINANCIAL INSTITUTIONS CAN PROTECT DIGITAL GROWTH
By Victor Acin, Threat Intelligence Analyst, Blueliv Financial services firms are increasingly being told to embrace disruption in order...
THE ROLE OF NEW TECHNOLOGY IN DEVELOPMENT OF MYANMAR’S BANKING INDUSTRY
U Htoo Htet Tay Za, Managing Director, AGD Bank Myanmar’s economy is one of the fastest growing in Asia...
WHY 2020 IS THE RIGHT TIME FOR FS MODERNISATION
Chris McLaughlin is chief product and marketing officer at Nuxeo Few would argue against the notion that the UK...
WHAT DOES 2020 LOOK LIKE FOR P2P LENDING?
By Roberts Lasovskis, Investment Platform Lead, TWINO It’s a new year; time for resolutions and forward planning, positivity and...
WHY MAKING MONEY ON YOUR MOBILE IS EASIER THAN YOU MIGHT THINK
Aaron Brooks, Co-Founder of Vamp For Millennials and Generation Z, becoming a social media influencer is an increasingly desired...
DIFFERENTIATION – THE KEY TO THRIVING IN A SATURATED MARKET
Graham Glass, CEO of Cypher Learning What has enabled Cypher to continue to grow in an increasingly saturated market?...
WILL BLOCKCHAIN REVOLUTIONIZE FINANCE?
By Ken Timsit, ConsenSys Over the last 10 years, researchers, software developers, start-ups, and large companies have been conducting...
FIVE FINANCIAL SERVICES TRENDS FOR 2020: BIGTECHS SWOOP IN, BANKS GO ON THE OFFENSIVE AND CRYPTOCURRENCY STALLS
Rahul Singh, president of financial services at HCL Technologies We’ve just finished a very exciting decade in financial services, with new...
COMBATING INSURANCE FRAUD WITH MACHINE LEARNING
By Georgios Kapetanvasileiou, Analytical Consultant at SAS Most insurance companies depend on human expertise and business rules-based software to...
DELIVERING SUCCESSFUL IT SYSTEMS THROUGH THE POWER OF PARTNERSHIPS
By Mike Smith, Executive Director, Virgin Media Business (Direct) Is there anything more frustrating than finding out your bank account...
BATTLEFACE RECEIVES INVESTMENT FROM FINTECH VENTURES FUND
battleface Inc., a rapidly growing tech-enabled insurance startup focused on providing travel insurance products for unconventional travellers worldwide, announced today...
VANQUIS BANK PARTNERS WITH HOOYUTO DIGITALISE KYC PROCESSES
HooYu KYC digital journey deployed during the customer lifecycle on a risk-based approach Leading customer onboarding and KYC technology...
WHY NEOBANKS ARE ON THE RISE IN THE UK
New research by SmallBusinessPrices.co.uk analyses how neobanks are on the rise and why they’re so popular amongst consumers compared to...
RECOLLECTING 2019 CRYPTOCURRENCY TRENDS & LOOKING FORWARD TO 2020
Marie Tatibouet is the CMO at Gate.io It has been a bold and progressive year for the digital asset...
WILL HONG KONG REMAIN THE JURISDICTION OF CHOICE FOR OFFSHORE BANKING?
Hong Kong has traditionally been seen as a tax haven and the financial hub of Asia, if not the world....
HOW CHARITIES CAN MEET TOMORROW’S DIGITAL CHALLENGES?
By Steve Georgiou, Business Consultant at Xpedition Charities are under constant scrutiny for how they handle their finances. Budgets...
RECALL YOUR REPUTATION: HOW TO HANDLE PRODUCT RECALLS
By Alex Balcombe, Partner at Harris Balcombe John Lewis, Tesco, and Hotpoint have all been in the news in...
THE WORLD’S MOST ENTREPRENEURIAL COUNTRIES PERFECT TO START A BUSINESS IN
Latona’s has analysed The Global Entrepreneur Monitor data to reveal the world’s most entrepreneurial nation. Analysing each country by a...