Malware-as-a-Service on the rise, ransomware pivots from Bitcoin: Kaspersky predicts crimeware and financial threats in 2023

Woburn, MA, Nov. 22, 2022 (GLOBE NEWSWIRE) -- Woburn, MA – November 22, 2022 – According to a 2023 prediction report today from Kaspersky, next year will see significant demand for malware loaders on the darknet. Instead of developing their own malicious samples, attackers will opt for ready-made services with enhanced detection avoidance. Separately, due to increasing regulations imposed on cryptomarkets, crimeware gangs will move away from Bitcoin and seek other forms of value transfer. These and other predictions are in Kaspersky’s “Crimeware and financial cyberthreats in 2023” report.

Given that the financial threat landscape has been evolving dramatically over the past few years, Kaspersky experts believe it is no longer sufficient to look only at threats to traditional financial institutions, but that it is better to assess financial threats as a whole. The cybercrime market has been developing extensively, with the overwhelming majority of attackers pursuing one goal – financial profit.

This year, Kaspersky researchers have decided to adjust their predictions accordingly, expanding them to encompass both crimeware developments and financial cyberthreats.

By analyzing the significant events and trends that formed both crimeware and the financial threat landscape in 2022, Kaspersky researchers have forecasted several important tendencies expected in 2023. Here are their key predictions:

  • Led by gamers and other entertainment sectors, web3 will continue to gain traction and so will threats to it.

With the increasing popularity of cryptocurrencies, the number of crypto scams has also grown. However, users are now much more aware of crypto and will not fall for primitive scams such as the dubious cryptocurrency scheme that went viral featuring a video with a deepfake “Elon Musk.” Cybercriminals will continue to try stealing from people using fake ICOs and NFTs, and other cryptocurrency-based financial theft. Along with the exploitation of vulnerable smart contracts, criminals will use and create more advanced methods to proliferate their crimes.

  • Malware loaders are to become the hottest goods on the underground market.

Many actors have their own malware, but that alone is not enough. Entire samples used to consist of ransomware alone. But when there are different types of modules in ransomware, it is easier for the threat to evade detection. As a result, attackers are now paying much more attention to downloaders and droppers, which can avoid detection. This has become a major commodity in the Malware-as-a-Service industry, and there are already favorites among cybercriminals on the darknet, for example the Matanbunchus downloader. All in all, stealth execution and bypassing EDRs is what malicious loader developers are going to focus on in 2023.

  • More new penetration testing frameworks will be deployed by cybercriminals.

While various vendors create and improve penetration testing frameworks to protect companies, such as Brute Ratel C4 and Cobalt Strike, crimeware actors are expected to use them much more actively for illegal activities. Along with the development of new penetration tools, cybercriminals will increasingly use the frameworks for their own malicious purposes.

  • Ransomware negotiations and payments will rely less on Bitcoin as a transfer of value.

As sanctions on ransomware payments continue to be issued, the markets become more regulated, and technologies improve at tracking the flow and sources of Bitcoin (and sometimes clawing back conspicuous transactions), cybercrooks will rotate away from this cryptocurrency and toward other forms of value transfer.

  • Ransomware groups will pursue destructive activity over financial interest.

As geopolitics increasingly occupy the attention not only of the public but also of cybercriminals, ransomware groups are expected to make demands for some form of political action instead of asking for ransom money. An example of this is Freeud; brand-new ransomware with wiper capabilities. 

“We are predicting two major scenes inside the ransomware landscape in the upcoming year,” said Marc Rivero, senior security researcher at Kaspersky’s Global Research and Analysis Team. “One of them will be the usage of destructive ransomware with the unique purpose of resource destruction and the impact of what we call ‘regional attacks,’ where certain families only impact certain regions. For instance, the mobile malware landscape made a big evolution in the Latin American region, bypassing the security methods applied by banks such as OTP and MFA. Malware-as-a-service is another important thing to observe as this kind of underground service is commonly found around ransomware attacks impacting larger organizations.”

More information on these predictions is available on Securelist.

These financial predictions are part of Kaspersky’s Vertical Threat Predictions for 2023, one of the segments of the Kaspersky Security Bulletin (KSB) – an annual series of predictions and analytical reports on key shifts in the cybersecurity world.

To review what Kaspersky experts expected to see in 2022, please follow this link.


About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at


Media Contact

Sawyer Van Horn

(781) 503-1866



Contact Data