In the next year, the main source of losses for banks from cyber-attacks will not be theft of money, but destruction of their IT infrastructure during the final stages of a targeted attack. Banks used to be attacked by cybercriminals. Today, state-backed hackers are also doing this much more frequently. By destroying IT infrastructure cybercriminals will attempt to cover their tracks during thefts, while the aim of state-sponsored hackers will be to maximize the damage to banks and discontinue banking operations. In both cases, the damage done to banks may be even greater than the amount of funds stolen due to service interruptions and the resulting reputational and regulatory impact.
Hackers are increasing their focus on the crypto industry (ICO, wallets, exchanges, funds), which have been accumulating increasingly large capitalisations and funds. In technical terms, the attacks against service providers in this sector are no more difficult than against banks, however the information security in place and maturity of blockchain companies is significantly lower. A further motivation for criminal attackers is that blockchain technologies are more anonymous and unregulated – this considerably reduces the risk of being caught during money withdrawal.
Hackers will now successfully attack more industrial facilities as they have learnt how to work with the “logic” of critical infrastructure. These facilities use complex and unique IT systems: even if one gains access to them, specific knowledge about the principles of their operation is needed to conduct attacks. Over the past year, we have observed that hackers’ competence has increased along with their capacities to impact critical infrastructure. Therefore, we now forecast new large-scale incidents targeting industrials and related core infrastructure.
BlackEnergy group continues to attack financial and energy companies. The group uses new tools that allow Remote terminal units (RTUs) responsible for the physical opening/closing of power grids to be remotely controlled. Test attacks on power generating companies in the UK and Ireland were tracked in the summer of 2017.
HI-TECH CRIME MARKET ASSESSMENT
The growth in the number of attacks and the totals stolen is a significant indicator of hackers’ capabilities, which drive changes in their tactics and targets. The majority of attackers follow the money, and if they find more efficient and safer ways to earn it, they start investing in them, creating new tools, services, and attack schemes.
In Russia, the amount of losses caused by theft from legal entities is still in decline, but the loss caused by Android banking Trojans is still on the increase. The number of targeted attacks on banks and payment systems is on the rise, but hackers have earned the majority of their profits outside Russia, as we predicted last year.
After phishing attacks on bank clients and payment systems were fully automated, the amount of loss from their activity in Russia became very significant. Every day they attack many more users than banking Trojans, but the net amount of loss is still smaller. However, due to the simplicity of this scheme, an increasing number of criminals are starting to use it.
Development of Hacking Tools
The full version of Hi-Tech Crime Trends 2017 is available on the Group-IB website
Group-IB is one of the global leaders in preventing and investigating high-tech crimes and online fraud and the first Russian supplier of threat intelligence solutions included in Gartner, Forrester, and IDC reports. In order to prevent cyberattacks, Group-IB supplies solutions from its line of early threat detection products. It is a permanent member of the World Economic Forum. Group-IB has the largest criminalistics laboratory in Eastern Europe and a computer emergency response team (CERT-GIB). In 2017, the company became the leader of Russia Threat Intelligence Security Services Market Analysis conducted by IDC. For more details visit:http://www.group-ib.com
(Security Affairs – cybercrime, Crime Trends 2017 report)