Lord777
Professional
- Messages
- 2,577
- Reaction score
- 1,563
- Points
- 113
Cybercrime is a special world that lives by its own laws. Russian hackers are indeed the most dangerous there, but there are also North Korean, Chinese and Iranian groups. They engage in industrial espionage, take over the Internet of Things, and can use one smartphone to break all the others over Wi-Fi
Users of online banking can no longer worry about conducting financial transactions using computers: attacks on individuals are a thing of the past. According to statistics that Group IB presented at the Cyber Crime Con (conference on cybercrime) in Moscow on October 9, this type of fraud has decreased by 100%, that is, it has completely disappeared from the Russian field of cybercrime. Group IB is an international company specializing in cyber defense. According to its data, the number of attacks aimed at stealing financial resources on users of android devices also decreased (by 77%), the number of robberies through corporate computers (by 12%) and the number of targeted attacks on banks using computers (by 20%). However, against this background, the scale of crime of a different kind has increased.
In addition to vulnerabilities in mobile banks, hackers still steal money through the SWIFT interbank transfer system and from bank cards (carding). The most active and dangerous groups for banks around the world are Cobalt, MoneyTaker, and the North Korean Lazarus group. In 2018, a new hacker group was revealed — Silence. Attackers from these groups are able to break into a bank, get to isolated financial systems and withdraw money. Cobalt is still one of the most active and aggressive groups, consistently attacking financial organizations in Russia and abroad 2-3 times a month.
On average, every month in Russia, cybercriminals successfully attack 1-2 banks; the average damage from the attack is 132 million rubles ($2 million). Thus, over the past year (since the second quarter of 2017), according to Group IB statistics, 1.3 billion rubles were stolen through electronic banking systems.
Three groups of these four are Russian-speaking. However, this does not mean that the groups operate from Russia. Hackers may deliberately leave a digital footprint: for example, Russian words written in transliteration may appear in the malware codes that they infect victims ' systems.
A new field of activity for cybercriminals appeared with the development of the crypto industry and phishing attacks: about 56% of all funds stolen from ICOs were stolen using phishing attacks. In 2017 and 2018, hackers ' interest in attacks aimed at hacking crypto exchanges (most likely, in most cases, the Lazarus group was behind these crimes) and cryptojacking (hidden mining) increased. The damage from hacking 14 cryptocurrency exchanges amounted to more than $882 million, and from the "51%" attack, when 51% of the mining capacity is taken under control in order to seize control of the cryptocurrency, — $18 million.
By the way, the damage caused by phishing attacks in the fiat world is difficult to assess: only according to official data in Russia, attackers managed to steal 251 million rubles. At the same time, phishing sites are disguised not only as web pages of banking services, but also online stores. For example, most recently, with the release of the iPhone XS and iPhone XS Max, analysts estimated the damage from phishing sites for buyers at $500,000.
The main focus of such threats is gradually shifting from the financial sphere to pro-government deployments in the networks of critical infrastructure facilities in the energy, nuclear, commercial, water, aviation and other sectors in order to ensure a long-term presence, sabotage and espionage of companies. In this case, the laws of individual states may contradict each other, which greatly complicates the investigation of cybercrime. "Until the world is on the verge of disaster or until such a catastrophe actually occurs, states will continue to slow down the process of adopting a single relevant legislation," says Ilya Sachkov, CEO and founder of Group — IB.
The landscape of such APT threats (Advanced Persistent Threat-"advanced persistent threat", targeted cyberattack), specific to each region, is constantly changing, which makes it difficult to detect groups and identify their origin. Hackers from North Korea, Pakistan, China, the United States, Russia, Iran and Ukraine remain the most active.
A striking example of such attacks today is the interference of hackers from Russia in the US election race in 2016, when WikiLeaks published Hillary Clinton's emails. An investigation published in the New York Times says that two Russian hacking groups that are likely supported by the Kremlin were involved in the hack: CozyBear (also known as "APT 29" or Dukes) and GRU FancyBear (also known as "APT 28" or Pawn Storm). And although Julian Assange himself denied that hackers were involved in the process of gaining access to private correspondence, no evidence of non-involvement was provided.
In February 2018, Konstantin Kozlovsky, a member of the Lurk hacker group, confessed at a meeting of the Moscow City Court to attacks on the US Democratic Party and the World Anti-Doping Agency (WADA), as well as involvement in the Russian hacker groups CozyBear and GRU FancyBear, which today remain among the most active in the Internet space.
Interpol may intervene in the investigation of such crimes that involve the interests of several countries at once. According to Dmitry Volkov, Technical Director, head of Threat Intelligence and co-founder of Group-IB, Group-IB did not have any precedents when the interests of individual clients would intersect with the interests of Interpol. However, with the introduction of laws like the GDPR, it will become increasingly difficult for companies that ensure information security, including those that guarantee the security of customer data storage, to evade the law.
According to Positive Technologies ' statistics, hackers have become less likely to use malware to conduct attacks (49% instead of 63%), but, according to Group IB, they have become more likely to find and exploit "gaps" in hardware, since such vulnerabilities cannot be quickly and effectively closed using software updates. Attacks on Wi-Fi networks and private routers have also become more frequent: by breaking into such a network and hacking one device, you can get access to all the others.
This is also associated with the danger of attacks on IoT: through the network, you can access information, passwords and data, or simply redirect all computing power to cryptojacking and increase your cryptocurrency assets.
While the level of activity of cyber attacks in some areas is decreasing, in others it continues to grow. It would seem that it is beneficial for cybersecurity companies to ensure that the cyber threat persists — otherwise they themselves will be out of work. But the fact remains that in most cases they only catch up with hackers, working with attacks that have already occurred and searching for vulnerabilities that allowed attackers to enter the system. And if they don't talk about cyber threats or attacks, it doesn't mean that they don't exist. This means that the security guards haven't noticed them yet.
(c) https://www.forbes.ru/tehnologii/367863-novosti-kibeprestupnosti-karding-i-kriptodzheking
Users of online banking can no longer worry about conducting financial transactions using computers: attacks on individuals are a thing of the past. According to statistics that Group IB presented at the Cyber Crime Con (conference on cybercrime) in Moscow on October 9, this type of fraud has decreased by 100%, that is, it has completely disappeared from the Russian field of cybercrime. Group IB is an international company specializing in cyber defense. According to its data, the number of attacks aimed at stealing financial resources on users of android devices also decreased (by 77%), the number of robberies through corporate computers (by 12%) and the number of targeted attacks on banks using computers (by 20%). However, against this background, the scale of crime of a different kind has increased.
Vulnerable point
Kaspersky Lab experts also confirm the Group IB data: "Indeed, there are no Trojans on PCs that steal access to online banking for individuals right now. Sometimes there are attacks on owners of electronic wallets and users of online crypto exchanges. Criminals in our region mainly attack legal entities or users of mobile applications. For example, this year large news resources were attacked several times in order to infect accounting computers."In addition to vulnerabilities in mobile banks, hackers still steal money through the SWIFT interbank transfer system and from bank cards (carding). The most active and dangerous groups for banks around the world are Cobalt, MoneyTaker, and the North Korean Lazarus group. In 2018, a new hacker group was revealed — Silence. Attackers from these groups are able to break into a bank, get to isolated financial systems and withdraw money. Cobalt is still one of the most active and aggressive groups, consistently attacking financial organizations in Russia and abroad 2-3 times a month.
On average, every month in Russia, cybercriminals successfully attack 1-2 banks; the average damage from the attack is 132 million rubles ($2 million). Thus, over the past year (since the second quarter of 2017), according to Group IB statistics, 1.3 billion rubles were stolen through electronic banking systems.
Three groups of these four are Russian-speaking. However, this does not mean that the groups operate from Russia. Hackers may deliberately leave a digital footprint: for example, Russian words written in transliteration may appear in the malware codes that they infect victims ' systems.
A new field of activity for cybercriminals appeared with the development of the crypto industry and phishing attacks: about 56% of all funds stolen from ICOs were stolen using phishing attacks. In 2017 and 2018, hackers ' interest in attacks aimed at hacking crypto exchanges (most likely, in most cases, the Lazarus group was behind these crimes) and cryptojacking (hidden mining) increased. The damage from hacking 14 cryptocurrency exchanges amounted to more than $882 million, and from the "51%" attack, when 51% of the mining capacity is taken under control in order to seize control of the cryptocurrency, — $18 million.
By the way, the damage caused by phishing attacks in the fiat world is difficult to assess: only according to official data in Russia, attackers managed to steal 251 million rubles. At the same time, phishing sites are disguised not only as web pages of banking services, but also online stores. For example, most recently, with the release of the iPhone XS and iPhone XS Max, analysts estimated the damage from phishing sites for buyers at $500,000.
Borderline liability
Often, many cybercrimes, whether conducted for the purpose of industrial or political espionage or not, can be organized from the territory of one country, violate the laws of another, and at the same time be financed by a third.The main focus of such threats is gradually shifting from the financial sphere to pro-government deployments in the networks of critical infrastructure facilities in the energy, nuclear, commercial, water, aviation and other sectors in order to ensure a long-term presence, sabotage and espionage of companies. In this case, the laws of individual states may contradict each other, which greatly complicates the investigation of cybercrime. "Until the world is on the verge of disaster or until such a catastrophe actually occurs, states will continue to slow down the process of adopting a single relevant legislation," says Ilya Sachkov, CEO and founder of Group — IB.
The landscape of such APT threats (Advanced Persistent Threat-"advanced persistent threat", targeted cyberattack), specific to each region, is constantly changing, which makes it difficult to detect groups and identify their origin. Hackers from North Korea, Pakistan, China, the United States, Russia, Iran and Ukraine remain the most active.
A striking example of such attacks today is the interference of hackers from Russia in the US election race in 2016, when WikiLeaks published Hillary Clinton's emails. An investigation published in the New York Times says that two Russian hacking groups that are likely supported by the Kremlin were involved in the hack: CozyBear (also known as "APT 29" or Dukes) and GRU FancyBear (also known as "APT 28" or Pawn Storm). And although Julian Assange himself denied that hackers were involved in the process of gaining access to private correspondence, no evidence of non-involvement was provided.
In February 2018, Konstantin Kozlovsky, a member of the Lurk hacker group, confessed at a meeting of the Moscow City Court to attacks on the US Democratic Party and the World Anti-Doping Agency (WADA), as well as involvement in the Russian hacker groups CozyBear and GRU FancyBear, which today remain among the most active in the Internet space.
Interpol may intervene in the investigation of such crimes that involve the interests of several countries at once. According to Dmitry Volkov, Technical Director, head of Threat Intelligence and co-founder of Group-IB, Group-IB did not have any precedents when the interests of individual clients would intersect with the interests of Interpol. However, with the introduction of laws like the GDPR, it will become increasingly difficult for companies that ensure information security, including those that guarantee the security of customer data storage, to evade the law.
New Horizons
The format of cybercrime is changing from year to year. Initially, with the introduction of computer technology and Internet technologies, malicious programs and ransomware viruses appeared. Gradually, with the development of hacker espionage methods, they transformed into mailbox hacks, then the main threat moved to the darknet and the cryptocurrency industry, and now hackers are gradually taking over the Internet of Things. At the same time, the ultimate goal of hackers is still money: even if you have stolen not money, but information, hackers or direct customers will still try to sell it.According to Positive Technologies ' statistics, hackers have become less likely to use malware to conduct attacks (49% instead of 63%), but, according to Group IB, they have become more likely to find and exploit "gaps" in hardware, since such vulnerabilities cannot be quickly and effectively closed using software updates. Attacks on Wi-Fi networks and private routers have also become more frequent: by breaking into such a network and hacking one device, you can get access to all the others.
This is also associated with the danger of attacks on IoT: through the network, you can access information, passwords and data, or simply redirect all computing power to cryptojacking and increase your cryptocurrency assets.
While the level of activity of cyber attacks in some areas is decreasing, in others it continues to grow. It would seem that it is beneficial for cybersecurity companies to ensure that the cyber threat persists — otherwise they themselves will be out of work. But the fact remains that in most cases they only catch up with hackers, working with attacks that have already occurred and searching for vulnerabilities that allowed attackers to enter the system. And if they don't talk about cyber threats or attacks, it doesn't mean that they don't exist. This means that the security guards haven't noticed them yet.
(c) https://www.forbes.ru/tehnologii/367863-novosti-kibeprestupnosti-karding-i-kriptodzheking
