The methods of criminals on the Internet are becoming more sophisticated every year. But in most cases, social engineering still works best.
Let's imagine that a passenger is late for a train to St. Petersburg and tries to purchase a ticket 10 minutes before its departure. There is a queue at the only working cash register, and the machines, for example, do not work. The passenger types in “tickets for Sapsan” into an Internet search engine, then hastily enters his passport information and bank card information on the site that appears first in the search results. But the ticket does not arrive either immediately or later. Is it worth clarifying that the site turns out to be a phishing site and after a few hours it no longer works?
Speaking at the “Territory of Financial Security” conference in mid-November, Ivan Chebeskov, director of the ministry’s financial policy department, said that in April 2023, the director of the administrative department of the Ministry of Finance transferred 3.8 million rubles to a telephone scammer. “We had very high-ranking people in the Ministry of Finance who deal with financial markets and understand, who almost managed to be deceived, because they were caught at certain moments and used certain tricks that were suitable specifically for them at that moment, because they were always on the run, busy. They [the scammers] know how to adapt to this,” Chebeskov said.
Even those who closely follow the reports of cybersecurity specialists fall into such obvious traps. You only need to choose a place and time. Are you in a hurry? Are you upset about something or just tired? Fraudsters are always on the alert, they were just waiting for this moment. Every year they get closer to us, constantly improving their methods to remain undetected until they steal corporate information, personal data, withdraw money or install malicious software on user devices or equipment. So is there a chance to avoid meeting them?
92% of attacks on individual users and 37% of attacks on companies used social engineering methods, the Positive Technologies report notes. The purpose of such attacks in the majority (56%) of cases was data theft. Most often, attacks were carried out through fake phishing sites and emails, as well as social networks and instant messengers. The attackers exploited the themes of employment, delivery services, political events and quick money, including through cryptocurrencies.
In 2023, in attacks on bank clients, there was a trend towards a decrease in attacks related only to social engineering or exclusively to the technological component (for example, hacking of a mobile application), notes SafeTech CTO Pavel Melnichenko. At the same time, the most dangerous types of attacks, in particular a combination of social engineering and attacks on the technical component, are being used by attackers more and more often, he knows. The number of such attacks in the financial sector will grow in 2024, Melnichenko warned.
The tactics of attackers become more complex every year. For example, in August 2023, specialists from the American developer company Imperva published a report on a large-scale phishing campaign using more than 800 phishing domains imitating 340 large companies from around the world. According to experts, attackers created high-quality single-page applications in 48 different languages to steal bank card data.
In addition, cybercriminals combined various deception methods in their attacks. For example, the malicious Letscall toolkit, which was used against individuals in South Korea in July, combines both phishing sites and vishing, a phone-based social engineering scam. Cybercriminals were using a fraudulent site that imitated Google Play to distribute spyware. It not only collected information about the infected device, but also redirected calls to a fraudulent call center if the victim noticed suspicious activity and called the bank. The false operator, relying on the information collected by the spyware, reassured the victim and tricked him into obtaining additional data or forcing him to transfer money to a fraudulent account.
We will observe a galloping growth of “qualified” cyber fraud, including using existing online platforms for e-commerce, bidding, procurement, hiring employees, etc., warns Igor Bederov, head of the investigation department at T.Hunter, NTI SafeNet market expert. Cyber risks also include gaining unauthorized access to big data from marketing companies, which allows identifying the social portrait of each citizen, hacking existing encryption systems using quantum computing and falsification and theft of biometric identifiers, etc., he believes.
In addition, the number of low-level hacker attacks and cyber fraud operations will likely continue to increase in 2024, Bederov believes: “This trend has continued for a decade. The beginning of the SVO only spurred the real growth of such offenses.”
The increase in the number of such attacks is stimulating the growth of the market for commercial malicious software, which can easily be purchased on the darknet, Skulkin notes. This market will continue to grow due to increased demand from attackers, he adds, such tools significantly lower the barrier to entry into cybercrime, make attack tools more accessible and simplify penetration into the corporate perimeter. In addition, there will be more offers of services related to carrying out complex cyber attacks on shadow forums, which will allow less skilled attackers to carry out complex chains of attacks, the expert argues.
“There is a growing supply of training in cyberattack techniques, including malware creation and vulnerability exploitation, in the public domain and on shadow hacker forums. The dark web will continue to serve as a marketplace for as-yet-undiscovered zero-day vulnerabilities. With the growing number of connected devices and the technical complexity of the cloud infrastructure, the demand for such vulnerabilities will continue to increase, and the supply will grow,” warns the BI.ZONE expert.
New cyber threats can manifest themselves in various forms, including advanced viruses and malware, attacks on cloud services, leaks of confidential data, cyber espionage, attacks on Internet devices (Internet of Things), social engineering, etc., Bederov lists. They could target vulnerabilities arising from the introduction of new technologies such as artificial intelligence, autonomous systems or blockchain, he lists.
“Some groups targeting Russian organizations began publishing data about victims on specially created Internet pages in 2023. For example, the Enigma Wolf group, through a similar site, even allowed the victim to buy passwords for decryption, says a BI.ZONE expert. “Financially motivated hackers involved in ransomware attacks in Russia will increasingly use such blackmail tools if companies refuse to pay ransoms.”
Bederov also predicts the growth of hacktivism: “On the one hand, it is objectively dictated by the formation of the information society, digitalization, and increased awareness of the population. On the other hand, potential cybercriminals see the weakness of the law enforcement system, which allows them to choose cybercrime as an acceptable and even acceptable norm of behavior.”
In 2023, attackers attacked Linux systems much more often, although previously there was little interest in them from hackers, Skulkin notes. “However, due to the transition to domestic software in Russia, Linux infrastructures are increasingly becoming the target of attacks. Next year, their number will only continue to grow, and one of the in-demand skills of cybersecurity specialists will be the ability to analyze Linux systems for compromise,” he predicts.
Now many sanctioned applications, primarily from banks, are being removed from official stores, which is why several attack options are emerging, says SafeTech commercial director Daria Verestnikova: for example, fake applications from sanctioned banks are already appearing, where their clients leak all their data and details, and the attacker gains access to them. For official applications that no longer update after being removed, the risk of hacking is significantly higher, she notes. “In addition, bank clients are forced to install mobile applications using a “wire” in branches, i.e., by connecting to the bank teller’s computer. At the same time, the risk of infection of the device from a computer that distributes access to hundreds of bank clients every day increases significantly,” says Verestnikova.
User awareness in the field of cybersecurity is gradually growing, notes Skulkin. That means phishing techniques will become even more sophisticated, including using AI to create more believable scam messages and disguise attacks, he says. “There are more and more proposals for creating turnkey phishing systems, and we will see their growth next year. Increasingly accessible computing resources and advances in AI will lead to increased interest in deepfake attacks. Without advanced verification tools, the authenticity of content will be much more difficult to confirm,” says the expert.
New cyber threats will appear for office systems, the Internet of things, artificial intelligence systems, confirms the words of previous speakers, Deputy Director of the NTI Competence Center “Trusted Interaction Technologies” Ruslan Permyakov. “The use of deepfakes will be especially relevant when calling from banks, prosecutors, etc. It will look like a video call from a friend who asks you to do something urgently. Deepfake technology has become quite accessible, and we may see a new class of fraudulent attacks using this tool,” he concluded.
(c) https://www.vedomosti.ru/technologi...ak-kibermoshenniki-budut-atakovat-v-2024-godu
Let's imagine that a passenger is late for a train to St. Petersburg and tries to purchase a ticket 10 minutes before its departure. There is a queue at the only working cash register, and the machines, for example, do not work. The passenger types in “tickets for Sapsan” into an Internet search engine, then hastily enters his passport information and bank card information on the site that appears first in the search results. But the ticket does not arrive either immediately or later. Is it worth clarifying that the site turns out to be a phishing site and after a few hours it no longer works?
Speaking at the “Territory of Financial Security” conference in mid-November, Ivan Chebeskov, director of the ministry’s financial policy department, said that in April 2023, the director of the administrative department of the Ministry of Finance transferred 3.8 million rubles to a telephone scammer. “We had very high-ranking people in the Ministry of Finance who deal with financial markets and understand, who almost managed to be deceived, because they were caught at certain moments and used certain tricks that were suitable specifically for them at that moment, because they were always on the run, busy. They [the scammers] know how to adapt to this,” Chebeskov said.
Even those who closely follow the reports of cybersecurity specialists fall into such obvious traps. You only need to choose a place and time. Are you in a hurry? Are you upset about something or just tired? Fraudsters are always on the alert, they were just waiting for this moment. Every year they get closer to us, constantly improving their methods to remain undetected until they steal corporate information, personal data, withdraw money or install malicious software on user devices or equipment. So is there a chance to avoid meeting them?
Dry facts
Based on the results of three quarters of 2023, the total number of cases of fraud and cyber attacks on the Internet increased by about 10% compared to 2022, as follows from the quarterly reports of Positive Technologies. This company does not disclose the absolute number of recorded incidents. But, according to another market participant, the Solar company, more than 170 attacks are carried out on Russian resources every day. Solar calculated that in 2023, 445 million lines of confidential information appeared on the network, and the total volume of leaked data was 91.8 TB.92% of attacks on individual users and 37% of attacks on companies used social engineering methods, the Positive Technologies report notes. The purpose of such attacks in the majority (56%) of cases was data theft. Most often, attacks were carried out through fake phishing sites and emails, as well as social networks and instant messengers. The attackers exploited the themes of employment, delivery services, political events and quick money, including through cryptocurrencies.
In 2023, in attacks on bank clients, there was a trend towards a decrease in attacks related only to social engineering or exclusively to the technological component (for example, hacking of a mobile application), notes SafeTech CTO Pavel Melnichenko. At the same time, the most dangerous types of attacks, in particular a combination of social engineering and attacks on the technical component, are being used by attackers more and more often, he knows. The number of such attacks in the financial sector will grow in 2024, Melnichenko warned.
The tactics of attackers become more complex every year. For example, in August 2023, specialists from the American developer company Imperva published a report on a large-scale phishing campaign using more than 800 phishing domains imitating 340 large companies from around the world. According to experts, attackers created high-quality single-page applications in 48 different languages to steal bank card data.
In addition, cybercriminals combined various deception methods in their attacks. For example, the malicious Letscall toolkit, which was used against individuals in South Korea in July, combines both phishing sites and vishing, a phone-based social engineering scam. Cybercriminals were using a fraudulent site that imitated Google Play to distribute spyware. It not only collected information about the infected device, but also redirected calls to a fraudulent call center if the victim noticed suspicious activity and called the bank. The false operator, relying on the information collected by the spyware, reassured the victim and tricked him into obtaining additional data or forcing him to transfer money to a fraudulent account.
What will happen next?
New groups appear every year, and 2024 is guaranteed to be no exception, notes Oleg Skulkin, head of BI.ZONE Threat Intelligence. We should expect an increase in the number of pro-state groups, as well as an increase in the involvement of people without special technical skills in affiliate programs using commercial malware, the expert believes.We will observe a galloping growth of “qualified” cyber fraud, including using existing online platforms for e-commerce, bidding, procurement, hiring employees, etc., warns Igor Bederov, head of the investigation department at T.Hunter, NTI SafeNet market expert. Cyber risks also include gaining unauthorized access to big data from marketing companies, which allows identifying the social portrait of each citizen, hacking existing encryption systems using quantum computing and falsification and theft of biometric identifiers, etc., he believes.
In addition, the number of low-level hacker attacks and cyber fraud operations will likely continue to increase in 2024, Bederov believes: “This trend has continued for a decade. The beginning of the SVO only spurred the real growth of such offenses.”
The increase in the number of such attacks is stimulating the growth of the market for commercial malicious software, which can easily be purchased on the darknet, Skulkin notes. This market will continue to grow due to increased demand from attackers, he adds, such tools significantly lower the barrier to entry into cybercrime, make attack tools more accessible and simplify penetration into the corporate perimeter. In addition, there will be more offers of services related to carrying out complex cyber attacks on shadow forums, which will allow less skilled attackers to carry out complex chains of attacks, the expert argues.
“There is a growing supply of training in cyberattack techniques, including malware creation and vulnerability exploitation, in the public domain and on shadow hacker forums. The dark web will continue to serve as a marketplace for as-yet-undiscovered zero-day vulnerabilities. With the growing number of connected devices and the technical complexity of the cloud infrastructure, the demand for such vulnerabilities will continue to increase, and the supply will grow,” warns the BI.ZONE expert.
New cyber threats can manifest themselves in various forms, including advanced viruses and malware, attacks on cloud services, leaks of confidential data, cyber espionage, attacks on Internet devices (Internet of Things), social engineering, etc., Bederov lists. They could target vulnerabilities arising from the introduction of new technologies such as artificial intelligence, autonomous systems or blockchain, he lists.
All means are good
When choosing an attack target, the geopolitical situation will continue to serve as motivation for hacktivists, Skulkin believes. At the same time, there is a high probability that they will increasingly also have financial motivation at the same time, he warns: to demand a ransom for decryption keys or for non-disclosure of confidential information.“Some groups targeting Russian organizations began publishing data about victims on specially created Internet pages in 2023. For example, the Enigma Wolf group, through a similar site, even allowed the victim to buy passwords for decryption, says a BI.ZONE expert. “Financially motivated hackers involved in ransomware attacks in Russia will increasingly use such blackmail tools if companies refuse to pay ransoms.”
Bederov also predicts the growth of hacktivism: “On the one hand, it is objectively dictated by the formation of the information society, digitalization, and increased awareness of the population. On the other hand, potential cybercriminals see the weakness of the law enforcement system, which allows them to choose cybercrime as an acceptable and even acceptable norm of behavior.”
In 2023, attackers attacked Linux systems much more often, although previously there was little interest in them from hackers, Skulkin notes. “However, due to the transition to domestic software in Russia, Linux infrastructures are increasingly becoming the target of attacks. Next year, their number will only continue to grow, and one of the in-demand skills of cybersecurity specialists will be the ability to analyze Linux systems for compromise,” he predicts.
"Fish" is a fish
The development of machine learning technologies can lead to improvements in phishing attacks and attacks on mobile devices, Bederov believes. With the development of the Internet of Things, there may be an increase in attacks on IoT-related devices, as they can become new targets for cybercriminals, he believes. In addition, the security of mobile devices may also become a more pressing issue as they continue to occupy an important place in people's daily lives, the expert predicts.Now many sanctioned applications, primarily from banks, are being removed from official stores, which is why several attack options are emerging, says SafeTech commercial director Daria Verestnikova: for example, fake applications from sanctioned banks are already appearing, where their clients leak all their data and details, and the attacker gains access to them. For official applications that no longer update after being removed, the risk of hacking is significantly higher, she notes. “In addition, bank clients are forced to install mobile applications using a “wire” in branches, i.e., by connecting to the bank teller’s computer. At the same time, the risk of infection of the device from a computer that distributes access to hundreds of bank clients every day increases significantly,” says Verestnikova.
User awareness in the field of cybersecurity is gradually growing, notes Skulkin. That means phishing techniques will become even more sophisticated, including using AI to create more believable scam messages and disguise attacks, he says. “There are more and more proposals for creating turnkey phishing systems, and we will see their growth next year. Increasingly accessible computing resources and advances in AI will lead to increased interest in deepfake attacks. Without advanced verification tools, the authenticity of content will be much more difficult to confirm,” says the expert.
New cyber threats will appear for office systems, the Internet of things, artificial intelligence systems, confirms the words of previous speakers, Deputy Director of the NTI Competence Center “Trusted Interaction Technologies” Ruslan Permyakov. “The use of deepfakes will be especially relevant when calling from banks, prosecutors, etc. It will look like a video call from a friend who asks you to do something urgently. Deepfake technology has become quite accessible, and we may see a new class of fraudulent attacks using this tool,” he concluded.
(c) https://www.vedomosti.ru/technologi...ak-kibermoshenniki-budut-atakovat-v-2024-godu
