Banks, power stations and cryptocurrency exchanges are the most likely targets for hacking in the near future, the cybersecurity company Group-IB said Tuesday, presenting its Hi-Tech Crime Trends 2017 report at a conference.
Ilya Sachkov, CEO of Group-IB, pictured at the Skolkovo Startup Village this summer. Photo: Sk.ru.
Group-IB, a resident startup of the Skolkovo Foundation’s IT cluster that prevents and investigates online fraud and other cybercrime, made its predictions during the CyberCrimeCon conference organised by the company in Moscow.
While banks will remain a common target for cyberattacks, the nature and aim of those attacks is changing, according to Group-IB. In the next year, the main source of losses for banks from cyber-attacks will not be theft of money, but destruction of their IT infrastructure during the final stages of a targeted attack, the company said in its report: if previously, banks were attacked by cybercriminals, today, attacks by state-backed hackers are also frequent.
“By destroying IT infrastructure, cybercriminals will attempt to cover their tracks during thefts, while the aim of state-sponsored hackers will be to maximize the damage to banks and discontinue banking operations,” Group-IB said in a press release.
“In both cases, the damage done to banks may be even greater than the amount of funds stolen due to service interruptions and the resulting reputational and regulatory impact,” the statement said, adding that out of 22 new malicious programmes used to steal funds, 20 (91 percent) were created and are controlled by Russian-speaking hackers.
Despite an overall 35 percent decrease year-on-year, targeted attacks on financial institutions remain cybercriminals’ most profitable revenue stream in the former Soviet Union, according to Group-IB.
Table: Group-IB.
The second major trend predicted by the report is large-scale attacks on industrial facilities, such as power stations, and related core infrastructure.
“Hackers will now successfully attack more industrial facilities, as they have learnt how to work with the ‘logic’ of critical infrastructure,” Group-IB says.
“These facilities use complex and unique IT systems: even if one gains access to them, specific knowledge about the principles of their operation is needed to conduct attacks. Over the past year, we have observed that hackers' competence has increased along with their capacities to impact critical infrastructure,” the company warns.
One such group of hackers targeting financial and energy companies is the BlackEnergy group, Group-IB says.
“The group uses new tools that allow Remote terminal units (RTUs) responsible for the physical opening/closing of power grids to be remotely controlled. Test attacks on power generating companies in the U.K. and Ireland were tracked in the summer of 2017,” the cybersecurity sleuths said in the press release.
Group-IB warns that attacks on power stations and other industrial facilities is on the rise. Photo: Pixabay.
Finally, and unsurprisingly given the recent growth in blockchain technologies and cryptocurrencies, Group-IB predicts more attacks on the crypto-currency industry, carried out not only by financially motivated thieves, but by state-sponsored attackers too.
“The number of threats for cryptocurrency and blockchain projects recorded by our Threat Intelligence system has rocketed alongside the bitcoin rate,” says Dmitry Volkov, head of the Threat Intelligence department, and co-founder of Group-IB.
“Hackers are increasing their focus on the crypto industry (ICO, wallets, exchanges, funds), which have been accumulating increasingly large capitalisations and funds,” the company said in its press release.
“In technical terms, the attacks against service providers in this sector are no more difficult than against banks, however the information security in place and maturity of blockchain companies is significantly lower. A further motivation for criminal attackers is that blockchain technologies are more anonymous and unregulated: this considerably reduces the risk of being caught during money withdrawal,” the company said.
The total damage caused by targeted hacker attacks on the crypto-currency industry amounts to more than $168 million, according to Group-IB.
Other trends predicted in the report are more incidents involving ransomware, theft of confidential information and extortion for non-disclosure, money theft, and incidents of public exposure by non-financially motivated hackers.
“We expect malware developers to be more active in continuing to publish codes of their programmes online,” the company warns.
“In addition, leaks published by The Shadow Brokers [hacker group] and similar organisations will also be immediately used for malware creation and improvement. This will give a powerful boost to the development of the cybercrime industry.”
The full Hi-Tech Crime Trends 2017 report is available to download free of charge on Group-IB’s website.