FX.co ★ What threatens the financial sector: Top cybersecurity trends 2018
What threatens the financial sector: Top cybersecurity trends 2018
Main goals of pro-government hackers are sabotage and espionage
Innovations in creating complex viruses, and, in addition, the conduct of multi-stage targeted attacks passed from the financially motivated cybercriminals to pro-government hackers. Their main goal is sabotage and espionage of companies in the energy, nuclear, commercial, water, aviation and other fields.
Financial sector is under threat again
This year a new hacker group, Silence, was uncovered. Besides it, today, MoneyTaker, Lazarus and Cobalt are considered the most dangerous for banks. These groups are able to reach isolated financial systems and withdraw money. Three groups of four are Russian speakers.
Every month in Russia, on average, 1-2 banks are attacked, the average damage from an attack is 132 million rubles ($2 million). The average time for cash withdrawal from an ATM by drops or mules is only 8 minutes.
In total for the period from mid-2017 to the first half of 2018, the damage to the Russian financial sector from hacker attacks amounted to 2.96 billion rubles.
According to Group-IB's forecasts, new cyber groups are more likely to appear in Latin America and Asian countries in the near future, and most likely banks will become the first target.
Bank customers are victims of hacker attacks
A fraud with bank cards, carding, is among the most dangerous threats to individuals. About 686 thousand text data of compromised bank cards and 1.1 million dumps are downloaded monthly in the world for sale in card shops. The total volume of the carding market for the analyzed period amounted to $663 million.
In Russia, the threat from banking Trojans for PC is decreasing. In addition, in the country, the Android-Trojan market has stopped after several years of growth, while on the world stage it continues to evolve.
Web phishing has shown growth this year both internationally and in the Russian market. In Russia, the total number of daily successful phishing attacks increased to 1,274 (previously - 950). In Russia, 251 million rubles were stolen because of web-phishing, which is 6% more than last year.
Cryptoindustry: new markets, old threats
About 56% of all funds stolen from ICO were snatched using phishing attacks. In total, from mid-2017 to the first half of 2018, 14 cryptocurrency exchanges were robbed. The total damage is estimated at more than $882 million. At least five attacks are associated with the activities of North Korean hackers.
Сryptojacking (hidden mining) has developed. Group-IB experts predict that the world's biggest miners can be targeted not only by cybercriminals but also by pro-government attackers. With a certain preparation, this may allow them to take control of 51% of the mining capacity and cryptocurrency itself.
Five successful "51% attacks" were recorded in the first half of 2018: the amount of direct financial damage ranged from $0.55 million to $18 million.
New hacking technologies
Last year, the concern of security experts was related to WannaCry, NotPetya, and BadRabbit. In 2018, the side-channel (attacks on third-party channels) and the vulnerability of microprocessors of various vendors became a new source of global information security threats. With this danger, it is impossible to quickly and effectively close all vulnerabilities.
The BIOS/UEFI vulnerability research advances every year. But to be honest, these weaknesses become known due to leaks and not because of the attacks study. But perhaps in the near future, this situation will change, which will fundamentally influence the approach to cybersecurity.