All news

Malicious malware: Lessons learned and what to expect from cyber crime in 2018

Experts believe that this is only the beginning, because in 2018, ransomware attacks will mount.

MOSCOW, January 1. /TASS/. A wave of major cyberattacks swept across Russia in 2017. First in May, the WannaCry virus wreaked havoc on Russian mobile operator Megafon’s retail network and call center. Later in June, Petya (or NotPetya) attacked Russia’s oil major Rosneft at the height of a court battle against investment giant Sistema. October saw another round of cyberattacks with the Bad Rabbit virus stalling Russian media operations, while putting the computer networks of Kiev’s subway system and Odessa’s airport out of whack. All these attacks were structured similarly, since hackers used ransomware, which upon infecting a computer, encrypted files, and then demanded ransom for their decryption.

Experts believe that this is only the beginning, because in 2018, ransomware attacks will mount. "Attacks by WannaCry, NotPetya, Bad Rabbit showed the world how easy it is to make efficient cryptoware capable of disabling servers of organizations in different countries all over the world," Anton Fishman, director of the project direction of Group-IB, told TASS. According to him, before that, no group of cyber fraudsters seeking to steal money had ever conducted attacks this way. "The scale of the disaster, the speed of the contamination and the damage done to its victims will certainly lead to copycats and new attacks from traditional cybercriminals," he said.

However, in the coming year, hackers will pay more attention to attacks on the corporate sector, according to Chief Security Expert at Kaspersky Lab Alexander Gostev. Technical director at ESET Russia Vitaly Zemsky believes that in 2018, the corporate sector should also get ready for a surge in ransomware attacks. "So far, based on the results of the three ‘epidemics’ (WannaCry, NotPetya and Bad Rabbit), I can say that the corporate sector is learning from its mistakes. Companies no longer believe cyber attacks to be an abstract threat and they are ready to invest in up-to-date protection tools, including integrated software products, telemetry services, consulting services,” he said.

Favorite days of the week

Tuesdays and Fridays were particularly inundated with cyberattacks and other problems, a TASS correspondent noted.

The WannaCry attacks were recorded on May 12 - Friday - around the world. That evening, Kaspersky Lab reported 45,000 hacker attempts to attack computers in 74 countries, the bulk of which were recorded in Russia. The virus paralyzed the functions of Megafon sales outlets for several hours, and also affected its call center. The hack did not produce any critical repercussions, however Megafon managed to completely eliminate the consequences of the attack only on May 15, that is, only three days after the fact.

A week later - on Friday, May 19 - Megafon faced the largest failure of the company’s voice communication services in history, which, incidentally, was not connected with the WannaCry attack.

For over a month everything had remained relatively calm, experts were looking for the culprits behind the WannaCry attack (recently, the US authorities officially blamed North Korea). However, on Tuesday, June 27, a new virus attacked Rosneft in the midst of a court hearing on one of the most high-profile cases this year – the oil company’s lawsuit filed against investment giant Sistema.

First, experts called the new "monster" Petya, but then found out the virus was different. The first version of the Petya virus appeared more than a year before the attack and demanded administrator's rights, and was powerless without it. Therefore, Petya teamed up with another virus called Misha, which had administrative rights. This is how the NotPetya virus was born (also known as ExPetr or Petya A), attacking around 80 organizations in Russia and Ukraine.

In December, Petya (or was it "not Petya") was immortalized - a ‘funeral’ monument in the form of a nibbled hard drive over two meters high was installed in front of the entrance to the Skolkovo Technopark. The mastermind behind ​​the monument is the director for marketing and corporate communications of the medical company Invitro, which also suffered an attack from the malware.

Four months later, and it seemed that nobody saw what was coming on Tuesday, October 24. On this ominous day, Bad Rabbit hacked the websites of several Russian media. In particular, as reported by Kaspersky Lab and Group-IB, the information systems of Interfax news agency, as well as the server of the St. Petersburg news portal Fontanka.ru, were attacked. According to Group-IB, hacks began in the afternoon in Ukraine, as the virus struck the computer networks of the Kiev metro, the Ministry of Infrastructure, the international airport of Odessa.

Later, experts from Group-IB and Kaspersky Lab said that the same group of hackers called BlackEnergy was behind the attack of the Bad Rabbit malware and the NotPetya virus. Head of Group-IB Ilya Sachkov told TASS at the time Bad Rabbit also tried to hack into Russia’s top 20 banks, but ultimately failed.

Assault on the blockchain fortress

Traditionally, the goal of the majority of cyberattacks is financial gain, so most often banks are the target. According to ESET, in 2017 the number of attacks against the financial sector has increased nearly 50%. "In 2018, the financial sector will remain among the priority targets of hackers," Zemsky from ESET noted. However, now banks have ‘competitors’ in this respect.

Blockchain technology and cryptocurrencies became one of the main trends of 2017. According to Yandex, cryptocurrency has become the most popular topic for search queries in the category "things and phenomena" this year. Cryptocurrencies, in particular bitcoin, are based on the blockchain technology (a decentralized database, in which storage devices are not connected to a common server). It is believed that the main advantage of blockchain detachment is security, as no one can forge or substitute information recorded in the chain.

However, hackers were able to find a way of access to this "fortress". "The simplest scheme of the attack is to find vulnerabilities on the ICO website and change the wallet address to collect the ‘investment’. This is the way, Israeli CoinDash lost $7.5 mln,” experts in Positive Technologies told TASS.

According to Fishman from Group-IB, a lightning-quick and often quite simple attack on cryptocurrency services and blockchain startups brings cybercriminals "millions of dollars in profit with minimal risk." "According to Chainalysis, hackers managed to steal 10% of all funds invested in ICO projects in Ethereum in 2017. The total damage amounted to almost $225 mln, 30,000 investors lost an average of $7,500," he noted. Director of the project direction at Group-IB specified that hacking cryptocurrency exchanges is conducted in the same way as targeted attacks on banks - hackers use similar and sometimes identical tools, as well as similar tactics.

In 2018, the number of targeted attacks on cryptocurrency services will be greater than this year, Fishman forecasted. "Fraudsters are attracted to the vague legal status of cryptocurrencies and low level of security for cryptocurrency services," Zemsky noted in agreement. Positive Technologies expects an increase of the number of hacking Web applications for blockchain projects due to phishing.

The Internet of Things as a threat to cybersecurity

The Internet of Things penetrates deeper into the daily life of people. However, the widespread use of "smart" devices carries a number of threats - including cyberthreats. According to the forecasts of Kaspersky Lab, in 2018, attackers can go beyond the boundaries of familiar devices and begin actively attacking new Internet-connected systems - for example, cars or medical devices.

Regarding automobiles, cybercriminals can infect a car owner's smartphone and gain control over an application that controls various functions of the vehicle (opening doors, starting the engine and locating the car). Concerning medical devices connected to the Internet, the scale of threats can range from theft of personal medical data to a life-threatening reboot of settings on medical devices (for example, on insulin dispensers), Kaspersky Lab said.

Cybercriminals in 2018 are also likely to continue hacking various home gadgets to create large networks of infected devices (botnets) using them, Kaspersky Lab forecasts. Not only routers and web cameras, but also even thermostats and other "smart" devices in the house fall into this risk zone. Such devices are becoming more powerful, therefore, the opportunities for cybercriminals are increasing, experts said.

In addition, significant efforts by hackers in 2018 will be focused on smartphones and tablets, according to Kaspersky Lab. Cyber criminals will target all possible sources of user money, including cryptowallets and applications with various bonuses. Hackers can also break into computer users and organizations to mine cryptocurrency without the knowledge of the owners, Kaspersky Lab and Positive Technologies noted.

Kaspersky Lab also expects an across-the-board automation of cyberattacks on ATMs. In 2017, malware for ATMs began to be provided as services (ATM malware-as-a-service). According to experts, the next step is full automation of such attacks, a kind of "boxed solution" for stealing money from ATMs. This way, a mini-computer would automatically connect to an ATM to automatically infect and activate malware.

Positive Technologies and Eset also expect to see a surge in attacks on ATMs. "Banks, in turn, will become even more interested in real threats bringing financial losses and will assess risks," according to Positive Technologies.

Experienced cybercriminals in 2018 will conduct innovative and unusual attacks, Gostev from Kaspersky Lab predicted. At the same time, Positive Technologies experts believe that the increased interest of business in building security monitoring centers will become the answer to such intricate attacks. In 2017, around 10 companies started developing such centers. In 2018, the number of the centers will triple, according to Positive Technologies.