Hacking into bank accounts remains a major threat, but it’s being surpassed by a new generation of aggressive cybercriminals sponsored by the governments of North Korea, Pakistan, China, the U.S., Russia, Iran, and Ukraine, said the Moscow-based provider of cybersecurity solutions, Group-IB in its annual report, Hi-Tech Crime Trends 2018.
Politicians under threat
State officials are also threatened: hacking their home and personal devices is a new trend in espionage. The most active state-sponsored hacker groups are from China, North Korea and Iran, according to Group-IB.
Private bank accounts
In 2018, new hacker groups that target financial institutions were discovered, including one that’s named Silence.
“It’s one of the largest cyber criminal groups threatening banks globally, along with MoneyTaker, Lazarus, and Cobalt,” Group IB said in a statement. “These hackers are able to compromise a bank, penetrate into isolated financial systems, and withdraw money.”
Credit card fraud remains one of the greatest threats to consumers, according to Group IB. Every month, data on about 686,000 compromised bank cards and 1.1 million card dumps are downloaded for sale in “card-shops.” The overall value of the carding industry market over the review period was estimated at $663 million, the report said.
New trojans
Six new PC trojans, such as IcedID, BackSwap, DanaBot, MnuBot, Osiris and Xbot, were discovered in the past 18 months. Source codes for five more have been shared or sold, Group-IB reported.
Phishing for crypto in South Korea
Almost 80 percent of global phishing websites imitating well-known companies are registered in the U.S., followed by France and then Germany.
According to Group-IB’s report, phishing resources mostly concern cloud storage (28 percent), finance (26 percent), and online services (19 percent).
Last year, crypto-markets were one of the main targets of phishing attacks: a total of 14 cryptocurrency exchanges were robbed, suffering losses of $882 million. At least five attacks were linked to North Korean hackers from Lazarus, a state-sponsored group.
“Their victims were mainly in South Korea,” Group IB said. “Following in their footsteps, the most likely cryptocurrency exchange attackers are Silence, MoneyTaker and Cobalt.”
Miners might be targeted
Blockchain is not safe from hackers either. Cryptojacking, or hidden mining, became widespread in 2017–2018, according to Group-IB. After the launch of Coinhive, a hidden mining software, seven more similar software programs have appeared.
Group-IB experts predict that the biggest miners might become the target of state-sponsored groups.
“They can gain control over 51 percent of network mining power and capture control of a cryptocurrency,” Group IB said. Five such attacks in the first quarter of 2018 led to financial losses of about $18 million.
New hacking technologies
A new global IT security threat emerged in early 2018: side-channel attacks and vulnerabilities in gadget microprocessors. Currently, it’s nearly impossible to effectively detect such threats.
“No antivirus software can help when the problem is at the level of hardware,” said Dmitry Volkov, Group-IB’s CTO. “If a device is compromised in such a way, then reinstalling the operating system or even getting rid of the hard disk will not solve the problem. As soon as you are connected to the Internet, a criminal will have full control of that device.”
Not many hackers are capable of carrying out these attacks, but the situation might change, which would transform the approach to cybersecurity in coming years, said Group IB.
The report was presented at the conference, CyberCrimeCon18.