The number of compromised company data disclosed on the public resources of ransomware operators will continue to grow.
At the beginning of December, at the international conference CyberCrimeCon, the traditional Group-IB report “Hi-Tech Crime Trends” was presented, dedicated to the analysis of current cyber threats to business and the public sector for the period from the second half of 2020 to the first half of 2021. This time, the report was released in five volumes, each of which explores in detail various aspects of the cybercriminal industry: the ransomware market, the sale of access to the network of companies, attacks by pro-government hacker groups (APT), threats to the financial sector, as well as scam and phishing. According to Dmitry Volkov, CEO of Group-IB, the forecasts and recommendations contained in the Hi-Tech Crime Trends reports are aimed at reducing financial losses, infrastructure downtime and taking preventive measures to counter targeted attacks, espionage and cyber-terrorism operations.
Cyber threat number 1
Assessing the cyber threats that caused the greatest damage to organizations in the financial sector and their clients in the period from the second half of 2020 to the first half of 2021, Group-IB specialists identified and analyzed the most serious problem for business, cyber threat No. 1 – ransomware.
Group-IB forecast: the number of compromised company data disclosed on the public resources of ransomware will grow. At the same time, the main industries attacked by ransomware most likely will not change – industry, real estate and transport, since they are the most monetized for cybercriminals.
Access is allowed
The phenomenal growth of ransomware is inextricably linked to another trend – an increase in the number of sellers of access to compromised networks. The total volume of this market was $ 7,165,876, which is 16% more than in the previous period ($ 6,189,388). Such accesses can be used both for conducting targeted attacks and for distributing ransomware and other malicious software. The total number of accesses exposed for the period from the second half of 2020 to the first half of 2021 is 1,099, including 95 facts of sale of accesses in financial sector companies. Most often, access was offered to American banks and financial institutions.
GroupIB forecast: the number of sold accesses to financial companies will increase. This will happen due to the growth of the market for selling accesses. As a result, the number of ransomware attacks on banks and financial companies will also increase.
Carding shrinks
The volume of the world market for carding (underground sales of stolen bank card data in the form of dumps or text) during the study period decreased by 26% – from $ 1.9 billion to $ 1.4 billion. sales by 17% – up to 58 million – due to the closure of the largest cardshop Joker’s Stash. The carding market in the CIS for the first time shrank by 77%, amounting to only $ 270,935 for the reporting period (from the second half of 2020 to the first half of 2021) against $ 1,210,491 in the previous period (from the second half of 2019 to the first half of 2020).
Group-IB Forecast: Carding will become less attractive to cybercriminals. After the closure of many card shops, Group-IB experts expect that the number of bank card sales will gradually decline. First of all, this will affect dump sales.
Threat to online retail
During the reporting period, the number of detected JS sniffer families increased to 98, of which 42 families were active. JS sniffers pose the greatest danger to online commerce companies: over the past year, more than 80,000 bank cards of online store customers were compromised with their help.
GroupIB forecast: JS sniffers will remain the main threat to online retail. This is especially true for small American businesses running CMS Magento, OpenCart. At the same time, the main risks will be associated with fines for violation of security, and not with compensation for damage to customers or reputational losses. The Inter family of sniffers will remain the most widespread.
Scam and phishing
Phishing and fraudulent partner programs (Scamasa-service, Phishingasa-service) became widespread in the reporting period. Initially, they were focused on Russia and the CIS countries. Now in the field of view of GroupIB specialists more and more often come “affiliate programs” aimed at European, Asian, Middle Eastern and American companies. It is known about 71 brands from 36 countries, under which members of such “partnerships” create and distribute phishing. Among the most attacked: marketplaces (69.5%), delivery services (17.2%), ride sharing (car sharing services for travel) – 12.8% and others.
Group-IB forecast: the number of phishing and fraudulent affiliate programs will grow. In the future, cybercriminals will begin to actively develop phishing partnerships for the financial sector. This type of fraud can become a more high-tech replacement for calls from fake call centers. The number of phishing frameworks will also increase – this will also happen because banks are increasingly introducing multi-factor authentication. The Telegram messenger will become the most popular way for cybercriminals to obtain compromised data from phishing sites.
It remains to add that Hi-Tech Crime Trends provides access to the most complete set of strategic data and detailed information about current cyber threats in the world both for organizations fighting cybercrime and for potential victims. The Group-IB team is convinced that the constant exchange of data, the creation and development of partnerships between private companies and international law enforcement agencies is an effective way to combat cybercrime. Conscious cybersecurity will help preserve and protect the global digital empowerment and freedom of communication.