Last year was one of the most painful periods for the world economy. In a nutshell, the most important reason is a significant rise in cybercrime. At the same time, the largest financial damage caused by malware programs. The underground market for selling access to corporate networks also grew, and the number of cardings (fraud with bank cards) more than doubled. As a result of the confrontation between various pro-government hacker groups, new players entered the world stage, and some previously known groups resumed their activities.
According to Group-IB, ransomware attacks cost the world more than $1 billion.
During the reporting period, there were registered more than 500 successful ransomware attacks in 45 countries. Both the private and public sectors were affected. Since the attackers are motivated only by financial gain, any company, regardless of its size and industry, can become a victim. However, it is not even about money, but the opportunity to recover from such surprises. If your company is unprotected at all, you have no backups and no action plan, such attacks can not only lead to downtime but also cause work interruption or even closure. Group-IB estimates the total financial loss from cyber blackmail at over $1 billion, but the actual loss can be much higher. Often, victims prefer to keep such incidents silent and pay a ransom quietly. Cybercriminals also do not always publish data from compromised networks.
60% of all known incidents were in the United States. Next are the UK, France, and Germany. Together, they represent about 20% of all ransom attacks. North and South America (without the USA) account for 10%, while the Asian countries for 7%. The top 5 most frequently attacked industries:
– manufacturing industry;
– state agencies;
– health care and construction.
The researchers claim that Maze and REvil encryptors are behind more than half of all successful attacks. In second place are Ryuk, NetWalker, and DoppelPaymer.
What caused such a rise in ransomware attacks? Group-IB identifies two reasons. There is a large number of platforms that bring together the creators of encryption software and cyber criminals involved in the compromise of corporate networks. Weak cybersecurity solutions are also among growth reasons. Many companies use tools that are unable to detect and to block an encryptor at an early stage.
How do cybercriminals cooperate? Cybercriminals who want to use an encryption program buy access to it and then encrypt the devices. After receiving a ransom from the victim, they pay a fixed rate to their “partners”. Experts identify three main ways to gain access to corporate networks: attacks on remote access interfaces (RDP, SSH, VPN), malware, as well as new types of botnets.
Group-IB says that at the end of 2019, cyber-attackers have implemented a new pressure algorithm. They began downloading online all the information about the companies and then blackmail them to increase the chances of receiving a ransom. If the victim refuses to pay the ransom, they risk not only to lose all their data but also to cause leakage.
How much money did they steal from credit cards?
Since last year, the card market has grown by 116% – from $ 880 million to almost $2 billion. Rapid growth applies to both text data (bank card numbers, expiration dates, names of owners, addresses, CVV) and dumps (magnetic stripe data). The maximum price for text data is $150 and $500 per dump.
They collect data mainly by infecting computers with viruses via phishing or by spreading Trojans via POS terminals. And in this world race, the USA leads by the number of compromised bank cards, accounting for more than 92%. Next are India and South Korea.
With the advent of coronavirus in our lives, many switched exclusively to online shopping. The e-commerce channel is the most vulnerable to leaks. Company sites are rarely well protected, and users prefer to use simple passwords.
Phishing attacks are growing
According to Group-IB, the number of phishing web resources has increased by 118% compared to the previous year. The main reason is the global pandemic and lockdown. Web phishing, one of the easiest ways to make money in the cybercrime industry, is not surprising that it attracted those who lost their jobs. Well, the increased demand for online shopping has created a favorable environment for phishers. Сybercriminals have quickly adapted to the new reality.
In a year, the phishers have radically changed their tactics. Processes became more automated, and psychological games – deeper. Now multistage scenarios are used. Scenes are played by actors who rub their trust and only then give dangerous files and links.
According to researchers, most phishing web pages imitate online services (39.6%). Among phishers, it is popular to get user credentials for logging into Microsoft, Netflix, Amazon, eBay, and others. Online services are followed by e-mail (15.6%), financial organizations (15%), cloud storage (14.5%), payment services (6.6%), and bookmakers (2.2%).
Compromised corporate networks reached their peak
Sales of access to compromised corporate networks are growing from year to year but reached their peak in 2020. It is difficult to estimate the size of the market because offers are published on underground forums and rarely when the price is posted. Group-IB monitored such forums and came to the conclusion that the total market size for selling access to corporate networks is $6.2 million, which is four times more than the previous year.
The sale of access to the company’s network is, as a rule, only one of the stages of a cyber attack. Then events can proceed according to the following scenarios: cyber blackmail, data theft with the purpose of their further sale on clandestine forums, or cyber-espionage.