E-crime economy to expand in 2020

2020 will likely continue to see targeted ransomware attacks against local governments and specific industries.

This will potentially be driven by alternate motivations and orchestrated by organised cyber criminal gangs or event nation-state-sponsored threat actors.

CyberInt, a provider of threat intelligence-led detection and response solutions, today released CiPulse 2020, its Annual Threat Landscape Report.

It reveals the growing e-crime economy, the increasing prevalence of attacks in the financial services, retail and government sectors, and in-depth analyses of adversarial tactics, techniques and procedures (TTPs) used against the different regions and industries.

South African government organisations last year endured several ransomware attacks. In July, City Power, the City of Johannesburg’s electricity utility, was hit by a ransomware attack that encrypted its databases, applications and network.

In October, the City of Johannesburg’s network was breached by cyber criminals, resulting in Shadow Kill Hackers – the group behind the hack – demanding ransom of 4.0 Bitcoin.

According to CyberInt, the financial industry is the most targeted industry worldwide, accounting for more than a third of all targeted attacks.

Yesterday, researchers from Kaspersky Lab reported thousands of notifications of attacks on major banks in Sub-Saharan Africa.

The malware used in the attacks indicates the threat actor is most likely to be the notorious Silence hacking group, infamous for the theft of millions of dollars from banks around the world.

This, as last year, South African banks reported falling prey to a wave distributed denial-of-service attacks.

CyberInt says banking Trojans top the most prevalent malware families observed during 2019. It notes that attacks against financial organisations, accounting for a third of all targeted industries, vary widely in capability and sophistication.

While widespread phishing campaigns and specialist banking malware threats target retail bank customers worldwide, the financial industry has increasingly been targeted by highly sophisticated threat actors seeking to compromise backend financial systems that will potentially net millions for organised cyber criminal gangs or nation-state sponsored groups, it explains.

Much like widespread campaigns, the company says, many of the highly sophisticated attacks against the financial industry appear to commence with spear-phishing e-mails and malicious attachments sent to key employees within the target organisation.

Following an initial compromise, these threats establish a foothold from which the threat can pivot, locate and then compromise specific backend systems such as those related to ATM infrastructure.

It adds the retail industry is the third most targeted worldwide, behind manufacturing in the Americas and government targets in Asia-Pacific as well as Europe, Middle East and Africa.

The volume of attacks is increasing due to the sale of “as-a-service” platforms allowing less sophisticated attackers access to more complex tools for as low as several US dollars a month.

The firm points out 2020 will continue to see organisations targeted by organised cyber criminal groups or nation-state-sponsored threat actors.

E-crime groups will continue to focus on big gains by going after large organisations, while nation-state actors will focus on IP theft and will continue to target utility companies and commercial or defence contractors to gain advantage and minimise R&D and manufacturing gaps among nations.

“In-depth understanding of the threat landscape and how threat actors conduct operations are key factors in helping organisations protect their businesses,” says Daniela Perlmutter, VP of marketing for CyberInt.

“Continuously monitoring threats in real-time, as well as investigating and tracking their TTPs and infrastructure, delivers an in-depth perspective of the behaviours and motivations that is critical for threat detection and mitigation.”

CyberInt notes that while highly-sophisticated organised cyber criminal groups and nation-state-sponsored threat actors pose ongoing threats, less sophisticated attacks using the “as-a-service” platforms available in the underground economy are increasing in prevalence, becoming serious threats for enterprises.

“Cyber criminals keep using the same TTPs because they work,” says Adi Peretz, head of research at CyberInt. “Commoditising the attack infrastructure allows less sophisticated threat actors to gain access to more effective tools and poses an increasing risk to organisations’ IT infrastructure.”