How Cybersecurity Trends Affect Theft Market
For the 2015-2016 fiscal year in Russia, hackers stole more than 5.5 billion rubles. This is 44% more than last year. The largest share in the total amount of damage was provided by the hacking of Russian banks. So, they lost 2.5 billion rubles, which is four times higher than the same indicator last year.
The total amount of thefts that could be prevented amounted to five billion rubles, said on Thursday the deputy head of the Central Bank's security and information protection department Artem Sychev. This includes individuals, legal entities and banks as such.
The number of cyber attacks on computers of individuals decreased by 83%. For the 2015-2016 fiscal year, they lost 6.4 million. The number of attacks on the Internet banking systems of legal entities halved: they hacked 956 million rubles a year from their hackers.
Significantly affected users of mobile devices based on Android. With the help of special trojans, cybercriminals were able to steal 348.6 million rubles from their accounts in Russian banks over the year.
Experts recorded the largest increase in crime in this area - 471 percent. And the number of users of Android devices infected with viruses has grown to 350 new people a day.
In May, Reuters reported that Russian hackers stole data from 272 million users.
Computer security expert Alex Holden, who was the first to detect attacks on Adobe and JPMorgan, said the hackers carried out the largest cyber attack, as a result of which cybercriminals from the “Russian underworld” received passwords and logins from 272 million accounts.
According to Holden, the Mail.ru mail service suffered more from the attack. Also victims of hackers were email services of American companies Google, Yahoo and Microsoft.
On Thursday, October 13, Moscow hosted the largest Eastern European cyber security conference CyberCrimeCon. Representatives of Interpol and Europol, as well as leading European companies and banks, spoke about the main hacker threats to business and ordinary users of the network.
Fernando Ruiz, head of the special operations department at the European Center for the Fight against Cybercrime, indirectly hinted at the need for closer cooperation between Russia and the West.
Interpol spokesman Nur Azhar Aiyob noted that the very real threat of large-scale network wars should push leading world powers to sign pacts banning the use of cyber weapons.
Interpol’s representative was supported by Group-IB CEO Ilya Sachkov, who called international cooperation a key condition for the success of the fight against hackers: “If we wake up tomorrow and all the states unite, share their big data and the information that the special services have, the problem may well be solved by itself.”
In the meantime, fighters against cyberthreats urged journalists to write less about network criminals: this only attracts attention to them and makes them popular. “Today, being a hacker is glamorous. If a person hacked someone, then everyone immediately admired. But he violated the law, - Sachkov emphasized.
He also noted that 99% of computer crimes are associated with an attempt to make money. However, the goal of the remaining 1% of computer crimes is espionage and cyber terrorism.
In November 2015, Zerodium, a vulnerability search company, publishedHacking prices for a number of products of IT companies. For hacking Safari and Internet Explorer, experts are ready to pay $ 50 thousand to hackers, $ 80 thousand for Google Chrome, and $ 100 thousand for unauthorized access to Android and Windows Phone systems. The most dangerous is the iOS security breach - the hacker will receive $ 500,000 for it.
Meanwhile, China is using a trickier scheme.
The Chinese company ShenZhen Computer Users Association (SZCUA) intends to acquire vulnerabilities from Russian information security engineers on iPhone, Android smartphones and computer browsers.
As representatives of several Russian companies told Kommersant, they were approached by a representative of SZCUA named Robert Nevsky. According to him, SZCUA wants to buy exploits (tools for carrying out attacks on computing systems) that use the so-called “zero-day vulnerabilities” (software bugs that the manufacturer does not know about). For similar programs for the mobile platforms iOS and Android, as well as a number of web applications and browsers, the Chinese are willing to pay from 100 thousand dollars.
At the same time, experts note that the Chinese company is most likely buying up vulnerabilities for government hacker groups, which then use them to create cyber weapons.
In conclusion, we present the facts and forecasts voiced at the conference on information security:
Every day, hackers successfully attack 8 Russian companies, each of which loses an average of 480,000 rubles.
Russian-speaking virus writers are more oriented to foreign markets: to 16 out of 19 Trojans for PCs, which are most actively used for embezzlement around the world, are associated with Russian-speaking criminals.
The growing Internet of Things (IoT) industry is also attracting hackers: IoT devices that are not protected by antiviruses have become the main driver of botnet growth for DDoS attacks.
The range of threats to brands is expanding. Confidence in brands allows you to successfully attack not only individuals but also legal entities.
Successful targeted attacks on banks will continue, and the average amount of damage per successful attack will increase.
There will be more incidents with encryption programs, including encryption of mobile devices.
The number of attacks on industrial facilities will grow; there is a high probability of an attack on a critical infrastructure facility with significant damage.