Russian and Chinese cyber criminals are responsible for the strongest attacks in the second half of 2018. Foreign intelligence agencies report so. They mean both criminal groups interacting with mafia and organizations most likely supported by intelligence agencies of such countries. Such cyber criminal groups as APT28 and APT29 (Advanced Persistent Threat) are involved into espionage, cyber attacks on international governmental agencies, dissemination of false information through social media and mass media, and receive sufficient funding. US-American cyber security specialists insist that these groups are related to Russian intelligence agencies.
On June 8, 2018, Palo Alto’s Unit 42 released a report analysing the activity of Russian APT group Sofacy, also known as Fancy Bear and APT28, during the first half of 2018. Unit 42 identified a lot of simultaneous attacks. Criminals chose organizations of the same kind as their victims and used different attack tools. Recently, the group used Zebrocy (a malware often associated with the Fancy Bear activity, and DDE network exploits to launch a malicious code irrespective of the macros enabling status).
As a rule, Zebrocy infected a PC through a phishing scam letter. The letter contained infected MS Office documents embedded with macros. If employees of a victim company opened the attachment, the virus infected their PC’s.
Initially, criminals attacked several devices of the same organization. However, recent APT28 attacks simultaneously targeted several companies in different countries. Cyber criminals mailed out phishing scam letters to lots of recipient using emails available on the Internet, whereby they chose a victim of their attack at random.
Moreover, APT28 started using DDE exploits (Dynamic Data Exchange - a method of interprocess communication under Microsoft Windows or OS/2) to deliver its malicious code. For example, Unit 42 found one instance where the DDE exploit was used to install Zebrocy. Afterwards - for delivery of malicious software Koadic, which the group had not used before.
Cyber criminal group Сobalt (also called Carbanak) is responsible for cyber attacks on various industries, including financial and medical organizations.
On 1 March 2018, an international investigation team arrested a cyber criminal involved in activities of such units, though it did not hinder the criminals: On 2 May, cyber criminal group Cobalt successfully held a phishing campaign.
Several Chinese attack campaigns also surfaced during the first half of the year. Two greatest of them targeted Western military defence facilities. At first, APT15, a Chinese cyber espionage group, stole sensitive records and information from the UK military. Then Chinese hackers stole over 600GB of data regarding submarines and classified weapon systems from a defence contractor of the U.S. Navy.
In May, an attack against Banco de Chile affected 9,000 computers and corrupted 500 servers, enabling the attackers to steal $10 million dollars via the SWIFT system. It was the first cyber attack ever comprising both an attempt to steal money and complete to destroy a data base. The liability therefor was imposed on North Korea.
Companies of various industries suffered from malware. However, BDO Global reports that the cyber attacks often targeted medical institutions in 2018.
Like in the previous years, most cyber attacks on medical institutions comprised ransomeware or started with letters containing virus-infected files or URLs linking users to a malware code.
This matter is further compounded by adoption of artificial intelligence (AI) and Internet of Things. According to International Data Corporation (IDC), AI investments were projected to reach U.S. $12.5 billion in 2017 alone. Still, it pales in comparison to IoT investments, which were expected to exceed U.S. $800 billion and are forecasted to reach U.S. $1.4 trillion in 2021. Moreover, the number of connected medical devices is currently estimated at $10 billion dollars, and is expected to reach $50 billion dollars within the next 10 years, according to healthcare cybersecurity firm Cynerio.
Obviously, new medical devices need a well-thought and efficient protection. The forecasts say that the healthcare industry will need several years to fully address this matter.
THE BDO CYBER SECURITY GROUP MADE A LIST OF RECOMMENDATIONS FOR COMPANIES:
- Stale alert to cyber attacks. Criminals prefer new cyber attack tools more often than not. Such attacks are most likely to become very frequent and to target all countries and industries without any exception.
- Make an action plan. Develop a step-by-step cyber attack response plan. Please not that several devices of the same network may be targeted simultaneously. Reviewing the implementation of a ‘kill-switch’ for various systems in case of a large-scale and sophisticated, destructive attack is important to consider.
- Plan your resource. As a rule, emergency scenarios receive thrice less funding than needed. In case of emergency, most companies do not or cannot consult high-qualified experts and expert teams. Hence, we strongly recommend that you should plan allocating additional resource in advance.
Sergei Tiunov, a Managing Partner of BDO Unicon Outsourcing, also recommends that you should hold regular cyber safety trainings for your employees. He reports that phishing scam letters are the most frequently used way of attack. Therefore, it is of utmost importance that you should hold trainings and seminars where employees can learn about the sources of threats, about action plans if an incident has taken place (a malicious file was opened, an employee installed software that damaged the system, etc.).
